Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple Pups and Malwayre [Solved]


  • This topic is locked This topic is locked

#1
tniper

tniper

    New Member

  • Member
  • Pip
  • 8 posts

Hi, Malwarbytes found and quarantined the following items:

Trojan.Downloader

PUP.Optional.Bundle

PUP.Optional.SafeSoftware

PUP.Adware.Agent

PUP.Optional.Spigot.SID

PUP.Optional.Spigot.A

 

When I try to go on Internet Explorer it tells me it cannot connect. I can go on Google Chrome and Mozilla Firefox but it takes time before load.

 

I ran FRST and am attaching the FRST.txt and Addition.txt files.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 02
Ran by Owner (administrator) on OWNER-PC on 15-05-2015 14:53:29
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner & jaytar)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Inmar, Inc.) C:\Program Files\Digital Coupon Printer\DigitalCouponPrinter.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\KBD\kbd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [UpdateP2GoShortCut] => c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] => c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM\...\Run: [TSMAgent] => c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM\...\Run: [DVDAgent] => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1439496 2010-10-19] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [509216 2015-02-16] (QFX Software Corporation)
HKLM\...\Run: [Digital Coupon Print Driver] => C:\Program Files\Digital Coupon Printer\DigitalCouponPrinter.exe [88000 2015-04-20] (Inmar, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\...\Run: [Desktop Software] => "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\...\Run: [ComcastAntispyClient] => "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\...\MountPoints2: {af95a421-958f-11e3-8556-00248c5bbbf4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2010-06-01]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...vast&type=iedef
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...vast&type=iedef
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {8809A334-604B-472E-BC73-02DBFE49AAC8} URL =
SearchScopes: HKU\.DEFAULT -> {CA051B20-F0FC-4230-AA0A-688B1E122C1B} URL = http://search.live.c...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> Comcast URL = http://search.comcas...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> {CA051B20-F0FC-4230-AA0A-688B1E122C1B} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-05-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-05-14] (Oracle Corporation)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.)
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Magic%20Ball%202%20New%20Worlds/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Magic%20Ball%202%20New%20Worlds/Images/armhelper.ocx
DPF: {E4D88471-7ED7-43E1-B290-205559E8EBB2} https://paystubs.win...wser Logoff.dll
DPF: {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} https://paystubs.win.../MWebEnable.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aw5qrtqm.default-1349813705501
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-14] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-21] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2010-12-07] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2405262934-3323221017-608346938-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Owner\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-2405262934-3323221017-608346938-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-2405262934-3323221017-608346938-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Owner\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2011-03-30] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll [2011-03-30] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [{9F98D632-32EB-4B14-B55E-D15DED337F39}] - C:\Users\Owner\AppData\Local\{9F98D632-32EB-4B14-B55E-D15DED337F39}
FF Extension: XULRunner - C:\Users\Owner\AppData\Local\{9F98D632-32EB-4B14-B55E-D15DED337F39} [2011-03-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-12]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-22] (Avast Software)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [2805084 2009-06-01] (INCA Internet Co., Ltd.) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [210512 2015-02-06] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [32672 2011-03-16] (IObit Information Technology)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-22] (Avast Software)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [59376 2008-09-26] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 14:53 - 2015-05-15 14:54 - 00022492 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-05-15 14:53 - 2015-05-15 14:53 - 00000000 ____D () C:\FRST
2015-05-15 14:51 - 2015-05-15 14:51 - 01145856 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-05-14 13:56 - 2015-05-14 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-05-14 13:56 - 2015-05-14 13:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-14 13:56 - 2015-05-14 13:56 - 00000000 ____D () C:\Program Files\QuickTime
2015-05-14 13:53 - 2015-05-14 13:53 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-05-14 13:53 - 2015-05-14 13:53 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-05-14 13:53 - 2015-05-14 13:53 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-05-14 13:53 - 2015-05-14 13:53 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-05-14 13:53 - 2015-05-14 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-14 13:53 - 2015-05-14 13:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-13 16:33 - 2015-05-15 14:25 - 00001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2015-05-07 11:08 - 2015-05-07 11:08 - 01732608 _____ () C:\Users\Owner\Downloads\RevTraxPrintMyCoupon(1).msi
2015-05-01 12:01 - 2015-05-01 12:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Hopster
2015-05-01 12:00 - 2015-05-01 12:00 - 00544768 _____ () C:\Users\Owner\Downloads\DigitalCouponPrinter-3.17.0.0.msi
2015-05-01 12:00 - 2015-05-01 12:00 - 00000000 ____D () C:\Program Files\Digital Coupon Printer
2015-04-23 12:58 - 2015-04-23 12:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-22 13:28 - 2015-04-22 13:28 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-22 12:46 - 2015-04-22 12:46 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-22 12:46 - 2015-04-22 12:46 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-16 03:25 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 03:11 - 2015-03-04 22:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 03:10 - 2015-03-04 22:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 03:10 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 03:09 - 2015-03-13 22:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 03:09 - 2015-03-12 21:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 03:09 - 2015-03-12 21:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:00 - 2015-03-09 19:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:00 - 2015-03-09 19:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 11:00 - 2015-03-09 19:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:00 - 2015-03-09 19:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:00 - 2015-03-09 18:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:00 - 2015-03-09 18:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:00 - 2015-03-09 18:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:00 - 2015-03-09 18:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 11:00 - 2015-03-09 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 11:00 - 2015-03-09 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:00 - 2015-03-09 18:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 11:00 - 2015-03-09 18:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 11:00 - 2015-03-09 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 11:00 - 2015-03-09 18:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:00 - 2015-03-09 18:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 11:00 - 2015-03-09 18:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 11:00 - 2015-03-09 18:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 11:00 - 2015-03-09 18:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 11:00 - 2015-03-09 18:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:00 - 2015-03-09 18:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 11:00 - 2015-03-09 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 11:00 - 2015-03-09 18:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 14:48 - 2009-03-15 04:57 - 01493496 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 14:43 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-15 14:43 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-15 14:37 - 2014-01-08 14:37 - 00000000 ____D () C:\ProgramData\MCShield
2015-05-15 14:30 - 2009-11-13 11:42 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 14:30 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 13:16 - 2014-06-24 12:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 13:13 - 2008-01-20 22:47 - 00814798 _____ () C:\Windows\PFRO.log
2015-05-15 13:12 - 2006-11-02 09:01 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-15 13:10 - 2009-11-13 11:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 13:07 - 2012-08-28 11:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-15 11:22 - 2009-05-22 16:09 - 00000322 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2015-05-14 18:00 - 2009-06-17 17:35 - 00000442 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2015-05-14 16:47 - 2010-11-01 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Ball 2
2015-05-14 16:35 - 2012-01-02 11:07 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 16:23 - 2011-04-23 11:50 - 00000000 ____D () C:\ProgramData\Big Fish Games
2015-05-14 16:23 - 2010-08-08 12:24 - 00000000 ____D () C:\BigFishGamesCache
2015-05-14 16:23 - 2009-05-27 21:20 - 00000000 ____D () C:\Program Files\Oberon Media
2015-05-14 13:54 - 2011-09-07 10:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-14 13:54 - 2011-09-07 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-14 13:53 - 2011-09-07 10:48 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-14 10:23 - 2013-06-30 12:12 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-13 17:11 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Cursors
2015-05-13 16:49 - 2013-08-06 09:37 - 00000262 _____ () C:\Users\Owner\Desktop\AutoZonePro.com  MyZone.url
2015-05-13 16:40 - 2014-06-24 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-13 16:40 - 2014-06-24 12:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-13 08:23 - 2010-11-22 17:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-05-10 08:12 - 2009-05-30 16:42 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-05-09 10:39 - 2013-06-10 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 10:37 - 2009-06-17 17:35 - 00000416 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2015-05-07 10:48 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-07 10:35 - 2012-04-25 14:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-07 09:16 - 2006-11-02 06:33 - 00752854 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-06 09:46 - 2009-05-23 08:23 - 00000456 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-04-22 12:46 - 2014-06-24 13:25 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-22 12:46 - 2013-03-20 16:49 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-22 12:46 - 2013-03-20 16:49 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-22 12:46 - 2012-01-12 09:40 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-22 12:46 - 2012-01-12 09:40 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-22 12:46 - 2012-01-12 09:40 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-04-22 12:46 - 2012-01-12 09:40 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-04-22 12:45 - 2012-01-12 09:40 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-16 10:07 - 2012-08-28 11:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-16 10:07 - 2011-05-18 16:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-16 03:25 - 2013-08-15 03:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:11 - 2009-05-29 13:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 03:11 - 2006-11-02 06:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2013-02-11 16:11 - 2013-02-11 16:11 - 0000288 _____ () C:\Users\Owner\AppData\Roaming\.backup.dm
2013-09-18 13:29 - 2014-03-25 10:00 - 0000036 _____ () C:\Users\Owner\AppData\Roaming\Opusbext.dat
2009-05-28 17:37 - 2014-11-20 16:49 - 0000248 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2013-04-08 16:31 - 2013-07-16 13:20 - 0893239 _____ () C:\Users\Owner\AppData\Local\a.zip
2013-04-08 16:31 - 2013-07-16 13:20 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Owner\AppData\Local\BcsKtYcHW.dll
2015-05-13 16:33 - 2015-05-15 14:25 - 0001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2009-07-24 11:10 - 2009-07-24 11:10 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-10 08:56 - 2011-03-12 16:42 - 0000120 _____ () C:\Users\Owner\AppData\Local\Nyicipecil.dat
2011-03-10 08:56 - 2011-03-12 16:42 - 0000000 _____ () C:\Users\Owner\AppData\Local\Rcuhodohujehok.bin
2012-09-03 09:19 - 2012-09-03 09:23 - 4503728 ____T () C:\ProgramData\nud0repor.pad

Files to move or delete:
====================
C:\ProgramData\nud0repor.pad
C:\Users\Owner\jagex_runescape_preferences.dat
C:\Users\Owner\jagex_runescape_preferences2.dat


Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\013c4f5aeaef.exe
C:\Users\Owner\AppData\Local\Temp\aae.exe
C:\Users\Owner\AppData\Local\Temp\bpuninstall.exe
C:\Users\Owner\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Owner\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Owner\AppData\Local\Temp\firefoxjre_exe-3.exe
C:\Users\Owner\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\nircmd.exe
C:\Users\Owner\AppData\Local\Temp\pv.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\vfind.exe
C:\Users\Owner\AppData\Local\Temp\_is1171.exe
C:\Users\Owner\AppData\Local\Temp\_is207.exe
C:\Users\Owner\AppData\Local\Temp\_isFC7B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-15 14:43

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 02
Ran by Owner at 2015-05-15 14:54:33
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2405262934-3323221017-608346938-500 - Administrator - Disabled)
Guest (S-1-5-21-2405262934-3323221017-608346938-501 - Limited - Disabled)
jaytar (S-1-5-21-2405262934-3323221017-608346938-1002 - Administrator - Enabled) => C:\Users\jaytar
Owner (S-1-5-21-2405262934-3323221017-608346938-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
AIM 7 (HKLM\...\AIM_7) (Version:  - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AoA Audio Extractor (HKLM\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version:  - AoAMedia.com)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)
CyberLink DVD Suite Deluxe (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
Digital Coupon Printer (HKLM\...\{2095A496-250E-4A1F-90AD-691246819A9A}) (Version: 3.17.0.0 - Hopster, Inc. an Inmar company)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
ERIS 3 (HKLM\...\{6112EA9C-34B4-11D5-9187-0040C72A0D12}) (Version:  - )
e-SAFETY Tutorials and Documentation (HKLM\...\{53AA7BEE-BBEA-4368-92A1-71B0A04C34A9}) (Version: 1.00.0035 - VzB - PA e-SAFETY Team)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
HP Demo (HKLM\...\{A2016015-8323-4AF8-8B3E-F56239D7D59D}) (Version: 1.00.0000 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2213 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}) (Version: 2.0.8 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5106.2815 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.6.0.0 - QFX Software Corporation)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
LabelPrint (Version: 2.5.0904 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.25.1 (HKLM\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
LimeWire 5.5.13 (HKLM\...\LimeWire) (Version: 5.5.13 - Lime Wire, LLC)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nanny 911 (Version: 2.2.0.82 - WildTangent) Hidden
NAPA Ride Control ERIS (HKLM\...\{E817ADA0-D228-11D6-86CC-00104B700971}) (Version:  - )
NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
NGIS (HKLM\...\{54355060-9A23-11D4-9D4B-00010240F659}) (Version: 6.0 - SPX Corporation)
NGISCT (HKLM\...\{F9886B58-236B-473E-BA1C-AAB731D1EFF0}) (Version: 1.00.0000 - SPX)
NGISCT (Version: 1.00.0000 - SPX) Hidden
NGISRD (HKLM\...\{1FDC8149-87DC-4261-8935-75BE95A0F8F2}) (Version: 1.00.0000 - SPX Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OKI B4400 Status Monitor (HKLM\...\{AFAD9270-8FB4-4358-A199-662741E2A3B6}) (Version: 1.2.4 - Okidata)
[email protected] (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PictureMover (HKLM\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.7 - Hewlett-Packard Company)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
Power2Go (Version: 6.0.2112 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
PowerDirector (Version: 7.0.2202 - CyberLink Corp.) Hidden
Protected Folder (HKLM\...\Protected Folder_is1) (Version:  - IObit)
Puzzle Express (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}) (Version:  - Oberon Media)
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
QuickBooks (Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Quicken 2010 (HKLM\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Verizon Cloud (HKLM\...\Verizon Cloud) (Version:  - Verizon Wireless)
WildTangent Games App (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.5 - WildTangent)
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.16 - WildTangent)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WixEdit (HKLM\...\{1D44F148-5A2A-42CB-83AA-DB2B156F1ED7}) (Version: 0.7.5 - Jasper Keuper ([email protected]))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YTD Toolbar v7.2 (HKLM\...\{4BBD417F-13B6-4477-B7C2-AE705864058D}) (Version: 7.2 - Spigot, Inc.) <==== ATTENTION
Zuma Deluxe (HKLM\...\BFG-Zuma Deluxe) (Version:  - )
Zuma's Revenge - Adventure (HKLM\...\BFG-Zumas Revenge - Adventure) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{45694C5E-84B1-EAB7-2715-BA8B94BFADBB}\InprocServer32 -> C:\Program Files\Common Files\muvee Technologies\071203\addonimportcamera.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{5700330B-D97E-5600-959F-2C33DC75C7F0}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{66CAD3BA-8C57-A6BF-F19A-00B02806338D}\InprocServer32 -> C:\Program Files\Common Files\muvee Technologies\071203\addonimportcamera.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{91D69176-2971-DE1F-BD90-704E68D00BC1}\InprocServer32 -> C:\Program Files\Common Files\muvee Technologies\071203\addonimportcamera.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{9F3041F6-9C7A-5252-AD04-F3C9EF05D2D9}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{E3555B8B-D055-3061-7037-B4ED0FE3743D}\InprocServer32 -> C:\Program Files\Common Files\muvee Technologies\071203\addonimportcamera.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2405262934-3323221017-608346938-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

16-04-2015 03:01:12 Windows Update
17-04-2015 09:53:21 Scheduled Checkpoint
18-04-2015 11:19:30 Scheduled Checkpoint
19-04-2015 08:41:00 Scheduled Checkpoint
20-04-2015 08:47:03 Scheduled Checkpoint
21-04-2015 07:41:06 Scheduled Checkpoint
21-04-2015 07:45:56 Windows Update
22-04-2015 11:07:37 Scheduled Checkpoint
22-04-2015 12:44:21 avast! antivirus system restore point
23-04-2015 11:26:37 Scheduled Checkpoint
24-04-2015 08:16:55 Windows Update
24-04-2015 08:17:05 Scheduled Checkpoint
25-04-2015 10:51:16 Scheduled Checkpoint
26-04-2015 11:58:47 Scheduled Checkpoint
27-04-2015 08:22:12 Scheduled Checkpoint
28-04-2015 08:36:23 Windows Update
29-04-2015 08:46:45 Scheduled Checkpoint
30-04-2015 08:13:28 Scheduled Checkpoint
01-05-2015 09:05:23 Windows Update
01-05-2015 12:00:29 Installed Digital Coupon Printer
02-05-2015 12:25:40 Scheduled Checkpoint
03-05-2015 11:21:21 Scheduled Checkpoint
04-05-2015 08:00:36 Scheduled Checkpoint
05-05-2015 09:22:31 Scheduled Checkpoint
05-05-2015 09:26:46 Windows Update
06-05-2015 08:18:55 Scheduled Checkpoint
07-05-2015 09:05:32 Windows Update
08-05-2015 13:09:09 Scheduled Checkpoint
09-05-2015 11:32:33 Scheduled Checkpoint
10-05-2015 08:10:27 Scheduled Checkpoint
11-05-2015 09:29:49 Scheduled Checkpoint
12-05-2015 08:13:34 Scheduled Checkpoint
12-05-2015 08:13:49 Windows Update
13-05-2015 08:16:19 Scheduled Checkpoint
14-05-2015 09:42:32 Scheduled Checkpoint
14-05-2015 16:40:58 Removed SketchUp 2013
15-05-2015 08:14:18 Scheduled Checkpoint
15-05-2015 08:32:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E33E75F-3214-4097-921B-BBFCA0D09691} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10] (PC-Doctor, Inc.)
Task: {159A4535-B72A-4F18-874A-6143C9C5ADEE} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
Task: {29C3AABE-D3B1-4F2B-9490-AE2548F44F42} - System32\Tasks\{B908509A-DCAE-4AE7-A39B-6288229EB7CB} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DKP8M5X\MagicBall2_AOL[1].exe" -d C:\Users\Owner
Task: {32208075-920B-40F0-A48B-0867F526E260} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5BF1EDDA-3BE5-4322-A290-415297766699} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {6364464D-9880-438E-903C-072D32364798} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {987DA3E2-2B2F-4C94-9C64-22B65870846D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {BB83377F-F681-48E8-8B5F-BC16D3CDF138} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {BC478719-0271-4E53-A294-BB69F868FC72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {CAFFC522-FCB3-4608-B261-50ECBE94614C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {CDFFC427-46BC-4B31-A02A-6562C9B044F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {CF5A6B4C-7B68-474D-93D6-649A3A20E996} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {F6F0CEF4-454E-4607-A741-477952CC5251} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-16] (Hewlett-Packard)
Task: {F971326B-8A5E-43B6-B8A3-D4CBAA5144B3} - System32\Tasks\{81E21718-12E3-4561-B2D7-995F3DCBFB34} => pcalua.exe -a C:\Users\Owner\Downloads\vbrun60sp5.exe -d C:\Users\Owner\Downloads
Task: {FE8684BF-4142-44AA-89EF-DE0538A2DC1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2015-04-22 12:46 - 2015-04-22 12:46 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 12:46 - 2015-04-22 12:46 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-15 08:13 - 2015-05-15 08:13 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051500\algo.dll
2015-05-15 14:35 - 2015-05-15 14:35 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051501\algo.dll
2008-10-17 20:57 - 2008-10-17 20:57 - 00881960 ____N () C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-03-13 16:02 - 2015-04-22 12:46 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-09 13:14 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2008-10-17 13:32 - 2008-10-17 13:32 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-17 13:39 - 2008-10-17 13:39 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-17 13:32 - 2008-10-17 13:32 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-17 13:32 - 2008-10-17 13:32 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-17 13:32 - 2008-10-17 13:32 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-17 13:32 - 2008-10-17 13:32 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-18 03:46 - 2009-04-11 02:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-10-17 13:32 - 2008-10-17 13:32 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-17 13:32 - 2008-10-17 13:32 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:00F7B10F
AlternateDataStreams: C:\ProgramData\Temp:1992908D
AlternateDataStreams: C:\ProgramData\Temp:21C2E351
AlternateDataStreams: C:\ProgramData\Temp:4BB26BE9
AlternateDataStreams: C:\ProgramData\Temp:62A1ED40
AlternateDataStreams: C:\ProgramData\Temp:895798AD
AlternateDataStreams: C:\ProgramData\Temp:8CE646EE
AlternateDataStreams: C:\ProgramData\Temp:9033BDFB
AlternateDataStreams: C:\ProgramData\Temp:9503D766
AlternateDataStreams: C:\ProgramData\Temp:9F603103
AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
AlternateDataStreams: C:\ProgramData\Temp:A2B9AD4B
AlternateDataStreams: C:\ProgramData\Temp:DB549D28
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2405262934-3323221017-608346938-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 10.1.10.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Aim => "C:\Program Files\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{B57B8239-FC5C-48EE-A745-126A94CCF75E}] => (Allow) c:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{A50A96B4-0900-48DF-A302-41D2472F453E}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{6914C447-EC39-4B62-833E-CF8DF72746C8}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{1162D46D-943B-4A68-A638-7FD699C8B460}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{61A05C15-58FD-4CFA-9540-880FDA70E189}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{A1647596-1F99-446E-8E60-8B9B6DA1D09F}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{81604A3A-605C-4DE1-909C-03575368850E}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{A82A2F66-D74A-496F-9068-A5DCE94BCAF7}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{9390706E-7278-469F-9BFF-4664197BC424}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{8D657C82-DD0C-4447-BA7F-0B3D329737C5}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{E6D6700A-1073-407E-9E6B-3330DC828CFF}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{0D23A54B-92C9-4428-8366-5B1ECDD07BB9}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{EAEEF4BC-EDC9-41CD-B1DD-98F731391CB5}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{732B27FF-DF56-4DFB-861A-C928D7D518ED}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0059F3EB-A63F-4A97-B057-12AB795F53FD}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{61B98EB4-50D2-480F-B06F-E104FD4758EB}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{B39936E3-447B-4C0D-B5BA-B9E10F3AE1D0}] => (Allow) C:\Program Files\AIM6\aim6.exe
FirewallRules: [{BD07CA77-74CD-4B55-ADF7-34BDD6A081B4}] => (Allow) C:\Program Files\AIM6\aim6.exe
FirewallRules: [{3502D163-841B-47C1-97AF-A77CB43D6530}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{0234F9E3-D016-435D-8D1E-AC3657A5F5ED}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{1DCDBD27-81F5-4DC4-8023-8765DD1206DD}C:\program files\hp games\penguins arena\penguinsarena.exe] => (Block) C:\program files\hp games\penguins arena\penguinsarena.exe
FirewallRules: [UDP Query User{19F7FE6E-F845-4C1D-8022-D4FF90E936B4}C:\program files\hp games\penguins arena\penguinsarena.exe] => (Block) C:\program files\hp games\penguins arena\penguinsarena.exe
FirewallRules: [TCP Query User{9CC9C116-B026-4AD6-8C6E-C5854B99AD39}C:\program files\sony\station\launchpad\launchpad.exe] => (Allow) C:\program files\sony\station\launchpad\launchpad.exe
FirewallRules: [UDP Query User{D9E47A91-9609-458D-9F5D-E74F4CFCE6B8}C:\program files\sony\station\launchpad\launchpad.exe] => (Allow) C:\program files\sony\station\launchpad\launchpad.exe
FirewallRules: [{D57CB2DF-EEC7-4DBA-8256-439965DB8277}] => (Allow) C:\Program Files\AIM\aim.exe
FirewallRules: [{FF4C1714-92EF-42C5-A02F-521E37869EC8}] => (Allow) C:\Program Files\AIM\aim.exe
FirewallRules: [{28A971C4-C9CA-4643-BC04-A82CF78D9154}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSCABE.tmp\SymNRT.exe
FirewallRules: [{57F40BB8-DDB5-43B0-8734-D3C28BAA3418}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zSCABE.tmp\SymNRT.exe
FirewallRules: [{05AD1103-30CC-414B-970F-B8B5195B007F}] => (Allow) LPort=80
FirewallRules: [{BC731AD1-38EA-4500-B4CA-0E12C1FD0966}] => (Allow) LPort=80
FirewallRules: [{806FF93C-817B-445A-A402-2E0EE8FE1B6F}] => (Allow) LPort=80
FirewallRules: [TCP Query User{B4B32B87-FC8F-424D-AB98-C9AF63D5D9B6}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{B823EF7F-C7C5-421D-8DEC-B30A78943C66}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{88F6FC11-D428-4AE4-8D42-157045E5F1FE}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{18F93D7B-4072-4347-BAC8-92C9D5DD1F51}C:\ngis\ngis remote update.exe] => (Allow) C:\ngis\ngis remote update.exe
FirewallRules: [UDP Query User{536B3B09-A7B5-48A4-B9BC-7A1559ACAEDD}C:\ngis\ngis remote update.exe] => (Allow) C:\ngis\ngis remote update.exe
FirewallRules: [TCP Query User{0CFF8002-0524-4079-8C24-E2CC57576FEF}C:\tgpfiles\pts.exe] => (Allow) C:\tgpfiles\pts.exe
FirewallRules: [UDP Query User{84F05FB5-E96E-4865-88BF-BB036F43C074}C:\tgpfiles\pts.exe] => (Allow) C:\tgpfiles\pts.exe
FirewallRules: [TCP Query User{0D91C359-D4E3-4B48-B8E5-F1365FC48AB4}C:\tgpfiles\sceduler.exe] => (Allow) C:\tgpfiles\sceduler.exe
FirewallRules: [UDP Query User{726FB520-5932-4DE3-AD5F-9043350A4555}C:\tgpfiles\sceduler.exe] => (Allow) C:\tgpfiles\sceduler.exe
FirewallRules: [TCP Query User{6AA51F86-29CF-473E-864A-CEDCC7EC944D}C:\tgpfiles\process.exe] => (Block) C:\tgpfiles\process.exe
FirewallRules: [UDP Query User{E5DF342E-1216-4845-96F0-DA29B5D481E8}C:\tgpfiles\process.exe] => (Block) C:\tgpfiles\process.exe
FirewallRules: [TCP Query User{EEA88BBA-3D77-4778-B114-A35024B67A5E}C:\tgpfiles\cbook.exe] => (Allow) C:\tgpfiles\cbook.exe
FirewallRules: [UDP Query User{9D2C36AE-5047-4973-B4E5-E2D5400E11EC}C:\tgpfiles\cbook.exe] => (Allow) C:\tgpfiles\cbook.exe
FirewallRules: [{91D84A62-109B-47EF-B9DC-41179C0AA49F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{FC26E561-7CEB-497A-B5B3-8AD583934EAD}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [UDP Query User{C94E92EF-5286-42C2-A209-09FF799AF01E}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [TCP Query User{24003A94-46A8-4F02-8FB7-BCBDFB3835E7}C:\program files\verizon cloud\verizon.exe] => (Allow) C:\program files\verizon cloud\verizon.exe
FirewallRules: [UDP Query User{19A08B97-BF2B-442B-BB64-A1AFD30F67F4}C:\program files\verizon cloud\verizon.exe] => (Allow) C:\program files\verizon cloud\verizon.exe
FirewallRules: [{EF3A22EB-FC29-477A-A6F9-7672AC6B0BAE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{52A3FA41-0DC2-4E54-8DFF-CB65BC308229}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A21DE37F-A269-4897-9066-E5D73808E8B4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F71E68A2-DEB2-4453-AE9E-48AC48286FDD}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{4E4D7644-9804-4977-9F2D-59CA3F4AF5B9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{97AAE6B0-C0AD-459A-9580-DA685FB816D7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A657A32A-D709-4ED0-8603-AFCF3B2213BB}] => (Allow) LPort=15600
FirewallRules: [{B7AD7CC1-6EC6-4163-8EB8-A37E7AF55092}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2015 02:38:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16636 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: ee8
Start Time: 01d08f3db1092383
Termination Time: 14

Error: (05/15/2015 02:38:21 PM) (Source: HP AdvisorUpdate) (EventID: 0) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
   at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
   at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
   at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
   at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
   at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (05/15/2015 02:31:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 01:15:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 01:14:35 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2015 10:54:58 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

Error: (05/15/2015 10:54:58 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\NIPER'S AUTO REPAIR.QBW;ENG=QB_data_engine_20;DBN=9d77e0bda3364dd8bfdf4ce3a22e5bff

Error: (05/15/2015 10:54:58 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Connection Error:Invalid user ID or password

Error: (05/15/2015 10:54:51 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (05/15/2015 10:54:51 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (05/15/2015 02:42:06 PM) (Source: nvstor32) (EventID: 5) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (05/15/2015 02:31:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Superfetch%%2

Error: (05/15/2015 02:31:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/15/2015 01:15:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
spldr
Wanarpv6

Error: (05/15/2015 01:15:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068

Error: (05/15/2015 01:14:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/15/2015 01:14:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/15/2015 01:14:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (05/15/2015 01:14:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/15/2015 01:14:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-15 14:53:55.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 14:53:54.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 14:53:53.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 14:53:52.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 13:27:02.917
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 13:27:02.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 13:27:01.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 13:27:00.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 13:27:00.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-15 13:26:59.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 42%
Total physical RAM: 2941.83 MB
Available physical RAM: 1699.64 MB
Total Pagefile: 6110.16 MB
Available Pagefile: 4844.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.31 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.43 GB) (Free:170.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.66 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:7.45 GB) (Free:7.37 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=286.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Thank you in advance for your help


Edited by tniper, 15 May 2015 - 02:08 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, not a great deal showing there.  After this run could you let me know what problems you are experiencing

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF HKLM\...\Firefox\Extensions: [{9F98D632-32EB-4B14-B55E-D15DED337F39}] - C:\Users\Owner\AppData\Local\{9F98D632-32EB-4B14-B55E-D15DED337F39}
FF Extension: XULRunner - C:\Users\Owner\AppData\Local\{9F98D632-32EB-4B14-B55E-D15DED337F39} [2011-03-10]
2013-09-18 13:29 - 2014-03-25 10:00 - 0000036 _____ () C:\Users\Owner\AppData\Roaming\Opusbext.dat
2011-03-10 08:56 - 2011-03-12 16:42 - 0000120 _____ () C:\Users\Owner\AppData\Local\Nyicipecil.dat
2011-03-10 08:56 - 2011-03-12 16:42 - 0000000 _____ () C:\Users\Owner\AppData\Local\Rcuhodohujehok.bin
2012-09-03 09:19 - 2012-09-03 09:23 - 4503728 ____T () C:\ProgramData\nud0repor.pad
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
tniper

tniper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thank you for your help, websites are opening now with no long delays.  Here is the log that was generated from the fix:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-05-2015 02
Ran by Owner at 2015-05-18 09:17:50 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner & jaytar)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2405262934-3323221017-608346938-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF HKLM\...\Firefox\Extensions: [{9F98D632-32EB-4B14-B55E-D15DED337F39}] - C:\Users\Owner\AppData\Local\{9F98D632-32EB-4B14-B55E-D15DED337F39}
FF Extension: XULRunner - C:\Users\Owner\AppData\Local\{9F98D632-32EB-4B14-B55E-D15DED337F39} [2011-03-10]
2013-09-18 13:29 - 2014-03-25 10:00 - 0000036 _____ () C:\Users\Owner\AppData\Roaming\Opusbext.dat
2011-03-10 08:56 - 2011-03-12 16:42 - 0000120 _____ () C:\Users\Owner\AppData\Local\Nyicipecil.dat
2011-03-10 08:56 - 2011-03-12 16:42 - 0000000 _____ () C:\Users\Owner\AppData\Local\Rcuhodohujehok.bin
2012-09-03 09:19 - 2012-09-03 09:23 - 4503728 ____T () C:\ProgramData\nud0repor.pad
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{9F98D632-32EB-4B14-B55E-D15DED337F39} => value deleted successfully.
C:\Users\Owner\AppData\Local\{9F98D632-32EB-4B14-B55E-D15DED337F39} => Moved successfully.
C:\Users\Owner\AppData\Roaming\Opusbext.dat => Moved successfully.
C:\Users\Owner\AppData\Local\Nyicipecil.dat => Moved successfully.
C:\Users\Owner\AppData\Local\Rcuhodohujehok.bin => Moved successfully.
C:\ProgramData\nud0repor.pad => Moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2405262934-3323221017-608346938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
A reboot is required to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:540:4000:f200:2103:812d:621b:363f
   Temporary IPv6 Address. . . . . . : 2601:540:4000:f200:283d:55cd:34a4:c62c
   Link-local IPv6 Address . . . . . : fe80::2103:812d:621b:363f%12
   Default Gateway . . . . . . . . . : fe80::226:f3ff:fe2e:b27a%12

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:540:4000:f200:2103:812d:621b:363f
   Temporary IPv6 Address. . . . . . : 2601:540:4000:f200:283d:55cd:34a4:c62c
   Link-local IPv6 Address . . . . . : fe80::2103:812d:621b:363f%12
   IPv4 Address. . . . . . . . . . . : 10.1.10.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::226:f3ff:fe2e:b27a%12
                                       10.1.10.1

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
A reboot is required to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Echo Request, OK!
A reboot is required to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

{ADF4ADB1-B53A-45D8-8C99-4556B8742B26} canceled.
{DA2BE90C-3244-4A51-9D97-F4C964DDD38A} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 09:25:07 ====


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run AdwCleaner ?
  • 0

#5
tniper

tniper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Just finished:

 

# AdwCleaner v4.204 - Logfile created 18/05/2015 at 11:18:45
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Digital Coupon Printer
Folder Deleted : C:\Users\Owner\AppData\Roaming\catalina – print savings
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKU\.DEFAULT\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2095A496-250E-4A1F-90AD-691246819A9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2095A496-250E-4A1F-90AD-691246819A9A}

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.152

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2955 bytes] - [04/12/2013 16:07:19]
AdwCleaner[R1].txt - [1708 bytes] - [24/06/2014 13:10:04]
AdwCleaner[R2].txt - [5065 bytes] - [24/02/2015 15:39:24]
AdwCleaner[R3].txt - [1856 bytes] - [16/03/2015 16:17:24]
AdwCleaner[R4].txt - [2260 bytes] - [18/05/2015 11:13:38]
AdwCleaner[S0].txt - [3069 bytes] - [04/12/2013 16:08:46]
AdwCleaner[S1].txt - [1781 bytes] - [24/06/2014 13:11:34]
AdwCleaner[S2].txt - [5177 bytes] - [24/02/2015 15:43:04]
AdwCleaner[S3].txt - [2165 bytes] - [18/05/2015 11:18:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2224  bytes] ##########
 


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#7
tniper

tniper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Seems to be working good. The main problem was pages taking forever to load on the internet or not being able to load at all.  The internet is working good now.


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
tniper

tniper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi, the computer seems to be acting up again. It's slow and the Quickbooks program hasn't worked since after the fix on May 18.


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What error do you get with quickbooks ?

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • 0

Advertisements


#11
tniper

tniper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

When I try opening Quickbooks is says "We're sorry. Quickbooks encountered a problem."  Error codes: (-6000, -301)


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run the quickbook file doctor from here and let me know if that resolves the problem http://support.quick...ticles/HOW12723
  • 0

#13
tniper

tniper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

It finished and said "Your company file can't be repaired"


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the files held offline or are they on your computer ?
  • 0

#15
tniper

tniper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I got Quickbooks to work.  Question, Spyhunter4 was downloaded and the scan came up with all kinds of stuff. I uninstalled it but it fought me. Will that cause a problem?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP