Jump to content

I'm pretty sure I have an infection: au_.exe


JPGR
 Share

Recommended Posts

Hi -

 

I'm writing because I think I have an infection, and would appreciate some help please. I have Malwarebytes Premium, and trendmicro.

 

 

The first part of this note is things that I've noticed going wrong:

1. I noticed that Firefox was closing, "Sorry something went wrong ..." multiple times.

2. I noticed that I'd also get a similar message from Malwarebytes.

3. I noticed that when I'd do a threat scan on Malwarebytes, it would abruptly shut down when it got to "Scan Memory".

4. I noticed that trendmicro said, "Your antivirus hasn't been updated in 6 days" (it is supposed to update more frequently).

5. Today I went to delete Adobe Flash. During that process, trendmicro mentioned something about au_.exe. I can't remember exactly what I told it (sorry) but it was something along the lines of "don't mess with that" because I'd never heard of it.

 

From that point on, things have been bad. Everything is very slow, the Task Manager Performance showed activity at 50% or more all the time, and I can't open the Start menu, open the programs in the lower right hand part of the screen (including Malwarebytes), or open the "You have updates ready" icon from MS.

At this point I had to do a power-down hard reset. It is more responsive as of that, I could open Malwarebytes, and it completed a threat scan with zero bad results found. I did a trendmicro scan, with the same results.

But things are still wrong. My Task Manager performance is still hovering around 50%. I can't double click open the yellow shield at the bottom right that says I have Windows updates ready to go (or did it say microsoft updates ... I can't remember from before it was frozen shut, and it doesn't have right click functionality to open). I still don't trust things, and am concerned I have an infection.

I'm typing this on a 2nd computer, because I started typing when the the infected one was pretty much unresponsive (before the hard power down reboot).

Help is appreciated please! I'll need instructions please about how to use a memory stick to address the infected computer, I think?

(I noticed the pinned "what do I do now that I'm infected" thread is from 2009 ... wasn't sure if it was still applicable).

 

Thank you!

 

 

Link to post
Share on other sites

Hello and :welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-10-2016
Ran by afenton (administrator) on FENTON-D7GJ3D1 (12-10-2016 19:10:55)
Running from \\server1\private$\afenton\Downloads
Loaded Profiles: afenton (Available Profiles: afenton & Administrator & root & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(McKesson MIG) C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Prosoftnet) C:\Program Files\IBackupWindows\ib_service.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\logWriter.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
() C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Prosoftnet) C:\Program Files\IBackupWindows\ib_bglaunch.exe
(Prosoftnet) C:\Program Files\IBackupWindows\ib_tray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
Failed to access process -> FRST.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [Synchronization Manager] => C:\WINDOWS\system32\mobsync.exe [143360 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [IBackup Background process] => C:\Program Files\IBackupWindows\ib_bglaunch.exe [160008 2016-04-11] (Prosoftnet)
HKLM\...\Run: [IBackup Tray] => C:\Program Files\IBackupWindows\ib_tray.exe [2222344 2016-04-11] (Prosoftnet)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1473760 2016-09-23] (Trend Micro Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM Group Policy restriction on software: %userprofile%\appdata\local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\appdata\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\Spotify\spWebInst0.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\Spotify\spotifyLauncher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\Spotify\spotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\appdata\LocalLow\Temp\SpotifyUninstall.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\cryptnet32: cryptnet32.dll [X]
Winlogon\Notify\NavLogon:
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\MountPoints2: {742d997f-ff0a-11e2-bb9e-00038a000015} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD8335931943] => cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-507F1C84" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD8335931943 /f
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ClientLogCollector.lnk [2015-10-06]
ShortcutTarget: ClientLogCollector.lnk -> C:\Program Files\McKesson\ClientLogCollector\AliClientLogCollector.exe (McKesson Imaging & Workflow Solutions)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Online plug-in.lnk [2016-10-12]
ShortcutTarget: Online plug-in.lnk -> C:\WINDOWS\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1362468806-2297102619-1991856889-1139] =>  
AutoConfigURL: [S-1-5-21-1362468806-2297102619-1991856889-1139] =>  
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{07600FC0-E89C-4DF1-8577-7538D5BE857A}: [DhcpNameServer] 10.0.0.4
Tcpip\..\Interfaces\{9DFAEDB8-0E12-4712-A7AA-84810C6D2933}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{E792913E-436B-4C5A-8168-0652397055C0}: [DhcpNameServer] 10.0.0.2

Internet Explorer:
==================
HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=B8DF
URLSearchHook: HKLM - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
URLSearchHook: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> DefaultScope {427CC8B8-0502-4D84-BFAE-E48FE4E850E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> {427CC8B8-0502-4D84-BFAE-E48FE4E850E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22] (AOL Inc)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-03-10] (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\module\BES\TmBpIe32.dll [2014-10-30] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-03-10] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2014-03-10] (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22] (AOL Inc)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22] (AOL Inc)
Toolbar: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} hxxps://ctzmdportal.iasishealthcare.com/portal/applets/SharedSession.dll
DPF: {1A988C5B-7C51-4A6A-8635-6B83BA1288B2} hxxps://cetxpacshrsd.christushealth.org/hrs/download/Setup.cab
DPF: {36600F07-8977-445A-96DF-A37BCF51FAFB} hxxp://bhspacs.baptisthealthsystem.com/Sapphire/download/Setup.cab
DPF: {4CDE7458-CB28-4C11-BEF7-9F1D63E1FD9F} hxxps://portal.baptisthealthsystem.com/hppportlets/include/LaunchHeo.dll
DPF: {5273A32B-C0FA-4497-89D1-329C3AC328FF} hxxp://10.71.16.215/idxrad/ClientBin/IDXWindowHandler.cab
DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} hxxps://my.christushealth.org/vericis%5Fweb/vwr_data//,DanaInfo=santarosacpacs.christushealth.org+webvwr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} hxxps://hpfwtxf.hca.corpad.net/portal/mckesson/eig/viewer/mckapprun.cab
DPF: {B02DFC8D-F8D3-46BB-AABF-DB1B4A9DAF4A} hxxp://bhspacs.baptisthealthsystem.com/HRS/download/AliUpdate.cab
DPF: {BD413F3F-67C3-4100-AC76-36FC47A7EEA0} hxxps://my.christushealth.org/vericis%5Fweb/,DanaInfo=santarosacpacs.christushealth.org+vwr_data//msmpg4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} hxxp://10.71.16.39/iSite3_5.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://vanguardhealth.webex.com/client/T27L10NSP32CP1/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sanantoniora.clio.medcity.net/dana-cached/sc/JuniperSetupClient.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2013-03-11] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-07] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\module\BES\TmBpIe32.dll [2014-10-30] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\afenton\Application Data\Mozilla\Firefox\Profiles\swx8zdzr.default-1465259549742 [2016-10-12]
FF Homepage: C:\Documents and Settings\afenton\Application Data\Mozilla\Firefox\Profiles\swx8zdzr.default-1465259549742 -> hxxp://www.nytimes.com/
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-12] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2014-03-10] [not signed]
FF HKLM\...\Firefox\Extensions: [{52d08c03-d98f-40ed-bd1c-e4ee1d7b9bdd}] - C:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension [2016-04-13]
FF HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Firefox\Extensions: [{D0864A31-7C1D-11E1-826D-B8AC6F996F26}] - C:\Documents and Settings\afenton\Local Settings\Application Data\{D0864A31-7C1D-11E1-826D-B8AC6F996F26}
FF Extension: (Translate This!) - C:\Documents and Settings\afenton\Local Settings\Application Data\{D0864A31-7C1D-11E1-826D-B8AC6F996F26} [2012-04-01] [not signed]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @Citrix.com/npagee,version=9.3.58.5 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2012-08-17] (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2014-03-10] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-03-10] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 -> C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll [2007-03-19] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ieatgpc.dll [2012-01-12] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll [2012-01-12] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\afenton\Application Data\mozilla\plugins\npagee.dll [2012-08-17] (Citrix Systems, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-12-13]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-12]
CHR Extension: (Google Docs) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Chromebleed) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-06-04]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Documents and Settings\afenton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AliUpdate; C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe [85072 2011-05-09] (McKesson MIG)
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-12-09] (Juniper Networks)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-04-12] (Macrovision Europe Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2006-12-10] (Hewlett-Packard Co.) [File not signed]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [602112 2007-05-16] (Hewlett-Packard Co.) [File not signed]
R2 IBService; C:\Program Files\IBackupWindows\ib_service.exe [242952 2016-04-11] (Prosoftnet)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2014-03-10] (Sun Microsystems, Inc.)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [156272 2012-08-17] (Citrix Systems, Inc)
R2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [3069664 2016-09-23] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-03-11] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) [File not signed]
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [80384 2016-09-23] (Trend Micro Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [375296 2016-09-07] () [File not signed]
R3 TmCCSF; C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [764344 2016-09-23] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [2899472 2016-09-23] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [694832 2014-01-22] (Trend Micro Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-12] (Broadcom Corporation)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [189272 2011-10-18] (Citrix Systems, Inc.)
S3 ctxva51; C:\WINDOWS\System32\DRIVERS\ctxva51.sys [42096 2012-08-17] (Citrix Systems, Inc.)
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [121168 2013-10-03] (Citrix Systems, Inc.)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [58920 2016-07-28] ()
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-12] (Malwarebytes)
R1 NEOFLTR_803_30619; C:\WINDOWS\system32\Drivers\NEOFLTR_803_30619.SYS [92984 2014-04-09] (Juniper Networks, Inc.)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
S3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) [File not signed]
S3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [260352 2005-01-27] (Analog Devices, Inc.) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R2 tmactmon; C:\WINDOWS\system32\drivers\tmactmon.sys [113888 2016-08-04] () [File not signed]
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [324320 2016-08-22] () [File not signed]
R2 tmevtmgr; C:\WINDOWS\system32\drivers\tmevtmgr.sys [83680 2016-08-04] () [File not signed]
R2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [294152 2015-07-02] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [38152 2015-07-02] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90712 2015-05-15] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [94816 2016-08-02] (Trend Micro Inc.)
S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [40824 2011-01-21] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [381032 2011-01-21] (Paragon)
R2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1608744 2015-07-02] (Trend Micro Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S0 cerc6; no ImagePath
U2 CertPropSvc; no ImagePath
S4 IntelIde; no ImagePath
S3 synasusb; System32\Drivers\synasusb.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-12 19:10 - 2016-10-12 19:10 - 00000000 ____D C:\FRST
2016-10-12 19:04 - 2016-10-12 19:04 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-12 19:04 - 2016-10-12 19:04 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-10-12 17:12 - 2016-10-12 17:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Security Agent
2016-10-10 22:21 - 2016-10-10 22:21 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-12 19:12 - 2010-04-12 14:32 - 00000000 ____D C:\Documents and Settings\afenton\Local Settings\Temp
2016-10-12 19:04 - 2016-02-12 02:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-12 19:04 - 2012-05-03 20:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-12 19:00 - 2016-04-18 19:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2016-10-12 18:59 - 2009-11-12 09:58 - 00000215 ___SH C:\boot.ini
2016-10-12 18:59 - 2008-04-13 18:00 - 00000710 _____ C:\WINDOWS\win.ini
2016-10-12 18:59 - 2008-04-13 18:00 - 00000227 ____N C:\WINDOWS\system.ini
2016-10-12 18:56 - 2014-04-29 15:51 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-12 18:53 - 2014-03-12 20:13 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-10-12 18:53 - 2010-05-25 23:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-12 18:50 - 2010-04-12 14:24 - 00000120 _____ C:\WINDOWS\system32\config\netlogon.ftl
2016-10-12 18:50 - 2009-11-12 17:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-12 18:46 - 2010-04-12 14:32 - 00000178 ___SH C:\Documents and Settings\afenton\ntuser.ini
2016-10-12 18:46 - 2009-11-12 17:05 - 00032086 _____ C:\WINDOWS\SchedLgU.Txt
2016-10-12 18:45 - 2010-04-12 13:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-10-12 18:30 - 2013-05-16 16:34 - 00278038 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-10-12 18:30 - 2010-04-12 14:32 - 00000000 ____D C:\Documents and Settings\afenton
2016-10-12 18:30 - 2009-11-12 09:52 - 00000000 ____D C:\WINDOWS\security
2016-10-12 18:29 - 2010-05-28 16:13 - 00000000 ____D C:\WINDOWS\pss
2016-10-12 18:13 - 2010-05-25 23:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-12 17:10 - 2009-11-12 09:59 - 00639532 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-12 16:28 - 2010-04-12 14:25 - 00000000 __SHD C:\WINDOWS\CSC
2016-10-12 15:12 - 2009-11-12 09:52 - 00000000 ___HD C:\WINDOWS\inf
2016-10-12 15:07 - 2010-05-13 12:32 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-10-12 14:23 - 2009-11-12 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-11 23:07 - 2016-04-13 14:39 - 00000000 ____D C:\Program Files\IBackupWindows
2016-10-11 16:56 - 2011-02-21 16:21 - 00000245 _____ C:\Documents and Settings\afenton\sharedSession.properties
2016-10-11 14:03 - 2010-05-25 14:47 - 00000000 ____D C:\Documents and Settings\afenton\Desktop\Personal
2016-10-10 22:21 - 2014-04-29 15:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-08 15:00 - 2014-03-12 20:13 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-10-07 09:46 - 2010-05-25 14:02 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-10-02 14:06 - 2010-04-12 13:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2016-09-27 20:51 - 2010-04-12 14:32 - 00000000 ____D C:\Documents and Settings\afenton\Local Settings\Application Data\Adobe
2016-09-18 17:54 - 2008-04-13 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-16 12:37 - 2013-05-16 22:11 - 00435504 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1362468806-2297102619-1991856889-1139-0.dat
2016-09-15 14:47 - 2015-11-06 10:40 - 00002447 _____ C:\Documents and Settings\All Users\Desktop\Kareo.lnk

==================== Files in the root of some directories =======

2011-09-03 18:48 - 2011-09-03 19:35 - 0000288 _____ () C:\Documents and Settings\afenton\Application Data\.backup.dm
2014-04-29 15:07 - 2014-04-29 15:07 - 0000064 _____ () C:\Documents and Settings\afenton\Application Data\mbam.context.scan
2011-03-10 19:18 - 2011-09-17 13:44 - 0006144 _____ () C:\Documents and Settings\afenton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-27 19:42 - 2010-04-27 19:42 - 0000130 _____ () C:\Documents and Settings\afenton\Local Settings\Application Data\fusioncache.dat
2011-01-05 17:53 - 2010-10-06 12:57 - 0004238 _____ () C:\Documents and Settings\All Users\hCare_Access.ico
2010-04-22 11:09 - 2010-04-22 11:18 - 0000811 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Some files in TEMP:
====================
C:\Documents and Settings\afenton\Local Settings\Temp\Abspdf.exe
C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfu.dll
C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfuamd64.dll
C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfui.dll
C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfuia64.dll
C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfuiamd64.dll
C:\Documents and Settings\afenton\Local Settings\Temp\acfpdfuiia64.dll
C:\Documents and Settings\afenton\Local Settings\Temp\AcsInstall.dll
C:\Documents and Settings\afenton\Local Settings\Temp\cdintf.dll
C:\Documents and Settings\afenton\Local Settings\Temp\dsHostCheckerSetup.exe
C:\Documents and Settings\afenton\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\afenton\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\afenton\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\afenton\Local Settings\Temp\jre-6u45-windows-i586-iftw_2f3dd198.exe
C:\Documents and Settings\afenton\Local Settings\Temp\jre-8u101-windows-au.exe
C:\Documents and Settings\afenton\Local Settings\Temp\JuniperSetupClientInstaller.exe
C:\Documents and Settings\afenton\Local Settings\Temp\MSETUP4.EXE
C:\Documents and Settings\afenton\Local Settings\Temp\PDFPRT400.exe
C:\Documents and Settings\afenton\Local Settings\Temp\Reg.exe
C:\Documents and Settings\afenton\Local Settings\Temp\SHFOLDER.DLL
C:\Documents and Settings\afenton\Local Settings\Temp\SRAssetsHelper.dll
C:\Documents and Settings\afenton\Local Settings\Temp\tmp170D.tmp.exe
C:\Documents and Settings\afenton\Local Settings\Temp\tmp172D.tmp.exe
C:\Documents and Settings\afenton\Local Settings\Temp\tmp1731.tmp.exe
C:\Documents and Settings\afenton\Local Settings\Temp\uninstall.exe
C:\Documents and Settings\afenton\Local Settings\Temp\WFBS-SVC_Agent.exe
C:\Documents and Settings\afenton\Local Settings\Temp\xmllite.dll
C:\Documents and Settings\afenton\Local Settings\Temp\~39A.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-10-2016
Ran by afenton (12-10-2016 19:12:42)
Running from \\server1\private$\afenton\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-11-12 21:41:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-57989841-1979792683-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.FENTON-D7GJ3D1
ASPNET (S-1-5-21-57989841-1979792683-1177238915-1004 - Limited - Enabled)
Guest (S-1-5-21-57989841-1979792683-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-57989841-1979792683-1177238915-1000 - Limited - Disabled)
root (S-1-5-21-57989841-1979792683-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\root
SUPPORT_388945a0 (S-1-5-21-57989841-1979792683-1177238915-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Security Agent (Enabled - Up to date) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
7500_7600_7700_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM\...\Adobe Acrobat  8 Standard - English, Français, Deutsch_831) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Standard (HKLM\...\Adobe Acrobat  8 Standard - English, Français, Deutsch) (Version: 8.3.1 - Adobe Systems)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AOL Toolbar (HKLM\...\AOL Toolbar) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL LLC)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
BPD_Scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 82.0.173.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.03 - Broadcom Corporation)
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-J470DW (HKLM\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX470 series User Registration (HKLM\...\Canon MX470 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM\...\{50B62367-6210-45E4-AA1E-A0532926E429}) (Version: 8.29.3201 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Access Gateway Plug-in (HKLM\...\{EFA471C2-9843-48A0-BC2E-CCA297835F4E}) (Version: 9.3.58.5 - Citrix Systems, Inc.)
Citrix online plug-in (HKLM\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Driver Download Manager (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HMI Update Service (HKLM\...\{4C171E6A-4654-4F09-8CAA-7E02250AAD45}) (Version: 1.0.0.5 - McKesson)
Horizon MI View (HKLM\...\{B129B7D5-BCE8-4497-956B-35C8792E32EB}) (Version: 11.50.2.276 - McKesson Medical Imaging Group)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Officejet Pro All-In-One Series (HKLM\...\{868EA922-5675-4E91-BDA6-BBD0F923C5EF}) (Version: 1.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
IBackup Version - 11.0 (HKLM\...\IBackup_is1) (Version: 11.0 - Pro Softnet Corp)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Neoteris_Host_Checker) (Version: 8.0.3.30619 - Juniper Networks)
Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.14951 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 8.0.3.30619 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Kareo (HKLM\...\InstallShield_{9F7D3390-A648-4283-AAD8-BB357FB3F30A}) (Version: 1.77.5774.38751 - Kareo, Inc.)
Kareo (Version: 1.77.5774.38751 - Kareo, Inc.) Hidden
L7600 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McKesson Cardiology Applications (HKLM\...\Medcon) (Version:  - McKesson)
McKesson Radiology Station (HKLM\...\{89E9D9FF-947F-4269-9866-3EBC36E8AF8A}) (Version: 12.1.1.8056 - McKesson Corporation and/or one of its subsidiaries)
Medcon AppLauncher (HKLM\...\{8F5F43D2-C218-4166-82D0-9AABB0953701}) (Version: 4.06.011 - McKesson)
Medcon WebClient (HKLM\...\{2F882DF1-6439-4F31-8BF4-A8422D1A056A}) (Version: 4.06.011 - McKesson)
MedconViewer (HKLM\...\{17EDDEA4-B322-401F-AC3D-D01819CC9E41}) (Version: 4.06.011 - McKesson)
MEDITECH Workstation4.x (HKLM\...\Workstation4.x) (Version:  - Medical Information Technology, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Live Meeting 2007 (HKLM\...\{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}) (Version: 8.0.6362.201 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetDeviceManager (Version: 90.0.192.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickBooks (Version: 20.0.4006.807 - Intuit Inc.) Hidden
QuickBooks (Version: 23.0.4006.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2007 (HKLM\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version:  - )
QuickBooks Pro 2010 (HKLM\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4006.807 - Intuit Inc.)
QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4006.2305 - Intuit Inc.)
QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
RescuePRO 4.0 (HKLM\...\{52BBFD55-F411-42DA-ADD5-309C072BB163}_is1) (Version: 4.0 - LC Technology International, Inc.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Soft-Central SC-DiskInfo (HKLM\...\Soft-Central SC-DiskInfo) (Version:  - )
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
Spotify (HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Trend Micro Security Agent (HKLM\...\HostedAgent) (Version: 5.9.1118 - Trend Micro Inc.)
Trend Micro Security Agent (Version: 5.9.1118 - Trend Micro Inc.) Hidden
Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version:  - )
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell(TM) 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
Windows Resource Kit Tools (HKLM\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\afenton\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
Shortcut: C:\Documents and Settings\afenton\Desktop\Desktop Backup.lnk -> C:\Old Data\robo.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2010-04-07 13:36 - 2006-11-01 20:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2010-04-07 13:36 - 2006-11-01 20:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2016-04-13 14:39 - 2016-04-11 18:07 - 00013312 _____ () C:\Program Files\IBackupWindows\SqliteWrapper.dll
2016-04-13 14:39 - 2016-04-11 15:32 - 00639488 _____ () C:\Program Files\IBackupWindows\sqlite3.dll
2016-04-13 14:39 - 2016-04-11 18:08 - 00043520 _____ () C:\Program Files\IBackupWindows\RemoteManagement.dll
2016-04-13 15:17 - 2011-08-31 13:55 - 00499712 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\sqlite3.dll
2014-12-23 00:09 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-03-31 19:09 - 2015-03-31 19:09 - 00024312 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_system-vc110-mt-1_57.dll
2015-03-31 19:09 - 2015-03-31 19:09 - 00049544 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_date_time-vc110-mt-1_57.dll
2015-03-31 19:10 - 2015-03-31 19:10 - 00552696 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\sqlite3.dll
2015-03-31 19:09 - 2015-03-31 19:09 - 01111456 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\libprotobuf.dll
2015-03-31 19:09 - 2015-03-31 19:09 - 00092792 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_thread-vc110-mt-1_57.dll
2015-03-31 19:09 - 2015-03-31 19:09 - 00032552 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_chrono-vc110-mt-1_57.dll
2016-10-12 16:50 - 2015-07-28 11:59 - 00663552 _____ () C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\sqlite3.dll
2013-05-08 08:51 - 2013-05-08 08:51 - 00019056 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
2016-04-13 15:30 - 2016-09-07 13:49 - 00375296 _____ () C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2008-04-13 18:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Software\Classes\.exe: exefile =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\baptisthealthsystem.com -> hxxps://portal.baptisthealthsystem.com
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\christushealth.org -> hxxps://my.christushealth.org
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\corpad.net -> corpad.net
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\forisbaptisthealthsystem.com -> hxxps://forisbaptisthealthsystem.com
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\https://sanantonio.ns.medcity.net -> https://sanantonio.ns.medcity.net
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\insidemhs.com -> insidemhs.com
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\medcity.net -> hxxps://sadra-portal.clio.medcity.net
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\mhsaccess.com -> mhsaccess.com
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\mhsportal.com -> mhsportal.com
IE trusted site: HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\...\satx-hc-ws1 -> hxxp://satx-hc-ws1

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 18:00 - 2011-01-05 17:42 - 00002031 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
10.194.27.222 mhmhgeqsld.hca.corpad.net
10.194.27.220 mhmhgeqs.hca.corpad.net
10.194.27.221 mhmhgeqsbak.hca.corpad.net
205.132.211.78 mhmhclstr01.hca.corpad.net
205.132.213.250 insidemhs.com
10.71.45.123 mhmhhlweb.hca.corpad.net
10.71.45.55 mhmhhlwao.hca.corpad.net
10.71.45.56 mhmhhlwaocl.hca.corpad.net
205.132.214.187 mhmhweb01.hca.corpad.net
10.71.65.74 mhmhapp10.hca.corpad.net
10.223.32.11 sad.portal.medcity.net
10.223.96.237 sadcwqweb03.hca.corpad.net
10.223.96.236 sadcwqweb02.hca.corpad.net
10.223.96.235 sadcwqweb01.hca.corpad.net
10.223.96.203 sadcwpwebhpf01a.hca.corpad.net
10.223.96.204 sadcwpwebhpf01b.hca.corpad.net
10.223.96.205 sadcwpwebhpf01c.hca.corpad.net
10.223.96.212 sadcwpdbshpfc1.hca.corpad.net
205.132.211.146 mhscentral.com
10.26.90.44 psynch.hca.corpad.net
10.223.96.26 SADCWPAPPHPF01C.hca.corpad.net
10.223.96.34 SADCWQPRTHPF02.hca.corpad.net
205.132.211.162 mhmhspst01.hca.corpad.net
10.198.65.76 mhmhapp10.hca.corpad.net
10.223.32.19 hpfwtxf.hca.corpad.net
10.194.27.225 mhmhappgecpnld.hca.corpad.net
10.198.65.71 mhmheeg01.hca.corpad.net
170.150.224.202 sanadhca02.hca.corpad.net
199.107.238.205 uptodate.medcity.net

There are 1 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1362468806-2297102619-1991856889-1139\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 10.0.0.2
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix Access Gateway.lnk => C:\WINDOWS\pss\Citrix Access Gateway.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\WINDOWS\pss\Intuit Data Protect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk => C:\WINDOWS\pss\Status Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files\AOL 9.5\AOL.EXE" -b
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrHelp => C:\Program Files\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1271627642\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Documents and Settings\afenton\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
MSCONFIG\startupreg: SigmatelSysTrayApp => %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
MSCONFIG\startupreg: Spotify => "C:\Documents and Settings\afenton\Application Data\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\afenton\Application Data\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Disabled:Microsoft Office Outlook
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\afenton\Local Settings\Temp\7zS2DF.tmp\setup\HPZnui01.exe] => Enabled:hpznui01.exe
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\afenton\Local Settings\Temp\7zS2DF.tmp\setup\hponicifs01.exe] => Enabled:hponicifs01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe] => Enabled:QuickBooks 2010 Data Manager
DomainProfile\AuthorizedApplications: [C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe] => Enabled:Secure Application Manager Proxy
DomainProfile\AuthorizedApplications: [C:\WINDOWS\LMI28A.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
DomainProfile\AuthorizedApplications: [C:\WINDOWS\LMI28B.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
DomainProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
DomainProfile\AuthorizedApplications: [C:\Program Files\Spotify\spotify.exe] => Enabled:Spotify
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\afenton\Application Data\Spotify\spotify.exe] => Enabled:Spotify
DomainProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2013\QBDBMgrN.exe] => Enabled:QuickBooks 2013 Data Manager
DomainProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
DomainProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe] => Enabled:QuickBooks 2007 Data Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\acs\AOLDial.exe] => Enabled:AOL Connectivity Service Dialer
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\acs\AOLacsd.exe] => Enabled:AOL Connectivity Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\1271627642\ee\aolsoftware.exe] => Enabled:AOL Shared Components
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL 9.5\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe] => Enabled:AOL TopSpeed
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\Loader\aolload.exe] => Enabled:AOL Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\aol\System Information\sinf.exe] => Enabled:AOL System Information
StandardProfile\AuthorizedApplications: [C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe] => Enabled:Secure Application Manager Proxy
StandardProfile\AuthorizedApplications: [C:\Program Files\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe] => Enabled:DTX broker
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\afenton\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
DomainProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
DomainProfile\GloballyOpenPorts: [21112:TCP] => Enabled:Trend Micro Security Agent Listener
DomainProfile\GloballyOpenPorts: [61117:UDP] => Enabled:Trend Micro Security Agent Broadcast
DomainProfile\GloballyOpenPorts: [61116:TCP] => Enabled:Trend Micro Security Agent Update
StandardProfile\GloballyOpenPorts: [61117:UDP] => Enabled:Trend Micro Security Agent Broadcast
StandardProfile\GloballyOpenPorts: [21112:TCP] => Enabled:Trend Micro Security Agent Listener

==================== Restore Points =========================

10-08-2016 19:35:59 System Checkpoint
11-08-2016 19:47:34 System Checkpoint
15-08-2016 19:26:04 System Checkpoint
16-08-2016 23:18:56 System Checkpoint
18-08-2016 00:13:36 System Checkpoint
19-08-2016 01:13:43 System Checkpoint
20-08-2016 03:02:15 System Checkpoint
21-08-2016 03:25:46 System Checkpoint
22-08-2016 04:13:48 System Checkpoint
23-08-2016 05:13:56 System Checkpoint
23-08-2016 20:00:24 Software Distribution Service 3.0
24-08-2016 20:56:52 System Checkpoint
06-09-2016 14:23:36 System Checkpoint
07-09-2016 14:33:57 System Checkpoint
08-09-2016 15:56:48 System Checkpoint
09-09-2016 22:18:07 System Checkpoint
10-09-2016 23:28:22 System Checkpoint
11-09-2016 23:58:52 System Checkpoint
13-09-2016 00:16:35 System Checkpoint
14-09-2016 14:26:17 System Checkpoint
15-09-2016 15:45:31 System Checkpoint
18-09-2016 21:39:43 System Checkpoint
19-09-2016 22:13:36 System Checkpoint
20-09-2016 22:58:28 System Checkpoint
21-09-2016 23:29:01 System Checkpoint
23-09-2016 00:12:30 System Checkpoint
23-09-2016 19:29:18 Software Distribution Service 3.0
24-09-2016 19:54:57 System Checkpoint
25-09-2016 20:54:55 System Checkpoint
26-09-2016 21:55:07 System Checkpoint
27-09-2016 22:31:34 System Checkpoint
28-09-2016 22:55:05 System Checkpoint
30-09-2016 01:31:48 System Checkpoint
01-10-2016 02:37:24 System Checkpoint
02-10-2016 03:13:22 System Checkpoint
03-10-2016 04:00:55 System Checkpoint
04-10-2016 05:01:04 System Checkpoint
05-10-2016 05:58:29 System Checkpoint
06-10-2016 06:01:09 System Checkpoint
07-10-2016 06:05:41 System Checkpoint
08-10-2016 07:01:10 System Checkpoint
09-10-2016 08:01:15 System Checkpoint
10-10-2016 09:01:13 System Checkpoint
11-10-2016 10:01:19 System Checkpoint
12-10-2016 10:02:25 System Checkpoint
12-10-2016 18:42:57 Removed Citrix Access Gateway Plug-in
12-10-2016 18:41:49 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============

Name: Officejet Pro L7600
Description: Officejet Pro L7600
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro L7600
Description: Officejet Pro L7600
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2016 06:42:53 PM) (Source: MsiInstaller) (EventID: 11704) (User: FENTON)
Description: Product: Microsoft Office Small Business 2007 -- Error 1704.An installation for Citrix Access Gateway Plug-in is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (10/12/2016 05:13:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TREND MICRO SECURITY AGENT\SECURITY AGENT.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/12/2016 05:13:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TREND MICRO SECURITY AGENT\SECURITY AGENT.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/12/2016 05:13:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TREND MICRO SECURITY AGENT\SECURITY AGENT README.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/12/2016 05:13:13 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\TREND MICRO SECURITY AGENT\SECURITY AGENT README.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/12/2016 02:43:54 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application TmProxy.exe, version 5.82.0.1081, faulting module TmsmHttp.dll, version 5.82.0.1084, fault address 0x0006e24b.
Error in creating result PEAP-TLV in response to received PEAP-TLV (TmProxy.exe!ld!)

Error: (10/12/2016 02:37:28 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (10/12/2016 02:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 2.3.173.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam.exe!ws!]

Error: (10/12/2016 02:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.1.6109, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/12/2016 02:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.1.6109, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (10/12/2016 07:13:17 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 07:09:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 07:07:23 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 07:02:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 07:02:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 07:02:13 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 06:59:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 06:56:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 06:55:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/12/2016 06:55:34 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service HPSLPSVC with arguments ""
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 64%
Total physical RAM: 2038.04 MB
Available physical RAM: 714.99 MB
Total Virtual: 2640.82 MB
Available Virtual: 1333.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.49 GB) (Free:22.51 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive p: () (Network) (Total:122.95 GB) (Free:16.26 GB)
Drive q: () (Network) (Total:122.95 GB) (Free:16.26 GB)
Drive u: () (Network) (Total:122.95 GB) (Free:16.26 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 5BB8A509)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Man, that sure was a lot of typing, I've got blisters on my fingers!

(Sorry, JK, couldn't help it).

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.