Jump to content

Recommended Posts

I think a computer at my work has been infected for awhile.  At one point in the past Norton has found trojans; at this point I don't think either Norton or Malwarebytes can detect anything like that. The computer is unable to download anything off the internet, claiming that a virus scan failed. I tried to download something after disabling Norton so I don't think it's a firewall.

 

This is the most recent Malwarebytes scan log that I have.

LOG1-21-15.xml

Link to post
Share on other sites

Hello and welcome!

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

FRST.txt

 

C:\$Recycle.Bin\S-1-5-18\$8b0c8dbb1b2ac8ed528db6ffb1032caf

 

Files to move or delete:

====================

C:\Users\kkaiser\jagex_cl_runescape_LIVE.dat

C:\Users\kkaiser\random.dat

 

 

Some content of TEMP:

====================

C:\Users\bonnie\AppData\Local\Temp\FFB2.exe

C:\Users\brian\AppData\Local\Temp\FFB2.exe

C:\Users\Default\AppData\Local\Temp\FFB2.exe

C:\Users\Default User\AppData\Local\Temp\FFB2.exe

C:\Users\don\AppData\Local\Temp\FFB2.exe

C:\Users\donnie\AppData\Local\Temp\FFB2.exe

C:\Users\guyjr\AppData\Local\Temp\FFB2.exe

C:\Users\heather\AppData\Local\Temp\FFB2.exe

C:\Users\jpaitsel\AppData\Local\Temp\FFB2.exe

C:\Users\kkaiser\AppData\Local\Temp\FFB2.exe

C:\Users\kkaiser\AppData\Local\Temp\MSIZAP.EXE

C:\Users\lmcnamee\AppData\Local\Temp\airA049.exe

C:\Users\lmcnamee\AppData\Local\Temp\airDBA4.exe

C:\Users\lmcnamee\AppData\Local\Temp\FFB2.exe

C:\Users\lmcnamee\AppData\Local\Temp\spiceworks_redist.exe

C:\Users\Nancy.COVMACH\AppData\Local\Temp\FFB2.exe

C:\Users\QBDataServiceUser22\AppData\Local\Temp\FFB2.exe

C:\Users\root\AppData\Local\Temp\FFB2.exe

C:\Users\root\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\root\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\root\AppData\Local\Temp\spiceworks_redist.exe

C:\Users\staff\AppData\Local\Temp\FFB2.exe

C:\Users\temp\AppData\Local\Temp\FFB2.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

LastRegBack: 2015-01-14 00:59

 

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015

Ran by heather at 2015-01-22 09:36:53

Running from F:\

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden

Aatrix Forms for Sage Timberline Office (HKLM\...\{21461F67-7C02-407E-9DF2-EF1752F55142}) (Version: 1.00.0000 - Sage)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)

Adobe Reader 9.3.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)

Anti-phishing Domain Advisor (HKLM\...\Anti-phishing Domain Advisor) (Version: 1.1.0.1 - Visicom Media Inc. (Powered by Panda Security))

Brother MFL-Pro Suite (HKLM\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.00.000 - )

Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Driver Download Manager (HKU\S-1-5-21-2480199604-2480216931-428779891-1002\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)

Dell Driver Download Manager (HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )

hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden

Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)

Kyocera Scanner File Utility (HKLM\...\{61C79AE1-5403-4687-AC68-28BFA5EF3895}) (Version: 3.16.9 - KyoceraMita)

LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)

LogMeIn (HKLM\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)

Lorex Auto Port Forwarding (HKLM\...\Lorex Auto Port Forwarding) (Version: 1.2.0 - Lorex Technology Powered By PcWinTech.com)

Lorex Client 10 (HKLM\...\Lorex Client) (Version: 10 - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

Nortel Digital Mobility Controller 1.00 (HKLM\...\Nortel Digital Mobility Controller_is1) (Version:  - Nortel)

Office Connector (Remove Only) (HKLM\...\Office Connector) (Version:  - )

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

Outlook on the Desktop 2.0.2 (HKLM\...\{6D9785D9-FF53-4C06-9C2A-E4173D41A2FD}_is1) (Version:  - Michael Scrivo)

PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)

Pervasive PSQL v10 SP3 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP3 Workgroup (32-bit)) (Version: 10.30.013 - Pervasive Software)

Pervasive PSQL v10 SP3 Workgroup (32-bit) (Version: 10.30.013 - Pervasive Software) Hidden

PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)

QuickBooks (Version: 22.0.4015.2206 - Intuit Inc.) Hidden

QuickBooks Premier: Contractor Edition 2012 (HKLM\...\{2556333D-27B8-4CCE-9DC3-A6CC382F3409}) (Version: 22.0.4015.2206 - Intuit Inc.)

Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)

Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)

Sage Installation Manager CLIENT programs (HKLM\...\{71715DF4-3167-489A-B843-9EEFC71D97E8}) (Version: 2.0.0.0 - Sage)

Sage Installation Manager SERVER programs (HKLM\...\{D1E91805-6812-47AD-AB94-47F87AE50B60}) (Version: 2.0.0.0 - Sage)

Sage Timberline Office Accounting Client (HKLM\...\{C378651D-4F97-450E-9D33-8AF8C02FC287}) (Version: 9.7.0 - Sage)

Sage Timberline Office Payroll Tax Reports (Version: 6.14.16 - Sage Software) Hidden

SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)

Symantec Endpoint Protection (HKLM\...\{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}) (Version: 11.0.6000.550 - Symantec Corporation)

TurboMeeting (HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\TurboMeeting) (Version: 3.0.305 - RHUB Communications, Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

 

==================== Restore Points  =========================

 

22-01-2015 08:13:51 Pre Virus Scan

22-01-2015 08:49:10 Windows Backup

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:04 - 2012-04-06 06:33 - 00001805 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {3D887A08-BD96-4C91-A856-42DE6B7D8AEF} - System32\Tasks\{1A40B363-A1BE-4F22-8112-4B9834778DE4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Intuit\QuickBooks 2009\QBW32PremierContractor.exe"

Task: {58F62408-BE3B-4E03-AD85-9537485A2A48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)

Task: {72FEB3C5-E90C-45C7-BFE8-1F7CDB036819} - System32\Tasks\{4EBFF532-6BE6-49B5-8665-708B96729CD0} => pcalua.exe -a "C:\Users\kkaiser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4WUJNQ2X\QuickBooksPro2011.exe" -d C:\Users\kkaiser\Desktop

Task: {8139D077-C14B-485A-9F1E-89A8D2C98F9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)

Task: {98636363-5226-48FA-B833-221672BFDC9F} - System32\Tasks\{29838F4C-EBCD-43AB-AA50-AE359D05D18E} => pcalua.exe -a "C:\Users\kkaiser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K1Q8P4Q\Setup_QuickBooksPremier2012.exe" -d C:\Users\kkaiser\Desktop

Task: {A4B9E0AB-06A7-47F0-84AA-25DE588ABCE8} - System32\Tasks\{C9A857A8-803D-475F-A7A7-40A1B40A2930} => pcalua.exe -a D:\setup.exe -d D:\

Task: {BD1622EC-A155-41E1-B1FC-918028FCF303} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-09-24 09:38 - 2012-08-31 14:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL

2012-08-27 14:40 - 2001-10-28 15:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll

2014-09-24 09:38 - 2012-08-31 14:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL

2012-12-24 05:53 - 2012-12-24 05:53 - 00081920 _____ () C:\Windows\system32\mvusbews.DLL

2010-04-14 03:01 - 2010-04-14 03:01 - 00015144 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe

2010-04-14 03:01 - 2010-04-14 03:01 - 00065320 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.Core.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00068904 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00021800 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProductPluginManager.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00015656 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.DesktopNotification.Service.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00014632 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProducts.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00016168 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.ServerCallbackService.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00015656 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProductPluginWrapper.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00011560 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.ClientShared.dll

2010-04-14 03:01 - 2010-04-14 03:01 - 00015656 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe

2010-04-14 03:01 - 2010-04-14 03:01 - 00129832 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.Core.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00068904 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00012584 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ClientDownloadService.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00011560 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.ClientShared.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00016168 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ClientManagerService.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00018216 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ManagementConsoleService.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00013096 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.ManagementConsoleShared.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00020776 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.ManagedServerProductPluginManager.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00012584 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.ManagedServerProducts.dll

2010-04-14 03:01 - 2010-04-14 03:01 - 00038696 _____ () C:\Program Files\Sage\SIM\Client\SimNotify.exe

2010-04-14 03:01 - 2010-04-14 03:01 - 00033064 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.DesktopNotification.ClientLibrary.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.dll

2012-12-06 13:10 - 2012-12-06 13:10 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00380744 _____ () C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00138568 _____ () C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00176968 _____ () C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00042824 _____ () C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll

2010-09-22 01:25 - 2000-11-09 10:17 - 00190464 _____ () C:\Program Files\Kyocera\FileUtility\HgTiff2Pdf.dll

2015-01-14 02:45 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll

2015-01-14 02:45 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll

2015-01-14 02:45 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll

2015-01-14 02:45 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

administrator (S-1-5-21-2480199604-2480216931-428779891-500 - Administrator - Enabled) => C:\Users\localroot

Guest (S-1-5-21-2480199604-2480216931-428779891-501 - Limited - Disabled)

QBDataServiceUser22 (S-1-5-21-2480199604-2480216931-428779891-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser22

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/22/2015 08:47:51 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/22/2015 08:47:51 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/22/2015 08:47:51 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/22/2015 07:52:50 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Got unexpected error 5 in call to NetShareGetInfo for path \\covmach-srvr1\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW

 

Error: (01/22/2015 07:52:48 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Got unexpected error 5 in call to NetShareGetInfo for path \\covmach-srvr1\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW

 

Error: (01/22/2015 07:38:00 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Got unexpected error 5 in call to NetShareGetInfo for path \\covmach-srvr1\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW

 

Error: (01/22/2015 07:32:20 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/22/2015 07:32:20 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/22/2015 07:32:20 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/21/2015 08:20:08 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Got unexpected error 5 in call to NetShareGetInfo for path \\covmach-srvr1\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW

 

 

System errors:

=============

Error: (01/22/2015 09:34:05 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Error: (01/22/2015 09:34:05 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Error: (01/22/2015 09:34:04 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Error: (01/22/2015 09:34:04 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Error: (01/22/2015 08:45:29 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )

Description: Unexpected failure. Error code: D@01010004

 

Error: (01/22/2015 08:45:28 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )

Description: Unexpected failure. Error code: D@01010004

 

Error: (01/22/2015 08:42:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn service to connect.

 

Error: (01/22/2015 08:41:03 AM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

 

Error: (01/22/2015 08:41:01 AM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

 

Error: (01/22/2015 08:40:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Computer Browser service terminated with the following error: 

%%1060

 

 

Microsoft Office Sessions:

=========================

Error: (10/10/2011 11:53:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17859 seconds with 3000 seconds of active time.  This session ended with a crash.

 

Error: (11/10/2010 03:56:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18959 seconds with 600 seconds of active time.  This session ended with a crash.

 

Error: (10/21/2010 07:11:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1813 seconds with 480 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2011-08-31 15:02:12.312

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-08-31 14:31:24.918

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-08-31 14:24:49.266

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-08-31 14:13:38.426

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-08-11 14:30:59.554

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-21 19:40:33.445

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-21 19:25:50.540

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-21 19:13:26.313

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-21 18:55:26.405

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-20 21:57:07.929

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz

Percentage of memory in use: 42%

Total physical RAM: 3070.99 MB

Available physical RAM: 1767.41 MB

Total Pagefile: 7674.28 MB

Available Pagefile: 6107.06 MB

Total Virtual: 2047.88 MB

Available Virtual: 1912.48 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:148.91 GB) (Free:82.91 GB) NTFS

Drive f: () (Removable) (Total:7.26 GB) (Free:6.83 GB) FAT32

Drive g: (DATA) (Network) (Total:365.7 GB) (Free:227.09 GB) NTFS

Drive p: (DATA) (Network) (Total:365.7 GB) (Free:227.09 GB) NTFS

Drive q: (DATA) (Network) (Total:365.7 GB) (Free:227.09 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A42D04A3)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites

Let's check.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.

ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.
Please include the content of CKFiles.txt in your next reply.
Link to post
Share on other sites

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015

Ran by heather (administrator) on COVMACH-PC3 on 22-01-2015 11:10:55

Running from F:\

Loaded Profiles: QBDataServiceUser22 & heather (Available profiles: QBDataServiceUser22 & administrator & brian & nancy & don & bonnie & donnie & guyjr & heather & Temp & root)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(Cisco WebEx LLC) C:\Windows\System32\atashost.exe

(HP) C:\Windows\System32\HPSIsvc.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

() C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe

() C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe

() C:\Program Files\Sage\SIM\Client\SimNotify.exe

(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE

(KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe

(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe

(Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)

HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-01-25] (Symantec Corporation)

HKLM\...\Run: [simNotify.exe] => C:\Program Files\Sage\SIM\Client\SimNotify.exe [38696 2010-04-14] ()

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)

HKLM\...\Run: [sSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)

HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)

HKLM\...\Run: [indexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)

HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-2480199604-2480216931-428779891-1002\...\MountPoints2: {de1ecb98-b206-11df-8e9c-806e6f6e6963} - D:\setup.exe

HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {72d8539a-2e81-11e4-9508-002564d38afb} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a

HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {a177789a-b023-11e3-a863-002564d38afb} - E:\MotorolaDeviceManagerSetup.exe -a

HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {d651e919-4342-11e4-87fa-002564d38afb} - E:\SISetup.exe

HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3918117171-1918430931-2789110331-1134\$8b0c8dbb1b2ac8ed528db6ffb1032caf\n. ATTENTION! ====> ZeroAccess?

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk

ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015

Ran by heather at 2015-01-22 11:11:20

Running from F:\

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden

Aatrix Forms for Sage Timberline Office (HKLM\...\{21461F67-7C02-407E-9DF2-EF1752F55142}) (Version: 1.00.0000 - Sage)

Brother MFL-Pro Suite (HKLM\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.00.000 - )

Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Driver Download Manager (HKU\S-1-5-21-2480199604-2480216931-428779891-1002\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)

Dell Driver Download Manager (HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )

hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden

Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)

Kyocera Scanner File Utility (HKLM\...\{61C79AE1-5403-4687-AC68-28BFA5EF3895}) (Version: 3.16.9 - KyoceraMita)

LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)

LogMeIn (HKLM\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)

Lorex Auto Port Forwarding (HKLM\...\Lorex Auto Port Forwarding) (Version: 1.2.0 - Lorex Technology Powered By PcWinTech.com)

Lorex Client 10 (HKLM\...\Lorex Client) (Version: 10 - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

Nortel Digital Mobility Controller 1.00 (HKLM\...\Nortel Digital Mobility Controller_is1) (Version:  - Nortel)

Office Connector (Remove Only) (HKLM\...\Office Connector) (Version:  - )

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

Outlook on the Desktop 2.0.2 (HKLM\...\{6D9785D9-FF53-4C06-9C2A-E4173D41A2FD}_is1) (Version:  - Michael Scrivo)

PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)

Pervasive PSQL v10 SP3 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP3 Workgroup (32-bit)) (Version: 10.30.013 - Pervasive Software)

Pervasive PSQL v10 SP3 Workgroup (32-bit) (Version: 10.30.013 - Pervasive Software) Hidden

PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)

QuickBooks (Version: 22.0.4015.2206 - Intuit Inc.) Hidden

QuickBooks Premier: Contractor Edition 2012 (HKLM\...\{2556333D-27B8-4CCE-9DC3-A6CC382F3409}) (Version: 22.0.4015.2206 - Intuit Inc.)

Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)

Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)

Sage Installation Manager CLIENT programs (HKLM\...\{71715DF4-3167-489A-B843-9EEFC71D97E8}) (Version: 2.0.0.0 - Sage)

Sage Installation Manager SERVER programs (HKLM\...\{D1E91805-6812-47AD-AB94-47F87AE50B60}) (Version: 2.0.0.0 - Sage)

Sage Timberline Office Accounting Client (HKLM\...\{C378651D-4F97-450E-9D33-8AF8C02FC287}) (Version: 9.7.0 - Sage)

Sage Timberline Office Payroll Tax Reports (Version: 6.14.16 - Sage Software) Hidden

SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)

Symantec Endpoint Protection (HKLM\...\{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}) (Version: 11.0.6000.550 - Symantec Corporation)

TurboMeeting (HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\TurboMeeting) (Version: 3.0.305 - RHUB Communications, Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

 

==================== Restore Points  =========================

 

22-01-2015 08:13:51 Pre Virus Scan

22-01-2015 08:49:10 Windows Backup

22-01-2015 10:15:52 Removed Adobe Acrobat X Pro - English, Français, Deutsch.

22-01-2015 10:21:48 Removed Adobe Reader 9.3.4.

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:04 - 2012-04-06 06:33 - 00001805 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {3D887A08-BD96-4C91-A856-42DE6B7D8AEF} - System32\Tasks\{1A40B363-A1BE-4F22-8112-4B9834778DE4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Intuit\QuickBooks 2009\QBW32PremierContractor.exe"

Task: {72FEB3C5-E90C-45C7-BFE8-1F7CDB036819} - System32\Tasks\{4EBFF532-6BE6-49B5-8665-708B96729CD0} => pcalua.exe -a "C:\Users\kkaiser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4WUJNQ2X\QuickBooksPro2011.exe" -d C:\Users\kkaiser\Desktop

Task: {8139D077-C14B-485A-9F1E-89A8D2C98F9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)

Task: {98636363-5226-48FA-B833-221672BFDC9F} - System32\Tasks\{29838F4C-EBCD-43AB-AA50-AE359D05D18E} => pcalua.exe -a "C:\Users\kkaiser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K1Q8P4Q\Setup_QuickBooksPremier2012.exe" -d C:\Users\kkaiser\Desktop

Task: {A4B9E0AB-06A7-47F0-84AA-25DE588ABCE8} - System32\Tasks\{C9A857A8-803D-475F-A7A7-40A1B40A2930} => pcalua.exe -a D:\setup.exe -d D:\

Task: {BD1622EC-A155-41E1-B1FC-918028FCF303} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-04-14 03:01 - 2010-04-14 03:01 - 00015144 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe

2010-04-14 03:01 - 2010-04-14 03:01 - 00065320 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.Core.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00068904 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00021800 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProductPluginManager.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00015656 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.DesktopNotification.Service.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00014632 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProducts.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00016168 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.ServerCallbackService.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00015656 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProductPluginWrapper.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00011560 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.ClientShared.dll

2010-04-14 03:01 - 2010-04-14 03:01 - 00015656 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe

2010-04-14 03:01 - 2010-04-14 03:01 - 00129832 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.Core.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00068904 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00012584 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ClientDownloadService.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00011560 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.ClientShared.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00016168 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ClientManagerService.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00018216 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ManagementConsoleService.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00013096 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.ManagementConsoleShared.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00020776 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.ManagedServerProductPluginManager.dll

2010-04-14 03:00 - 2010-04-14 03:00 - 00012584 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.ManagedServerProducts.dll

2010-04-14 03:01 - 2010-04-14 03:01 - 00038696 _____ () C:\Program Files\Sage\SIM\Client\SimNotify.exe

2010-04-14 03:01 - 2010-04-14 03:01 - 00033064 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.DesktopNotification.ClientLibrary.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.dll

2012-12-06 13:10 - 2012-12-06 13:10 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00380744 _____ () C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00138568 _____ () C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00176968 _____ () C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00042824 _____ () C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll

2013-11-08 08:49 - 2013-11-08 08:49 - 00121672 _____ () C:\Program Files\Intuit\QuickBooks 2012\ReportBridge.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00070472 _____ () C:\Program Files\Intuit\QuickBooks 2012\QB2WPFBridge.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00400200 _____ () C:\Program Files\Intuit\QuickBooks 2012\FeaturesBridge.dll

2013-11-08 08:49 - 2013-11-08 08:49 - 00110920 _____ () C:\Program Files\Intuit\QuickBooks 2012\Webification.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00083272 _____ () C:\Program Files\Intuit\QuickBooks 2012\IPDWidgetBridge.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00093512 _____ () C:\Program Files\Intuit\QuickBooks 2012\IPDWidgetInterop.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00058184 _____ () C:\Program Files\Intuit\QuickBooks 2012\htmlhelper.dll

2010-09-22 01:25 - 2000-11-09 10:17 - 00190464 _____ () C:\Program Files\Kyocera\FileUtility\HgTiff2Pdf.dll

2015-01-14 02:45 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll

2015-01-14 02:45 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll

2015-01-14 02:45 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll

2015-01-14 02:45 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

2014-09-24 09:38 - 2012-08-31 14:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL

2012-08-27 14:40 - 2001-10-28 15:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll

2014-09-24 09:38 - 2012-08-31 14:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

administrator (S-1-5-21-2480199604-2480216931-428779891-500 - Administrator - Enabled) => C:\Users\localroot

Guest (S-1-5-21-2480199604-2480216931-428779891-501 - Limited - Disabled)

QBDataServiceUser22 (S-1-5-21-2480199604-2480216931-428779891-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser22

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/22/2015 10:57:52 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Got unexpected error 5 in call to NetShareGetInfo for path \\covmach-srvr1\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW

 

Error: (01/22/2015 10:57:50 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Got unexpected error 5 in call to NetShareGetInfo for path \\covmach-srvr1\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW

 

Error: (01/22/2015 10:57:46 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Got unexpected error 5 in call to NetShareGetInfo for path \\covmach-srvr1\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW

 

Error: (01/22/2015 10:57:21 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

DMError Information:-6072Additional Info:The user you are trying to log in with is already logged from another machine.

 

Error: (01/22/2015 10:57:21 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Error creating connection 0 in DBConnPool::init().

 

Error: (01/22/2015 10:57:21 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

CON=QBConn\10.20.51.10\22\0\4\15\851-482\5140-7785-7652-566\5\0\1\55348\10.20.51.253;;DBF=D:\netshare\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW;CommLinks="tcpip(IP=10.20.51.253;DOBROADCAST=NONE;port=55348)";ServerName=QB_COVMACH-SRVR1_22;DBN=62de0b39ddb34293814a83c18ac8805c;CharSet=none

 

Error: (01/22/2015 10:57:21 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Connection Error:RAISERROR executed: User already logged in from another instance of QuickBooks.

 

Error: (01/22/2015 10:57:21 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

DBConnPool::HandleConnectionError errorCode:-6072, dbCode:-99000 from file:'.\.\src\ConnPool.cpp' at line 1335 from function:'DBMgr::DBConnPool::CreateConnection'

 

Error: (01/22/2015 10:57:21 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

Got unexpected error 5 in call to NetShareGetInfo for path \\covmach-srvr1\Accounting\QB CURRENT LIVE\Covington Machine and Welding12GOOD ONE, Inc 10 23 14.QBW

 

Error: (01/22/2015 10:57:15 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks: Premier Contractor Edition 2012":

DMError Information:-6069Additional Info:An Invalid Id or password was specified.

 

 

System errors:

=============

Error: (01/22/2015 11:01:54 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR4.

 

Error: (01/22/2015 09:34:05 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Error: (01/22/2015 09:34:05 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Error: (01/22/2015 09:34:04 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Error: (01/22/2015 09:34:04 AM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR2.

 

Error: (01/22/2015 08:45:29 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )

Description: Unexpected failure. Error code: D@01010004

 

Error: (01/22/2015 08:45:28 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )

Description: Unexpected failure. Error code: D@01010004

 

Error: (01/22/2015 08:42:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn service to connect.

 

Error: (01/22/2015 08:41:03 AM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

 

Error: (01/22/2015 08:41:01 AM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

 

 

Microsoft Office Sessions:

=========================

Error: (10/10/2011 11:53:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17859 seconds with 3000 seconds of active time.  This session ended with a crash.

 

Error: (11/10/2010 03:56:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18959 seconds with 600 seconds of active time.  This session ended with a crash.

 

Error: (10/21/2010 07:11:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1813 seconds with 480 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2011-08-31 15:02:12.312

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-08-31 14:31:24.918

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-08-31 14:24:49.266

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-08-31 14:13:38.426

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-08-11 14:30:59.554

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-21 19:40:33.445

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-21 19:25:50.540

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-21 19:13:26.313

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-21 18:55:26.405

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2011-06-20 21:57:07.929

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz

Percentage of memory in use: 49%

Total physical RAM: 3070.99 MB

Available physical RAM: 1559.48 MB

Total Pagefile: 7674.28 MB

Available Pagefile: 5901.78 MB

Total Virtual: 2047.88 MB

Available Virtual: 1925.79 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:148.91 GB) (Free:84.83 GB) NTFS

Drive f: () (Removable) (Total:7.26 GB) (Free:7.26 GB) FAT32

Drive g: (DATA) (Network) (Total:365.7 GB) (Free:227.06 GB) NTFS

Drive p: (DATA) (Network) (Total:365.7 GB) (Free:227.06 GB) NTFS

Drive q: (DATA) (Network) (Total:365.7 GB) (Free:227.06 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A42D04A3)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

 

==================== End Of Log ============================

 

CKScanner

 


CKScanner 2.4 - Additional Security Risks - These are not necessarily bad

c:\temp\kyocera kx 5.1.1405\32bit\2000 and newer\kmstmnet.exe

c:\temp\kyocera kx 5.1.1405\32bit\2000 and newer\kmstmnw.exe

c:\temp\kyocera kx 5.1.1405\32bit\2000 and newer\kmstmvm.exe

c:\windows\system32\driverstore\filerepository\oemsetup.inf_x86_neutral_13601a3d916ea689\kmstmnet.exe

c:\windows\system32\driverstore\filerepository\oemsetup.inf_x86_neutral_13601a3d916ea689\kmstmnw.exe

c:\windows\system32\driverstore\filerepository\oemsetup.inf_x86_neutral_13601a3d916ea689\kmstmvm.exe

c:\windows\system32\driverstore\filerepository\oemsetup.inf_x86_neutral_1bde2fef331a0aaa\kmstmnet.exe

c:\windows\system32\driverstore\filerepository\oemsetup.inf_x86_neutral_1bde2fef331a0aaa\kmstmnw.exe

c:\windows\system32\driverstore\filerepository\oemsetup.inf_x86_neutral_1bde2fef331a0aaa\kmstmvm.exe

c:\windows\system32\spool\drivers\w32x86\3\kmstmnet.exe

c:\windows\system32\spool\drivers\w32x86\3\kmstmnw.exe

c:\windows\system32\spool\drivers\w32x86\3\kmstmvm.exe

hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net

hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net

scanner sequence 3.ZZ.11.RLNAO0

 ----- EOF ----- 

 


 

Link to post
Share on other sites

Sorry, I'll re-post it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by heather (administrator) on COVMACH-PC3 on 22-01-2015 11:10:55
Running from F:\
Loaded Profiles: QBDataServiceUser22 & heather (Available profiles: QBDataServiceUser22 & administrator & brian & nancy & don & bonnie & donnie & guyjr & heather & Temp & root)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
() C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
() C:\Program Files\Sage\SIM\Client\SimNotify.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
(KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-01-25] (Symantec Corporation)
HKLM\...\Run: [simNotify.exe] => C:\Program Files\Sage\SIM\Client\SimNotify.exe [38696 2010-04-14] ()
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [sSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [indexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2480199604-2480216931-428779891-1002\...\MountPoints2: {de1ecb98-b206-11df-8e9c-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {72d8539a-2e81-11e4-9508-002564d38afb} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {a177789a-b023-11e3-a863-002564d38afb} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {d651e919-4342-11e4-87fa-002564d38afb} - E:\SISetup.exe
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3918117171-1918430931-2789110331-1134\$8b0c8dbb1b2ac8ed528db6ffb1032caf\n. ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
ShortcutTarget: Start Pervasive PSQL Workgroup Engine.lnk -> C:\Windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2480199604-2480216931-428779891-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-2480199604-2480216931-428779891-1002 -> DefaultScope {33EF4EAC-A7B8-4412-9B8A-52BAFD2C99B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2480199604-2480216931-428779891-1002 -> {33EF4EAC-A7B8-4412-9B8A-52BAFD2C99B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134 -> DefaultScope {33EF4EAC-A7B8-4412-9B8A-52BAFD2C99B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134 -> {33EF4EAC-A7B8-4412-9B8A-52BAFD2C99B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://www.napaaccount.com/rfmweb/LTOCX13N.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0F2A1A69-1783-4EA8-8D52-AB2634F281F0} http://www.napaaccount.com/rfmweb/RegOcx.CAB
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{AE80347B-6F4F-4509-8E83-663F6A6981B2}: [NameServer] 10.20.51.253
 
FireFox:
========
FF ProfilePath: C:\Users\heather\AppData\Roaming\Mozilla\Firefox\Profiles\akxuj8sj.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Extension: No Name - C:\Program Files\acrobat\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [Not Found]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-21]
CHR Extension: (Google Drive) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-21]
CHR Extension: (Google Search) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-21]
CHR Extension: (Google Wallet) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-21]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atashost; C:\Windows\system32\atashost.exe [136784 2012-12-19] (Cisco WebEx LLC)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-01-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-01-25] (Symantec Corporation)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-06] (Intuit Inc.) [File not signed]
R3 QuickBooksDB22; C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe [679936 2012-12-06] (Intuit, Inc.) [File not signed]
S2 Sage.LS1.ServiceHost.1.0; C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe [107816 2010-04-07] (Timberline Software Corp.)
R2 SageInstMgrClient; C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe [15144 2010-04-14] ()
R2 SageInstMgrServer; C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe [15656 2010-04-14] ()
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1881368 2010-04-10] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [349512 2010-04-01] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1822296 2010-04-01] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-12-18] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2010-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-03-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2010-08-27] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 09:34 - 2015-01-22 11:10 - 00000000 ____D () C:\FRST
2015-01-14 23:03 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 23:03 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 23:02 - 2014-12-11 12:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:16 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:16 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:16 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-06 08:11 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Local\LogMeIn
2015-01-06 08:11 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Local\Intuit
2015-01-06 08:11 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Local\antiphishing-vmninternethelper1_1dn
2015-01-06 08:11 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Local\Adobe
2015-01-06 08:10 - 2015-01-06 08:11 - 00121096 _____ () C:\Users\temp\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-06 08:10 - 2015-01-06 08:10 - 00002207 _____ () C:\Users\temp\Desktop\Google Chrome.lnk
2015-01-06 08:10 - 2015-01-06 08:10 - 00000000 ____D () C:\Users\temp\AppData\Local\Google
2015-01-06 08:09 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Adobe
2015-01-06 08:09 - 2015-01-06 08:10 - 00000000 ____D () C:\Users\temp
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ___RD () C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ___RD () C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\Office Genuine Advantage
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Roxio Log Files
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Roxio
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Mozilla
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Malwarebytes
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Macromedia
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\CyberLink
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Local\Symantec
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Local\PowerDVD DX
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Local\Mozilla
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Local\Apps\2.0
2015-01-06 08:09 - 2010-08-27 12:21 - 00001812 _____ () C:\Users\temp\Desktop\Microsoft Office 2007.lnk
2015-01-06 08:09 - 2010-08-27 12:16 - 00000000 ____D () C:\Users\temp\AppData\Local\Microsoft Help
2015-01-06 08:09 - 2010-08-27 11:39 - 00000000 ____D () C:\Users\temp\AppData\Local\Deployment
2015-01-06 08:09 - 2010-08-27 10:27 - 00001413 _____ () C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-06 08:09 - 2010-08-27 10:27 - 00000020 ___SH () C:\Users\temp\ntuser.ini
2015-01-06 08:09 - 2010-08-27 10:27 - 00000000 ____D () C:\Users\temp\AppData\Local\VirtualStore
2015-01-06 08:09 - 2009-07-13 23:42 - 00001304 _____ () C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 10:57 - 2013-01-02 11:12 - 00120704 _____ () C:\Users\heather\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 10:43 - 2010-10-05 11:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 10:28 - 2010-09-14 14:50 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-22 10:24 - 2012-08-27 09:45 - 00000000 ____D () C:\ProgramData\Anti-phishing Domain Advisor
2015-01-22 10:23 - 2013-01-02 11:13 - 00000000 ____D () C:\Users\heather\AppData\Local\Adobe
2015-01-22 10:23 - 2010-09-14 14:12 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-22 10:23 - 2010-09-14 14:11 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-22 09:44 - 2010-08-27 13:16 - 01715779 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 08:49 - 2009-07-13 23:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 08:49 - 2009-07-13 23:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 08:47 - 2010-10-05 11:26 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 08:43 - 2014-12-12 09:55 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-22 08:43 - 2014-12-12 09:55 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-22 08:40 - 2011-08-31 19:10 - 00047517 _____ () C:\Windows\setupact.log
2015-01-22 08:40 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 08:28 - 2010-08-27 11:24 - 00159920 _____ () C:\Windows\PFRO.log
2015-01-22 08:18 - 2010-08-27 13:23 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 07:51 - 2014-12-12 09:55 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-21 08:10 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-20 16:03 - 2014-12-12 10:49 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 12:58 - 2014-12-08 11:24 - 00007606 _____ () C:\Users\heather\AppData\Local\resmon.resmoncfg
2015-01-15 03:11 - 2014-12-12 09:55 - 00000000 ____D () C:\Program Files\LogMeIn
2015-01-15 03:07 - 2014-12-11 11:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2010-08-27 11:03 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 11:30 - 2014-12-12 09:55 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-13 11:30 - 2014-12-12 09:55 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-13 11:30 - 2014-12-12 09:55 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-09 11:39 - 2014-09-24 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-09 11:39 - 2014-09-24 09:27 - 00000000 ____D () C:\Program Files\HP
2015-01-09 11:37 - 2012-07-18 09:27 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-06 08:10 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
 
==================== Files in the root of some directories =======
2014-10-23 10:07 - 2014-10-23 10:07 - 0027115 _____ () C:\Users\heather\AppData\Roaming\UserTile.png
2013-01-03 10:11 - 2013-01-03 10:11 - 0004096 ____H () C:\Users\heather\AppData\Local\keyfile3.drm
2014-12-08 11:24 - 2015-01-15 12:58 - 0007606 _____ () C:\Users\heather\AppData\Local\resmon.resmoncfg
2012-04-26 11:26 - 2014-07-25 14:13 - 0000017 _____ () C:\ProgramData\IpAndPort.fig
2011-08-25 13:30 - 2014-07-25 14:13 - 0000225 _____ () C:\ProgramData\RmUserCfg.ini
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3918117171-1918430931-2789110331-1134\$8b0c8dbb1b2ac8ed528db6ffb1032caf
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$8b0c8dbb1b2ac8ed528db6ffb1032caf
 
Files to move or delete:
====================
C:\Users\kkaiser\jagex_cl_runescape_LIVE.dat
C:\Users\kkaiser\random.dat
 
 
Some content of TEMP:
====================
C:\Users\bonnie\AppData\Local\Temp\FFB2.exe
C:\Users\brian\AppData\Local\Temp\FFB2.exe
C:\Users\Default\AppData\Local\Temp\FFB2.exe
C:\Users\Default User\AppData\Local\Temp\FFB2.exe
C:\Users\don\AppData\Local\Temp\FFB2.exe
C:\Users\donnie\AppData\Local\Temp\FFB2.exe
C:\Users\guyjr\AppData\Local\Temp\FFB2.exe
C:\Users\heather\AppData\Local\Temp\FFB2.exe
C:\Users\jpaitsel\AppData\Local\Temp\FFB2.exe
C:\Users\kkaiser\AppData\Local\Temp\FFB2.exe
C:\Users\kkaiser\AppData\Local\Temp\MSIZAP.EXE
C:\Users\lmcnamee\AppData\Local\Temp\airA049.exe
C:\Users\lmcnamee\AppData\Local\Temp\airDBA4.exe
C:\Users\lmcnamee\AppData\Local\Temp\FFB2.exe
C:\Users\lmcnamee\AppData\Local\Temp\spiceworks_redist.exe
C:\Users\Nancy.COVMACH\AppData\Local\Temp\FFB2.exe
C:\Users\QBDataServiceUser22\AppData\Local\Temp\FFB2.exe
C:\Users\root\AppData\Local\Temp\FFB2.exe
C:\Users\root\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\root\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\root\AppData\Local\Temp\spiceworks_redist.exe
C:\Users\staff\AppData\Local\Temp\FFB2.exe
C:\Users\temp\AppData\Local\Temp\FFB2.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2015-01-14 00:59
 
==================== End Of Log ============================
Link to post
Share on other sites

Your machine is heavily compromised. Please Let me know how would you like to proceed.

warning.gif Backdoor warning!

Unfortunately your machine seems to be heavy compromised by a Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advice for this moment:

  • Disconnect this machine from the internet.
  • Change your online passwords from a well-known clean computer (not this one!).
  • It would be also wise to inform financial institutions about your situation - see here.
Many experts believe that the best action should be reformat and reinstall, but I think that we can still be able to clean this one and return it to its normal funcionality (with no security guarantee afterwards, as this is a very severe type of infection).
  • If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
  • If you wish to omit the reinstallation, just please proceed with the next steps directed.
I believe that we can kill this nasty bad guy thumbsup.gif
Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startCreateRestorePoint:CloseProcesses:HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3918117171-1918430931-2789110331-1134\$8b0c8dbb1b2ac8ed528db6ffb1032caf\n. ATTENTION! ====> ZeroAccess?Toolbar: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No FileS3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]S4 LMIRfsClientNP; No ImagePathC:\$Recycle.Bin\S-1-5-21-3918117171-1918430931-2789110331-1134\$8b0c8dbb1b2ac8ed528db6ffb1032cafC:\$Recycle.Bin\S-1-5-18\$8b0c8dbb1b2ac8ed528db6ffb1032cafCustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()DeleteJunctionsIndirectory: C:\Program Files\Windows DefenderEmptyTemp:ResetHosts:end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
Link to post
Share on other sites

Disabled Norton but it still blocked FRST from messing with some files.   It seems that it blocked six attempts from FRST with "tamper protection." Other than files belonging to Norton it didn't block anything else that FRST was trying to do.

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
Ran by heather at 2015-01-23 09:57:49 Run:2
Running from F:\
Loaded Profiles: QBDataServiceUser22 & heather (Available profiles: QBDataServiceUser22 & administrator & heather)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3918117171-1918430931-2789110331-1134\$8b0c8dbb1b2ac8ed528db6ffb1032caf\n. ATTENTION! ====> ZeroAccess?
Toolbar: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S4 LMIRfsClientNP; No ImagePath
C:\$Recycle.Bin\S-1-5-21-3918117171-1918430931-2789110331-1134\$8b0c8dbb1b2ac8ed528db6ffb1032caf
C:\$Recycle.Bin\S-1-5-18\$8b0c8dbb1b2ac8ed528db6ffb1032caf
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
EmptyTemp:
ResetHosts:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found. 
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
IntcAzAudAddService => Service not found.
LMIRfsClientNP => Service not found.
"C:\$Recycle.Bin\S-1-5-21-3918117171-1918430931-2789110331-1134\$8b0c8dbb1b2ac8ed528db6ffb1032caf" => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-18\$8b0c8dbb1b2ac8ed528db6ffb1032caf" => File/Directory not found.
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found. 
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
ResetHosts: => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 16.3 MB temporary data.
 
 
The system needed a reboot. 
 

 

==== End of Fixlog 09:58:50 ====
Link to post
Share on other sites

OK, let's see where we are.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by heather (administrator) on COVMACH-PC3 on 23-01-2015 10:16:30
Running from F:\
Loaded Profiles: QBDataServiceUser22 & heather (Available profiles: QBDataServiceUser22 & administrator & heather)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
() C:\Program Files\Sage\SIM\Client\SimNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Timberline Software Corp.) C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
() C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
() C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe
(KYOCERA MITA Corporation) C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-01-25] (Symantec Corporation)
HKLM\...\Run: [simNotify.exe] => C:\Program Files\Sage\SIM\Client\SimNotify.exe [38696 2010-04-14] ()
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [sSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [indexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2480199604-2480216931-428779891-1002\...\MountPoints2: {de1ecb98-b206-11df-8e9c-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {72d8539a-2e81-11e4-9508-002564d38afb} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {a177789a-b023-11e3-a863-002564d38afb} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\MountPoints2: {d651e919-4342-11e4-87fa-002564d38afb} - E:\SISetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
ShortcutTarget: Start Pervasive PSQL Workgroup Engine.lnk -> C:\Windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2480199604-2480216931-428779891-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-2480199604-2480216931-428779891-1002 -> DefaultScope {33EF4EAC-A7B8-4412-9B8A-52BAFD2C99B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2480199604-2480216931-428779891-1002 -> {33EF4EAC-A7B8-4412-9B8A-52BAFD2C99B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134 -> DefaultScope {33EF4EAC-A7B8-4412-9B8A-52BAFD2C99B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134 -> {33EF4EAC-A7B8-4412-9B8A-52BAFD2C99B9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://www.napaaccount.com/rfmweb/LTOCX13N.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0F2A1A69-1783-4EA8-8D52-AB2634F281F0} http://www.napaaccount.com/rfmweb/RegOcx.CAB
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{AE80347B-6F4F-4509-8E83-663F6A6981B2}: [NameServer] 10.20.51.253
 
FireFox:
========
FF ProfilePath: C:\Users\heather\AppData\Roaming\Mozilla\Firefox\Profiles\akxuj8sj.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Extension: No Name - C:\Program Files\acrobat\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [Not Found]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-21]
CHR Extension: (Google Drive) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-21]
CHR Extension: (Google Search) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-21]
CHR Extension: (Google Wallet) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-21]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atashost; C:\Windows\system32\atashost.exe [136784 2012-12-19] (Cisco WebEx LLC)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-01-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-01-25] (Symantec Corporation)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-06] (Intuit Inc.) [File not signed]
R3 QuickBooksDB22; C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe [679936 2012-12-06] (Intuit, Inc.) [File not signed]
R2 Sage.LS1.ServiceHost.1.0; C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe [107816 2010-04-07] (Timberline Software Corp.)
R2 SageInstMgrClient; C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe [15144 2010-04-14] ()
R2 SageInstMgrServer; C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe [15656 2010-04-14] ()
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1881368 2010-04-10] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [349512 2010-04-01] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1822296 2010-04-01] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-12-18] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2010-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-03-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2010-08-27] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 09:34 - 2015-01-23 10:16 - 00000000 ____D () C:\FRST
2015-01-14 23:03 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 23:03 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 23:02 - 2014-12-11 12:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:16 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:16 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:16 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-06 08:11 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Local\LogMeIn
2015-01-06 08:11 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Local\Intuit
2015-01-06 08:11 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Local\antiphishing-vmninternethelper1_1dn
2015-01-06 08:11 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Local\Adobe
2015-01-06 08:10 - 2015-01-06 08:11 - 00121096 _____ () C:\Users\temp\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-06 08:10 - 2015-01-06 08:10 - 00002207 _____ () C:\Users\temp\Desktop\Google Chrome.lnk
2015-01-06 08:10 - 2015-01-06 08:10 - 00000000 ____D () C:\Users\temp\AppData\Local\Google
2015-01-06 08:09 - 2015-01-06 08:11 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Adobe
2015-01-06 08:09 - 2015-01-06 08:10 - 00000000 ____D () C:\Users\temp
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ___RD () C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ___RD () C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\Office Genuine Advantage
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Roxio Log Files
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Roxio
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Mozilla
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Malwarebytes
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\Macromedia
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Roaming\CyberLink
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Local\Symantec
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Local\PowerDVD DX
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Local\Mozilla
2015-01-06 08:09 - 2010-09-14 13:55 - 00000000 ____D () C:\Users\temp\AppData\Local\Apps\2.0
2015-01-06 08:09 - 2010-08-27 12:21 - 00001812 _____ () C:\Users\temp\Desktop\Microsoft Office 2007.lnk
2015-01-06 08:09 - 2010-08-27 12:16 - 00000000 ____D () C:\Users\temp\AppData\Local\Microsoft Help
2015-01-06 08:09 - 2010-08-27 11:39 - 00000000 ____D () C:\Users\temp\AppData\Local\Deployment
2015-01-06 08:09 - 2010-08-27 10:27 - 00001413 _____ () C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-06 08:09 - 2010-08-27 10:27 - 00000020 ___SH () C:\Users\temp\ntuser.ini
2015-01-06 08:09 - 2010-08-27 10:27 - 00000000 ____D () C:\Users\temp\AppData\Local\VirtualStore
2015-01-06 08:09 - 2009-07-13 23:42 - 00001304 _____ () C:\Users\temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 10:14 - 2009-07-13 23:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 10:14 - 2009-07-13 23:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 10:10 - 2010-08-27 13:16 - 01759610 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 10:09 - 2010-10-05 11:26 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 10:06 - 2014-10-17 13:52 - 00000000 ____D () C:\Users\QBDataServiceUser22
2015-01-23 10:05 - 2014-12-12 09:55 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-23 10:05 - 2014-12-12 09:55 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-23 10:03 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 10:02 - 2011-08-31 19:10 - 00047741 _____ () C:\Windows\setupact.log
2015-01-23 09:43 - 2010-10-05 11:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 07:40 - 2014-12-12 09:55 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-23 07:39 - 2009-07-13 23:33 - 00439056 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-23 07:37 - 2010-08-27 11:24 - 00162256 _____ () C:\Windows\PFRO.log
2015-01-22 12:03 - 2010-09-14 14:50 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-22 10:57 - 2013-01-02 11:12 - 00120704 _____ () C:\Users\heather\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 10:23 - 2013-01-02 11:13 - 00000000 ____D () C:\Users\heather\AppData\Local\Adobe
2015-01-22 10:23 - 2010-09-14 14:12 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-22 10:23 - 2010-09-14 14:11 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-22 08:18 - 2010-08-27 13:23 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 08:10 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-20 16:03 - 2014-12-12 10:49 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 12:58 - 2014-12-08 11:24 - 00007606 _____ () C:\Users\heather\AppData\Local\resmon.resmoncfg
2015-01-15 03:11 - 2014-12-12 09:55 - 00000000 ____D () C:\Program Files\LogMeIn
2015-01-15 03:07 - 2014-12-11 11:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2010-08-27 11:03 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 11:30 - 2014-12-12 09:55 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-13 11:30 - 2014-12-12 09:55 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-13 11:30 - 2014-12-12 09:55 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-09 11:39 - 2014-09-24 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-09 11:39 - 2014-09-24 09:27 - 00000000 ____D () C:\Program Files\HP
2015-01-09 11:37 - 2012-07-18 09:27 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-06 08:10 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
 
==================== Files in the root of some directories =======
2014-10-23 10:07 - 2014-10-23 10:07 - 0027115 _____ () C:\Users\heather\AppData\Roaming\UserTile.png
2013-01-03 10:11 - 2013-01-03 10:11 - 0004096 ____H () C:\Users\heather\AppData\Local\keyfile3.drm
2014-12-08 11:24 - 2015-01-15 12:58 - 0007606 _____ () C:\Users\heather\AppData\Local\resmon.resmoncfg
2012-04-26 11:26 - 2014-07-25 14:13 - 0000017 _____ () C:\ProgramData\IpAndPort.fig
2011-08-25 13:30 - 2014-07-25 14:13 - 0000225 _____ () C:\ProgramData\RmUserCfg.ini
 
Files to move or delete:
====================
C:\Users\kkaiser\jagex_cl_runescape_LIVE.dat
C:\Users\kkaiser\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 00:59
 
==================== End Of Log ============================
 
 
 
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by heather at 2015-01-23 10:17:56
Running from F:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
Aatrix Forms for Sage Timberline Office (HKLM\...\{21461F67-7C02-407E-9DF2-EF1752F55142}) (Version: 1.00.0000 - Sage)
Brother MFL-Pro Suite (HKLM\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.00.000 - )
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-2480199604-2480216931-428779891-1002\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
Kyocera Scanner File Utility (HKLM\...\{61C79AE1-5403-4687-AC68-28BFA5EF3895}) (Version: 3.16.9 - KyoceraMita)
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
LogMeIn (HKLM\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
Lorex Auto Port Forwarding (HKLM\...\Lorex Auto Port Forwarding) (Version: 1.2.0 - Lorex Technology Powered By PcWinTech.com)
Lorex Client 10 (HKLM\...\Lorex Client) (Version: 10 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nortel Digital Mobility Controller 1.00 (HKLM\...\Nortel Digital Mobility Controller_is1) (Version:  - Nortel)
Office Connector (Remove Only) (HKLM\...\Office Connector) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Outlook on the Desktop 2.0.2 (HKLM\...\{6D9785D9-FF53-4C06-9C2A-E4173D41A2FD}_is1) (Version:  - Michael Scrivo)
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
Pervasive PSQL v10 SP3 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP3 Workgroup (32-bit)) (Version: 10.30.013 - Pervasive Software)
Pervasive PSQL v10 SP3 Workgroup (32-bit) (Version: 10.30.013 - Pervasive Software) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
QuickBooks (Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks Premier: Contractor Edition 2012 (HKLM\...\{2556333D-27B8-4CCE-9DC3-A6CC382F3409}) (Version: 22.0.4015.2206 - Intuit Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Sage Installation Manager CLIENT programs (HKLM\...\{71715DF4-3167-489A-B843-9EEFC71D97E8}) (Version: 2.0.0.0 - Sage)
Sage Installation Manager SERVER programs (HKLM\...\{D1E91805-6812-47AD-AB94-47F87AE50B60}) (Version: 2.0.0.0 - Sage)
Sage Timberline Office Accounting Client (HKLM\...\{C378651D-4F97-450E-9D33-8AF8C02FC287}) (Version: 9.7.0 - Sage)
Sage Timberline Office Payroll Tax Reports (Version: 6.14.16 - Sage Software) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Symantec Endpoint Protection (HKLM\...\{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}) (Version: 11.0.6000.550 - Symantec Corporation)
TurboMeeting (HKU\S-1-5-21-3918117171-1918430931-2789110331-1134\...\TurboMeeting) (Version: 3.0.305 - RHUB Communications, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3918117171-1918430931-2789110331-1134_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
 
==================== Restore Points  =========================
 
22-01-2015 08:13:51 Pre Virus Scan
22-01-2015 08:49:10 Windows Backup
22-01-2015 10:15:52 Removed Adobe Acrobat X Pro - English, Français, Deutsch.
22-01-2015 10:21:48 Removed Adobe Reader 9.3.4.
23-01-2015 08:37:57 Restore Point Created by FRST
23-01-2015 09:58:00 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2012-04-06 06:33 - 00001805 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3D887A08-BD96-4C91-A856-42DE6B7D8AEF} - System32\Tasks\{1A40B363-A1BE-4F22-8112-4B9834778DE4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Intuit\QuickBooks 2009\QBW32PremierContractor.exe"
Task: {72FEB3C5-E90C-45C7-BFE8-1F7CDB036819} - System32\Tasks\{4EBFF532-6BE6-49B5-8665-708B96729CD0} => pcalua.exe -a "C:\Users\kkaiser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4WUJNQ2X\QuickBooksPro2011.exe" -d C:\Users\kkaiser\Desktop
Task: {8139D077-C14B-485A-9F1E-89A8D2C98F9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {98636363-5226-48FA-B833-221672BFDC9F} - System32\Tasks\{29838F4C-EBCD-43AB-AA50-AE359D05D18E} => pcalua.exe -a "C:\Users\kkaiser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K1Q8P4Q\Setup_QuickBooksPremier2012.exe" -d C:\Users\kkaiser\Desktop
Task: {A4B9E0AB-06A7-47F0-84AA-25DE588ABCE8} - System32\Tasks\{C9A857A8-803D-475F-A7A7-40A1B40A2930} => pcalua.exe -a D:\setup.exe -d D:\
Task: {BD1622EC-A155-41E1-B1FC-918028FCF303} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-24 09:38 - 2012-08-31 14:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2014-09-24 09:38 - 2012-08-31 14:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2010-04-14 03:01 - 2010-04-14 03:01 - 00038696 _____ () C:\Program Files\Sage\SIM\Client\SimNotify.exe
2010-04-14 03:01 - 2010-04-14 03:01 - 00033064 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.DesktopNotification.ClientLibrary.dll
2010-04-14 03:01 - 2010-04-14 03:01 - 00015144 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
2010-04-14 03:01 - 2010-04-14 03:01 - 00065320 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.Core.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00068904 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00021800 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProductPluginManager.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00015656 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.DesktopNotification.Service.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00014632 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProducts.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00016168 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.ServerCallbackService.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00011560 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.ClientShared.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00015656 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProductPluginWrapper.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.dll
2012-12-06 13:10 - 2012-12-06 13:10 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00380744 _____ () C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00138568 _____ () C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00176968 _____ () C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00042824 _____ () C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll
2010-04-14 03:01 - 2010-04-14 03:01 - 00015656 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe
2010-04-14 03:01 - 2010-04-14 03:01 - 00129832 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.Core.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00068904 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00012584 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ClientDownloadService.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00011560 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.ClientShared.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00016168 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ClientManagerService.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00018216 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.ManagementConsoleService.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00013096 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.ManagementConsoleShared.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00020776 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.ManagedServerProductPluginManager.dll
2010-04-14 03:00 - 2010-04-14 03:00 - 00012584 _____ () C:\Program Files\Sage\SIM\Server\Sage.Sim.Shared.ManagedServerProducts.dll
2010-09-22 01:25 - 2000-11-09 10:17 - 00190464 _____ () C:\Program Files\Kyocera\FileUtility\HgTiff2Pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
administrator (S-1-5-21-2480199604-2480216931-428779891-500 - Administrator - Enabled) => C:\Users\localroot
Guest (S-1-5-21-2480199604-2480216931-428779891-501 - Limited - Disabled)
QBDataServiceUser22 (S-1-5-21-2480199604-2480216931-428779891-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser22
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2015 10:09:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (01/23/2015 10:09:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (01/23/2015 10:09:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (01/23/2015 09:58:23 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: COVMACH)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  F:\FRST.exe (PID 2728)
Time:  Friday, January 23, 2015  9:58:23 AM
 
Error: (01/23/2015 09:58:23 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: COVMACH)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  F:\FRST.exe (PID 2728)
Time:  Friday, January 23, 2015  9:58:23 AM
 
Error: (01/23/2015 09:58:23 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: COVMACH)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  F:\FRST.exe (PID 2728)
Time:  Friday, January 23, 2015  9:58:23 AM
 
Error: (01/23/2015 09:58:23 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: COVMACH)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  F:\FRST.exe (PID 2728)
Time:  Friday, January 23, 2015  9:58:23 AM
 
Error: (01/23/2015 09:58:23 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: COVMACH)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  F:\FRST.exe (PID 2728)
Time:  Friday, January 23, 2015  9:58:23 AM
 
Error: (01/23/2015 09:58:22 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: COVMACH)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  F:\FRST.exe (PID 2728)
Time:  Friday, January 23, 2015  9:58:22 AM
 
Error: (01/23/2015 09:57:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {77246cb4-7afc-48ad-bb5d-bd5251c7eca6}
 
 
System errors:
=============
Error: (01/23/2015 10:09:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (01/23/2015 10:07:56 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (01/23/2015 10:04:00 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (01/23/2015 10:03:54 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (01/23/2015 10:03:38 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1053) (User: COVMACH)
Description: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/23/2015 10:03:37 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (01/23/2015 10:03:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (01/23/2015 10:03:35 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain COVMACH due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/23/2015 09:59:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Print Spooler service, but this action failed with the following error: 
%%1056
 
Error: (01/23/2015 09:58:52 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (10/10/2011 11:53:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17859 seconds with 3000 seconds of active time.  This session ended with a crash.
 
Error: (11/10/2010 03:56:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18959 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (10/21/2010 07:11:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1813 seconds with 480 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-08-31 15:02:12.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-08-31 14:31:24.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-08-31 14:24:49.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-08-31 14:13:38.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-08-11 14:30:59.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-21 19:40:33.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-21 19:25:50.540
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-21 19:13:26.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-21 18:55:26.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-06-20 21:57:07.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 3070.99 MB
Available physical RAM: 2042.61 MB
Total Pagefile: 7674.28 MB
Available Pagefile: 6557.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.43 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:148.91 GB) (Free:93.3 GB) NTFS
Drive f: () (Removable) (Total:7.26 GB) (Free:7.26 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0B)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

OK, it's time to start fixing the damage.

FarbarServiceScanner.png Scan with Farbar Service Scanner

Download Farbar Service Scanner by Farbar and save it to your desktop.

  • Right-click on FarbarServiceScanner.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure all of the options are checked!
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
Please include that log in your next reply.
Link to post
Share on other sites

FSS.txt

 

 

Farbar Service Scanner Version: 17-01-2015

Ran by heather (administrator) on 23-01-2015 at 10:43:04
Running from "C:\Users\heather\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
 
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.
 
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
Link to post
Share on other sites

servicerepairico.png Fix with ESET Services Repair

Please download Services Repair by ESET and save it to your desktop.

  • Right-click on servicerepairico.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If security notifications appear, click Continue or Run.
  • Accept the prompt about restoring services.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop.
Please include that logfile in your next reply.
Link to post
Share on other sites

SvcRepair.log

 

 

Log Opened: 2015-01-23 @ 11:12:27

11:12:27 - -----------------

11:12:27 - | Begin Logging |

11:12:27 - -----------------

11:12:27 - Fix started on a WIN_7 X86 computer

11:12:27 - Prep in progress.  Please Wait.

11:12:28 - Prep complete

11:12:28 - Repairing Services Now.  Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

 

SetACL finished successfully.

11:12:29 - Services Repair Complete.

11:12:34 - Reboot Initiated
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.