Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help, computer is infected with addware and malware.

Started by Falcor2 , Feb 18 2016 02:48 PM

  • Please log in to reply

#1
Falcor2
Posted 18 February 2016 - 02:48 PM

Falcor2

    Member

  • Member
  • PipPip
  • 59 posts

Hello! I'm trying to help my wife with her old computer. Some how she clicked on something and now the comp. has a Pup ( Get-a-Clip) that I can't get rid of. Norton keeps showing that it blocked an attack by ( System Infected: Adware.Gen Activity 3) also that it Quarantined ( Bloodhound.MalPE). I have ran a full system scan With Norton, also the Power Eraser by Norton, Adware Cleaner and Malwarebytes trying to clear things up with no luck. I know it's an old computer, but right now thats what she uses.

 

Thank you for any help

Logs to follow

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by Front Desk (administrator) on JEANNE (18-02-2016 15:16:25)
Running from C:\Documents and Settings\Front Desk\Desktop
Loaded Profiles: Front Desk (Available Profiles: Front Desk & LogMeInRemoteUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Dell Inc.) C:\WINDOWS\system32\EmsService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
() C:\Program Files\Get-a-Clip\MFLService2.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Dell Inc.) C:\WINDOWS\system32\EmsServiceHelper.exe
() C:\Program Files\Get-a-Clip\mflstart.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EmsService] => C:\WINDOWS\system32\EmsServiceHelper.exe [2436448 2014-06-12] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [mflstart] => C:\Program Files\Get-a-Clip\mflstart.exe [116208 2016-02-09] ()
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll [2015-11-19] (LogMeIn, Inc.)
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
AppInit_DLLs: mfllib.dll => C:\WINDOWS\system32\mfllib.dll [111600 2016-02-09] ()
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2239EF8C-819A-4115-AC14-D60C944FE5A9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{319CB493-C1AA-42CD-89B4-2AE44929C51E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9479C24B-3DD6-4ED9-AA95-D0D78551B73E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> DefaultScope {DD259C95-6D0C-4027-9478-CEB509D0DDE3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> {DD259C95-6D0C-4027-9478-CEB509D0DDE3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-30] (Oracle Corporation)
BHO: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files\Get-a-Clip\MFLPluginIE.dll [2016-02-09] (Get-a-Clip)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll [2007-01-26] (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-30] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///D:/Scripts/LTOCX14N.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} hxxps://vpn.flaglerhospital.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} hxxps://images.flaglerhospital.org/ami/install/msxml4.cab
DPF: {8B9D77B2-39C0-4674-AF42-BBD50FF71781} hxxps://images.doctorsimaginggroup.com/ami/install/amiviewer.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} hxxp://www.flaglerhospital.org/extranet/nav/vpn/webinst.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mygp.gp.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1083
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2012-05-14] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-07] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\WINDOWS\system32\npdeployJava1.dll [2014-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2007805527-2214855839-2415389009-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Front Desk\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-01-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2007805527-2214855839-2415389009-1005: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Front Desk\Application Data\Zoom\bin\npzoomplugin.dll [2015-11-30] (Zoom Video Communications, Inc.)
FF user.js: detected! => C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859\user.js [2016-02-18]
FF Extension: Get-a-Clip Extension - C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859\extensions\[email protected] [2016-02-18] [not signed]
FF Extension: Get-a-Clip Extension - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2016-02-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-01-19]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\!mercury-autoenable.js [2016-02-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\!mercury-csp.js [2016-02-18]
FF ExtraCheck: C:\Program Files\mozilla firefox\mercury-autoenable.cfg [2016-02-18] <==== ATTENTION

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-19]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-17]
CHR Extension: (Norton Safe) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EMS; C:\WINDOWS\system32\EMSService.exe [1698144 2014-06-12] (Dell Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-30] (Oracle Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe [411632 2015-11-19] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MFLService2; C:\Program Files\Get-a-Clip\MFLService2.exe [1983640 2016-02-09] ()
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-20] (Symantec Corporation)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-05-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-07-28] (Intuit Inc.) [File not signed]
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-18] (SigmaTel, Inc.) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe /Processid:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 AE1000; C:\WINDOWS\System32\DRIVERS\AE1000XP.sys [816672 2010-02-12] (Ralink Technology, Corp.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21393 2007-10-09] (Cisco Systems, Inc.)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20160213.002\BHDrvx86.sys [1270008 2016-02-12] (Symantec Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1605050.00F\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
R0 CmgPCS; C:\WINDOWS\System32\DRIVERS\CmgPCS.sys [143488 2014-05-19] (Dell Inc.)
R0 CmgShieldFFE; C:\WINDOWS\System32\DRIVERS\CmgFFE.sys [586496 2014-06-06] (Dell Inc.)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 DXEC01; C:\WINDOWS\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-11-17] (Symantec Corporation)
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
R3 IDSxpx86; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20160217.001\IDSxpx86.sys [548536 2016-02-13] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20160218.002\NAVENG.SYS [104440 2016-01-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20160218.002\NAVEX15.SYS [1647216 2016-01-22] (Symantec Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation) [File not signed]
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\1605050.00F\SRTSP.SYS [712944 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1605050.00F\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1228296 2007-02-18] (SigmaTel, Inc.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\1605050.00F\SYMEFASI.SYS [1287408 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [103152 2015-07-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1605050.00F\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1605050.00F\SYMTDI.SYS [388440 2015-11-11] (Symantec Corporation)
S3 HPZid412; system32\DRIVERS\HPZid412.sys [X]
S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [X]
S3 HPZius12; system32\DRIVERS\HPZius12.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NielGfx; system32\drivers\nielgfx.sys [X]
S0 nielprt; system32\DRIVERS\nielprt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-18 15:16 - 2016-02-18 15:17 - 00023136 _____ C:\Documents and Settings\Front Desk\Desktop\FRST.txt
2016-02-18 15:15 - 2016-02-18 15:16 - 00000000 ____D C:\FRST
2016-02-18 15:11 - 2016-02-18 14:34 - 01722368 _____ (Farbar) C:\Documents and Settings\Front Desk\Desktop\FRST.exe
2016-02-10 14:05 - 2016-02-16 04:10 - 00000000 ____D C:\AdwCleaner
2016-02-10 14:05 - 2016-02-10 14:05 - 01508352 _____ C:\Documents and Settings\Front Desk\Desktop\AdwCleaner.exe
2016-02-10 12:38 - 2016-02-10 12:40 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-10 12:38 - 2016-02-10 12:38 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-10 12:38 - 2016-02-10 12:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-10 12:37 - 2016-02-10 12:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-10 12:37 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-10 12:37 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-10 12:31 - 2016-02-10 12:33 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Front Desk\Desktop\mbam-setup-2.2.0.1024.exe
2016-02-09 16:01 - 2016-02-18 12:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-09 06:25 - 2016-02-18 14:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-09 06:25 - 2016-02-18 12:27 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-09 06:25 - 2016-02-18 12:27 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-02-09 06:25 - 2016-02-09 06:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2016-02-09 06:22 - 2016-02-10 14:38 - 00000000 ____D C:\Program Files\Get-a-Clip
2016-02-09 06:22 - 2016-02-09 06:21 - 00111600 _____ C:\WINDOWS\system32\mfllib.dll
2016-02-09 06:21 - 2016-02-09 06:21 - 00000000 ____D C:\Documents and Settings\Front Desk\Temp
2016-01-30 18:12 - 2016-01-30 18:13 - 00000000 ____D C:\Documents and Settings\Front Desk\My Documents\METLIFE

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-18 15:17 - 2007-10-24 15:24 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Temp
2016-02-18 15:07 - 2015-08-14 12:47 - 00000524 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job
2016-02-18 14:55 - 2014-11-17 12:44 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 14:55 - 2004-08-11 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-18 14:47 - 2007-10-09 01:05 - 00004322 _____ C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2016-02-18 14:47 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2016-02-18 14:46 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-18 14:45 - 2007-10-24 15:24 - 00000178 ___SH C:\Documents and Settings\Front Desk\ntuser.ini
2016-02-18 14:45 - 2004-08-11 17:20 - 00032146 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-18 14:35 - 2014-11-17 12:44 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-18 14:32 - 2015-06-18 07:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-18 13:36 - 2015-08-23 12:32 - 00000620 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job
2016-02-18 12:32 - 2007-10-24 15:24 - 00000000 ____D C:\Documents and Settings\Front Desk
2016-02-16 04:03 - 2014-06-12 08:27 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Application Data\Adobe
2016-02-14 01:05 - 2014-03-13 16:00 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Application Data\NPE
2016-02-12 12:19 - 2015-11-19 20:37 - 00000000 ____D C:\Program Files\LogMeIn Ignition
2016-02-10 17:27 - 2014-12-21 08:14 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-02-10 17:10 - 2014-06-19 14:54 - 00000000 ____D C:\Documents and Settings\Front Desk\Desktop\Old Firefox Data
2016-02-10 17:00 - 2014-04-03 08:22 - 00064152 ____H C:\WINDOWS\system32\mlfcache.dat
2016-02-10 15:14 - 2004-08-11 17:00 - 00000211 __RSH C:\boot.ini
2016-02-10 14:09 - 2014-11-13 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\download-free-soft bundle uninstaller
2016-02-10 14:09 - 2011-05-17 16:44 - 00000000 ____D C:\Documents and Settings\Front Desk\Application Data\Yahoo!
2016-02-10 13:37 - 2014-10-04 08:30 - 00000258 __RSH C:\Documents and Settings\All Users\ntuser.pol
2016-02-10 13:37 - 2004-08-11 17:06 - 00000000 ____D C:\Documents and Settings\All Users
2016-02-10 13:35 - 2014-05-02 12:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2016-02-10 12:14 - 2012-04-09 07:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-02-10 11:53 - 2013-02-06 17:10 - 01359594 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2007805527-2214855839-2415389009-1005-0.dat
2016-02-10 11:53 - 2013-01-17 17:04 - 00226746 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-02-10 11:08 - 2008-02-18 08:00 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 06:32 - 2012-06-01 07:42 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-10 06:32 - 2012-06-01 07:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-09 22:58 - 2010-08-06 15:55 - 00000312 ____C C:\Documents and Settings\Front Desk\My Documents\spider.sav
2016-02-04 19:46 - 2014-11-17 12:45 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-04 19:46 - 2014-11-17 12:45 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-01-30 18:13 - 2007-10-24 15:24 - 00000000 ___RD C:\Documents and Settings\Front Desk\My Documents
2016-01-30 07:22 - 2015-07-17 19:21 - 00000000 ____D C:\Documents and Settings\Front Desk\My Documents\KATIE
2016-01-27 19:52 - 2012-04-23 14:54 - 00002515 _____ C:\Documents and Settings\Front Desk\Desktop\Microsoft Office Word 2007.lnk

==================== Files in the root of some directories =======

2015-12-02 21:23 - 2015-12-02 21:23 - 0000093 _____ () C:\Documents and Settings\Front Desk\Application Data\ARCompanion.log
2014-11-17 10:39 - 2014-11-17 10:39 - 0001122 ____C () C:\Documents and Settings\Front Desk\Application Data\ConvAPIPlugin.log
2007-11-05 10:11 - 2007-11-05 10:11 - 0012358 ____C () C:\Documents and Settings\Front Desk\Application Data\PFP110JCM.{PB
2007-11-05 10:11 - 2007-11-05 10:11 - 0061678 ____C () C:\Documents and Settings\Front Desk\Application Data\PFP110JPR.{PB
2014-10-14 23:16 - 2014-10-14 23:16 - 0000042 ____C () C:\Documents and Settings\Front Desk\Application Data\WB.CFG
2008-06-19 16:00 - 2008-06-19 16:00 - 0003584 ____C () C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-28 08:24 - 2011-07-28 10:31 - 0015842 __SHC () C:\Documents and Settings\Front Desk\Local Settings\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0
2013-05-10 07:31 - 2013-05-10 07:31 - 0000057 ____C () C:\Documents and Settings\All Users\Application Data\Ament.ini
2014-11-17 09:37 - 2015-12-02 22:39 - 0009099 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2011-07-28 08:24 - 2011-07-28 10:31 - 0015842 __SHC () C:\Documents and Settings\All Users\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0

Some files in TEMP:
====================
C:\Documents and Settings\Front Desk\Local Settings\Temp\hpuninstaller.exe
C:\Documents and Settings\Front Desk\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Front Desk (2016-02-18 15:17:59)
Running from C:\Documents and Settings\Front Desk\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2007-10-24 20:24:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2007805527-2214855839-2415389009-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Front Desk (S-1-5-21-2007805527-2214855839-2415389009-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Front Desk
Guest (S-1-5-21-2007805527-2214855839-2415389009-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2007805527-2214855839-2415389009-1004 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-2007805527-2214855839-2415389009-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\LogMeInRemoteUser
SUPPORT_388945a0 (S-1-5-21-2007805527-2214855839-2415389009-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
biolsp patch (Version: 01.00.01.0010 - Wave Systems Corp) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
Brother HL-2040 (HKLM\...\{6319890B-22D5-44C2-ADC3-028226CACF67}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Calendar Packages (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\Calendar Packages) (Version:  - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Embassy Trust Suite by Wave Systems (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.00.00.039 - Wave Systems Corp)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.1.101.6 - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DR Systems Web Ambassador (HKLM\...\{98BCB68E-274F-11D4-B2FA-00105AA9021A}) (Version:  - )
EMBASSY Security Setup (Version: 03.00.00.035 - Wave Systems Corp) Hidden
EMS (HKLM\...\{A21585BC-27A4-4641-9100-875D80FEE805}) (Version: 8.4.0.6197 - Dell Inc.)
ESC Home Page Plugin (Version: 03.00.00.013 - Wave Systems Corp) Hidden
ETS Upgrade (Version: 02.00.00.012 - Wave Systems Corp) Hidden
Get-a-Clip (HKLM\...\Get-a-Clip) (Version:  - Get-a-Clip)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.11.1.4419 (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\GoToMeeting) (Version: 7.11.1.4419 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
IntelliSonic Speech Enhancement (HKLM\...\{D9FCA292-1186-421F-8D93-9A5D272AD5D0}) (Version: 2.1.37 - Knowles Acoustics)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Juniper Networks Setup Client (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\Juniper_Setup_Client) (Version: 2.2.3.8885 - Juniper Networks)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version:  - )
LogMeIn (HKLM\...\{EE4CA5AF-4A55-418C-8CB8-74435814207B}) (Version: 4.1.2450 - LogMeIn, Inc.)
LogMeIn Client (HKLM\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marketsplash Shortcuts (HKLM\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
MEDITECH Workstation4.x (HKLM\...\Workstation4.x) (Version:  - )
mHlpDell (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
mIWA (Version: 9.24.0000 - Intel Corporation) Hidden
mLogView (Version: 9.24.0000 - Intel Corporation) Hidden
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
mPfWiz (Version: 9.24.0000 - Intel Corporation) Hidden
MPM (HKLM\...\{D48AD533-BAD5-469B-A9AA-272C6D80E70B}) (Version: 1.00.0000 - Hewlett-Packard)
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
MyCalendar (HKLM\...\Tweaks MyCalendar) (Version: 1.1.3 - Tweaks)
mZConfig (Version: 9.24.0000 - Intel Corporation) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Norton 360 Premier (HKLM\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.122.0 - NortonLive Services)
O2Micro USB Smart Card Reader (Version: 1.00.0000 - Dell Inc.) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
QuickBooks (Version: 21.0.4011.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4011.904 - Intuit Inc.)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.1.12 - Dell Computer Corporation)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Secure Fast PC (HKLM\...\Secure Fast PC1.0) (Version: 1.0 - Developerts LLC)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4820.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Time Clock SBE 2.3 (HKLM\...\Time Clock SBE 2.3) (Version: 2.3 - Barger Solutions)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
upekmsi (Version: 02.00.02.0010 - Wave Systems Corp) Hidden
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Wave Infrastructure Installer (Version: 03.05.10.0050 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.04.00.018 - Wave Systems Corp) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - O2Micro (guardian2) SmartCardReader  (02/05/2007 1.1.3.7) (HKLM\...\5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD) (Version: 02/05/2007 1.1.3.7 - O2Micro)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
Zoom (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job => C:\Program Files\Citrix\GoToMeeting\4419\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job => C:\Program Files\Citrix\GoToMeeting\4419\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job => c:\Program Files\Microsoft IntelliPoint\ipoint.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-09 06:22 - 2016-02-09 06:21 - 00111600 _____ () C:\WINDOWS\system32\mfllib.dll
2016-02-09 06:22 - 2016-02-09 06:21 - 00111600 _____ () C:\WINDOWS\System32\mfllib.dll
2012-06-06 07:20 - 2010-05-13 22:47 - 00059904 ____N () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\pphp1020.dll
2016-02-09 06:22 - 2016-02-09 06:21 - 01983640 _____ () C:\Program Files\Get-a-Clip\MFLService2.exe
2016-02-09 06:22 - 2016-02-09 06:21 - 00121912 _____ () C:\Program Files\Get-a-Clip\Get-a-Clip.Config.dll
2012-07-27 22:57 - 2002-11-26 12:43 - 00106496 ____N () C:\WINDOWS\system32\BrMuSNMP.dll
2016-02-09 06:22 - 2016-02-09 06:21 - 00116208 _____ () C:\Program Files\Get-a-Clip\mflstart.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\exefile:  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\audible.com -> hxxps://www.audible.com
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\doctorsimaginggroup.com -> hxxps://images.doctorsimaginggroup.com
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\flaglerhospital.org -> hxxps://images.flaglerhospital.org
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\radmd.com -> hxxps://www.radmd.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 17:00 - 2014-05-06 14:20 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Front Desk\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.254
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Documents and Settings\Front Desk\Local Settings\Temp\7zS414E\OJP8500vA909_Full_14\setup\hpznui01.exe] => Enabled:hpznui01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Front Desk\Local Settings\Temp\7zS414E\OJP8500vA909_Full_14\setup\hpznui01.exe] => Enabled:hpznui01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\ADBServer\rmAGenerator.exe] => Enabled:RMA Gen
StandardProfile\AuthorizedApplications: [C:\Program Files\Get-a-Clip\Get-a-Clip.exe] => Enabled:Get-a-Clip
StandardProfile\AuthorizedApplications: [C:\Program Files\Get-a-Clip\MFLService2.exe] => Enabled:Get-a-Clip
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [12005:TCP] => Enabled:Get-a-Clip

==================== Restore Points =========================

20-11-2015 21:25:20 System Checkpoint
21-11-2015 22:07:36 System Checkpoint
22-11-2015 23:26:46 System Checkpoint
23-11-2015 23:52:49 System Checkpoint
25-11-2015 03:44:06 System Checkpoint
26-11-2015 03:53:39 System Checkpoint
27-11-2015 04:19:41 System Checkpoint
28-11-2015 04:53:42 System Checkpoint
29-11-2015 05:04:49 System Checkpoint
30-11-2015 05:22:18 System Checkpoint
01-12-2015 05:22:50 System Checkpoint
02-12-2015 07:11:40 System Checkpoint
02-12-2015 21:19:08 Removed Centricity Enterprise Web 3.0 Client  (SPa10)
02-12-2015 21:20:05 Removed Cisco AnyConnect VPN Client
02-12-2015 21:21:09 Removed Citrix Online Launcher
02-12-2015 21:26:44 Removed Code-X 2013
02-12-2015 21:32:44 Removed Code-X 2014
02-12-2015 21:36:59 Removed DR Systems Web Product Installation
02-12-2015 21:40:39 Removed HP Officejet 6500 E710a-f Product Improvement Study
02-12-2015 21:41:12 Removed HP Officejet 6500 E710n-z Help
02-12-2015 21:41:43 Removed HP Officejet 6500 E710n-z Product Improvement Study
02-12-2015 21:54:18 Removed HP Officejet 6500 E710a-f Help
02-12-2015 22:20:28 Removed MPM
02-12-2015 22:34:04 Removed HP Officejet Pro 8600 Basic Device Software
02-12-2015 22:36:20 Removed HP Officejet Pro 8600 Help
02-12-2015 22:37:01 Removed HP Officejet Pro 8600 Product Improvement Study
02-12-2015 22:41:08 Removed HP Photosmart Essential
02-12-2015 22:41:40 Removed HP Product Detection
02-12-2015 22:42:32 Removed HP Update.
02-12-2015 22:43:44 Removed MSN Toolbar
03-12-2015 23:28:05 System Checkpoint
04-12-2015 23:52:29 System Checkpoint
06-12-2015 01:18:35 System Checkpoint
07-12-2015 01:52:25 System Checkpoint
08-12-2015 01:52:47 System Checkpoint
09-12-2015 02:51:24 System Checkpoint
09-12-2015 03:00:36 Software Distribution Service 3.0
10-12-2015 04:03:55 System Checkpoint
11-12-2015 04:20:24 System Checkpoint
12-12-2015 04:55:55 System Checkpoint
13-12-2015 05:55:53 System Checkpoint
14-12-2015 07:43:40 System Checkpoint
15-12-2015 08:20:02 System Checkpoint
16-12-2015 08:32:03 System Checkpoint
17-12-2015 09:08:37 System Checkpoint
18-12-2015 09:56:37 System Checkpoint
19-12-2015 11:01:09 System Checkpoint
20-12-2015 11:21:19 System Checkpoint
21-12-2015 13:36:56 System Checkpoint
22-12-2015 17:00:21 System Checkpoint
23-12-2015 18:44:07 System Checkpoint
24-12-2015 19:20:34 System Checkpoint
25-12-2015 20:20:35 System Checkpoint
26-12-2015 22:00:33 System Checkpoint
27-12-2015 22:49:30 System Checkpoint
29-12-2015 01:04:17 System Checkpoint
30-12-2015 01:22:27 System Checkpoint
31-12-2015 01:41:07 System Checkpoint
01-01-2016 02:55:33 System Checkpoint
02-01-2016 03:41:02 System Checkpoint
03-01-2016 03:41:22 System Checkpoint
04-01-2016 06:35:50 System Checkpoint
05-01-2016 07:28:15 System Checkpoint
06-01-2016 07:40:31 System Checkpoint
07-01-2016 08:00:11 System Checkpoint
08-01-2016 18:19:05 System Checkpoint
09-01-2016 22:00:38 System Checkpoint
10-01-2016 23:07:09 System Checkpoint
12-01-2016 00:06:08 System Checkpoint
13-01-2016 00:54:03 System Checkpoint
13-01-2016 03:00:20 Software Distribution Service 3.0
14-01-2016 03:42:04 System Checkpoint
15-01-2016 04:54:06 System Checkpoint
16-01-2016 05:54:08 System Checkpoint
17-01-2016 06:42:09 System Checkpoint
18-01-2016 07:26:51 System Checkpoint
19-01-2016 07:35:51 System Checkpoint
20-01-2016 07:58:57 System Checkpoint
21-01-2016 08:00:26 System Checkpoint
22-01-2016 08:53:10 System Checkpoint
23-01-2016 09:45:46 System Checkpoint
24-01-2016 10:45:49 System Checkpoint
25-01-2016 11:06:10 System Checkpoint
26-01-2016 11:45:46 System Checkpoint
27-01-2016 16:33:52 System Checkpoint
28-01-2016 21:19:39 System Checkpoint
30-01-2016 01:19:16 System Checkpoint
31-01-2016 02:31:23 System Checkpoint
01-02-2016 03:11:14 System Checkpoint
02-02-2016 07:23:23 System Checkpoint
03-02-2016 08:19:56 System Checkpoint
04-02-2016 09:45:41 System Checkpoint
05-02-2016 20:08:20 System Checkpoint
06-02-2016 20:52:29 System Checkpoint
08-02-2016 00:09:22 System Checkpoint
09-02-2016 00:21:46 System Checkpoint
10-02-2016 00:33:28 System Checkpoint
10-02-2016 11:06:29 Software Distribution Service 3.0
10-02-2016 12:12:13 Software Distribution Service 3.0
11-02-2016 12:40:49 System Checkpoint
12-02-2016 14:22:50 System Checkpoint
13-02-2016 18:28:22 System Checkpoint
14-02-2016 18:54:30 System Checkpoint
15-02-2016 23:55:25 System Checkpoint
17-02-2016 00:16:24 System Checkpoint
18-02-2016 00:16:32 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2016 02:53:57 PM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (02/18/2016 02:53:54 PM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

Error: (02/18/2016 02:47:30 PM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Error: (02/18/2016 02:47:30 PM) (Source: MSDTC) (EventID: 4112) (User: )
Description: Could not start the MS DTC Transaction Manager.

Error: (02/18/2016 02:47:30 PM) (Source: MSDTC) (EventID: 4185) (User: )
Description: MS DTC Transaction Manager start failed. LogInit returned error 0x2.

Error: (02/18/2016 02:47:30 PM) (Source: MSDTC) (EventID: 4163) (User: )
Description: MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

Error: (02/18/2016 02:46:58 PM) (Source: Credant EMS) (EventID: 4096) (User: )
Description: EMS Critical Error: [EmsService] Error [0x0000045a] while creating and starting PCS! "Could not load ProcessConnector library!"

Error: (02/18/2016 11:42:58 AM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (02/18/2016 11:42:55 AM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

Error: (02/18/2016 11:38:14 AM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)


System errors:
=============
Error: (02/18/2016 02:47:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/18/2016 11:38:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/18/2016 10:48:37 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/18/2016 10:38:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/16/2016 04:14:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/16/2016 04:10:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MFL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/16/2016 04:10:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/16/2016 04:10:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/16/2016 04:10:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wave UCSPlus service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/16/2016 04:10:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SigmaTel Audio Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 29%
Total physical RAM: 2038.04 MB
Available physical RAM: 1431 MB
Total Virtual: 3406.14 MB
Available Virtual: 2961.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.73 GB) (Free:79.01 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
RKinner
Posted 18 February 2016 - 03:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that  then run FRST again as before with the Addition.txt box checked.
 
 

  • 0

#3
Falcor2
Posted 19 February 2016 - 01:37 AM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Hello RKinner

 

     Thank you for the quick response. The computer seems to be running better already. I did note that the Pup ( Get-a-Clip) is still in the program list. But I know we are just getting started.

 

Thank you

Logs to follow

 

Fix result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Front Desk (2016-02-19 02:00:10) Run:1
Running from C:\Documents and Settings\Front Desk\Desktop
Loaded Profiles: Front Desk (Available Profiles: Front Desk & LogMeInRemoteUser & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
() C:\Program Files\Get-a-Clip\mflstart.exe
HKLM\...\Run: [mflstart] => C:\Program Files\Get-a-Clip\mflstart.exe [116208 2016-02-09] ()
AppInit_DLLs: mfllib.dll => C:\WINDOWS\system32\mfllib.dll [111600 2016-02-09] ()
SearchScopes: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-30] (Oracle Corporation)
BHO: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files\Get-a-Clip\MFLPluginIE.dll [2016-02-09] (Get-a-Clip)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll [2007-01-26] (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\WINDOWS\system32\npdeployJava1.dll [2014-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF user.js: detected! => C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859\user.js [2016-02-18]
FF Extension: Get-a-Clip Extension - C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859\extensions\[email protected] [2016-02-18] [not signed]
FF Extension: Get-a-Clip Extension - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2016-02-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\!mercury-autoenable.js [2016-02-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\!mercury-csp.js [2016-02-18]
FF ExtraCheck: C:\Program Files\mozilla firefox\mercury-autoenable.cfg [2016-02-18] <==== ATTENTION
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-30] (Oracle Corporation)
R2 MFLService2; C:\Program Files\Get-a-Clip\MFLService2.exe [1983640 2016-02-09] ()
S3 HPZid412; system32\DRIVERS\HPZid412.sys [X]
S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [X]
S3 HPZius12; system32\DRIVERS\HPZius12.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NielGfx; system32\drivers\nielgfx.sys [X]
S0 nielprt; system32\DRIVERS\nielprt.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]
2016-02-09 06:22 - 2016-02-10 14:38 - 00000000 ____D C:\Program Files\Get-a-Clip
2016-02-09 06:22 - 2016-02-09 06:21 - 00111600 _____ C:\WINDOWS\system32\mfllib.dll
2016-02-10 14:09 - 2014-11-13 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\download-free-soft bundle uninstaller
2016-02-09 06:22 - 2016-02-09 06:21 - 00111600 _____ () C:\WINDOWS\system32\mfllib.dll
2016-02-09 06:22 - 2016-02-09 06:21 - 00111600 _____ () C:\WINDOWS\System32\mfllib.dll
2016-02-09 06:22 - 2016-02-09 06:21 - 01983640 _____ () C:\Program Files\Get-a-Clip\MFLService2.exe
2016-02-09 06:22 - 2016-02-09 06:21 - 00121912 _____ () C:\Program Files\Get-a-Clip\Get-a-Clip.Config.dll
2016-02-09 06:22 - 2016-02-09 06:21 - 00116208 _____ () C:\Program Files\Get-a-Clip\mflstart.exe
C:\Program Files\Get-a-Clip
C:\WINDOWS\system32\mfllib.dll
EmptyTemp:








*****************

C:\Program Files\Get-a-Clip\mflstart.exe
[280] C:\Program Files\Get-a-Clip\mflstart.exe => process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mflstart => value removed successfully.
"mfllib.dll" => Value data removed successfully..
"HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}" => key removed successfully.
"HKCR\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => key removed successfully.
"HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2" => key removed successfully.
C:\WINDOWS\system32\npdeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2" => key removed successfully.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => not found.
"HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1" => key removed successfully.
"HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker" => key removed successfully.
C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859\user.js => moved successfully
C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859\extensions\[email protected] => moved successfully
C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859\extensions\[email protected] => path removed successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected] => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
C:\Program Files\mozilla firefox\browser\defaults\preferences\!mercury-autoenable.js => moved successfully
C:\Program Files\mozilla firefox\browser\defaults\preferences\!mercury-csp.js => moved successfully
C:\Program Files\mozilla firefox\mercury-autoenable.cfg => moved successfully
C:\Program Files\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\48.0.2564.103\pdf.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files\Citrix\ICA Client\npicaN.dll => not found.
C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll => not found.
C:\WINDOWS\system32\npdeployJava1.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => not found.
JavaQuickStarterService => Service stopped successfully.
JavaQuickStarterService => service removed successfully.
MFLService2 => Service stopped successfully.
MFLService2 => service removed successfully.
HPZid412 => service removed successfully.
HPZipr12 => service removed successfully.
HPZius12 => service removed successfully.
LMIRfsClientNP => service removed successfully.
NielGfx => service removed successfully.
nielprt => service removed successfully.
vpnva => service removed successfully.
vsdatant => service removed successfully.
C:\Program Files\Get-a-Clip => moved successfully
C:\WINDOWS\system32\mfllib.dll => moved successfully
C:\Documents and Settings\All Users\Start Menu\Programs\download-free-soft bundle uninstaller => moved successfully
"C:\WINDOWS\system32\mfllib.dll" => not found.
"C:\WINDOWS\System32\mfllib.dll" => not found.
"C:\Program Files\Get-a-Clip\MFLService2.exe" => not found.
"C:\Program Files\Get-a-Clip\Get-a-Clip.Config.dll" => not found.
"C:\Program Files\Get-a-Clip\mflstart.exe" => not found.
"C:\Program Files\Get-a-Clip" => not found.
"C:\WINDOWS\system32\mfllib.dll" => not found.
EmptyTemp: => 147.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 02:01:17 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by Front Desk (administrator) on JEANNE (19-02-2016 02:20:07)
Running from C:\Documents and Settings\Front Desk\Desktop
Loaded Profiles: Front Desk (Available Profiles: Front Desk & LogMeInRemoteUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Dell Inc.) C:\WINDOWS\system32\EmsService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Dell Inc.) C:\WINDOWS\system32\EmsServiceHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EmsService] => C:\WINDOWS\system32\EmsServiceHelper.exe [2436448 2014-06-12] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll [2015-11-19] (LogMeIn, Inc.)
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2239EF8C-819A-4115-AC14-D60C944FE5A9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{319CB493-C1AA-42CD-89B4-2AE44929C51E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9479C24B-3DD6-4ED9-AA95-D0D78551B73E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> DefaultScope {DD259C95-6D0C-4027-9478-CEB509D0DDE3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> {DD259C95-6D0C-4027-9478-CEB509D0DDE3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///D:/Scripts/LTOCX14N.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} hxxps://vpn.flaglerhospital.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} hxxps://images.flaglerhospital.org/ami/install/msxml4.cab
DPF: {8B9D77B2-39C0-4674-AF42-BBD50FF71781} hxxps://images.doctorsimaginggroup.com/ami/install/amiviewer.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} hxxp://www.flaglerhospital.org/extranet/nav/vpn/webinst.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mygp.gp.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1083
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2012-05-14] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-07] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2007805527-2214855839-2415389009-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Front Desk\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-01-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2007805527-2214855839-2415389009-1005: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Front Desk\Application Data\Zoom\bin\npzoomplugin.dll [2015-11-30] (Zoom Video Communications, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-01-19]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\WINDOWS\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-19]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-17]
CHR Extension: (Norton Safe) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EMS; C:\WINDOWS\system32\EMSService.exe [1698144 2014-06-12] (Dell Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe [411632 2015-11-19] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-20] (Symantec Corporation)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-05-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-07-28] (Intuit Inc.) [File not signed]
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-18] (SigmaTel, Inc.) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe /Processid:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 AE1000; C:\WINDOWS\System32\DRIVERS\AE1000XP.sys [816672 2010-02-12] (Ralink Technology, Corp.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21393 2007-10-09] (Cisco Systems, Inc.)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20160213.002\BHDrvx86.sys [1270008 2016-02-12] (Symantec Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1605050.00F\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
R0 CmgPCS; C:\WINDOWS\System32\DRIVERS\CmgPCS.sys [143488 2014-05-19] (Dell Inc.)
R0 CmgShieldFFE; C:\WINDOWS\System32\DRIVERS\CmgFFE.sys [586496 2014-06-06] (Dell Inc.)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 DXEC01; C:\WINDOWS\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-11-17] (Symantec Corporation)
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
R3 IDSxpx86; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20160218.001\IDSxpx86.sys [548536 2016-02-13] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20160218.022\NAVENG.SYS [104440 2016-01-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20160218.022\NAVEX15.SYS [1647216 2016-01-22] (Symantec Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation) [File not signed]
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\1605050.00F\SRTSP.SYS [712944 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1605050.00F\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1228296 2007-02-18] (SigmaTel, Inc.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\1605050.00F\SYMEFASI.SYS [1287408 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [103152 2015-07-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1605050.00F\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1605050.00F\SYMTDI.SYS [388440 2015-11-11] (Symantec Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 02:00 - 2016-02-19 02:01 - 00010942 _____ C:\Documents and Settings\Front Desk\Desktop\Fixlog.txt
2016-02-18 15:17 - 2016-02-18 15:19 - 00049711 _____ C:\Documents and Settings\Front Desk\Desktop\Addition.txt
2016-02-18 15:16 - 2016-02-19 02:21 - 00019666 _____ C:\Documents and Settings\Front Desk\Desktop\FRST.txt
2016-02-18 15:15 - 2016-02-19 02:20 - 00000000 ____D C:\FRST
2016-02-18 15:11 - 2016-02-18 14:34 - 01722368 _____ (Farbar) C:\Documents and Settings\Front Desk\Desktop\FRST.exe
2016-02-10 14:05 - 2016-02-16 04:10 - 00000000 ____D C:\AdwCleaner
2016-02-10 14:05 - 2016-02-10 14:05 - 01508352 _____ C:\Documents and Settings\Front Desk\Desktop\AdwCleaner.exe
2016-02-10 12:38 - 2016-02-10 12:40 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-10 12:38 - 2016-02-10 12:38 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-10 12:38 - 2016-02-10 12:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-10 12:37 - 2016-02-10 12:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-10 12:37 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-10 12:37 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-10 12:31 - 2016-02-10 12:33 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Front Desk\Desktop\mbam-setup-2.2.0.1024.exe
2016-02-09 16:01 - 2016-02-19 02:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-09 06:25 - 2016-02-18 14:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-09 06:25 - 2016-02-18 12:27 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-09 06:25 - 2016-02-18 12:27 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-02-09 06:25 - 2016-02-09 06:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2016-02-09 06:21 - 2016-02-09 06:21 - 00000000 ____D C:\Documents and Settings\Front Desk\Temp
2016-01-30 18:12 - 2016-01-30 18:13 - 00000000 ____D C:\Documents and Settings\Front Desk\My Documents\METLIFE

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 02:20 - 2007-10-24 15:24 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Temp
2016-02-19 02:07 - 2015-08-14 12:47 - 00000524 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job
2016-02-19 02:05 - 2014-11-17 12:44 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 02:05 - 2004-08-11 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-19 02:04 - 2007-10-09 01:05 - 00004322 _____ C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2016-02-19 02:04 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2016-02-19 02:03 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 02:02 - 2007-10-24 15:24 - 00000178 ___SH C:\Documents and Settings\Front Desk\ntuser.ini
2016-02-19 02:02 - 2004-08-11 17:20 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-19 02:00 - 2004-08-11 17:20 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2016-02-19 01:36 - 2015-08-23 12:32 - 00000620 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job
2016-02-19 01:35 - 2014-11-17 12:44 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 01:32 - 2015-06-18 07:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-18 12:32 - 2007-10-24 15:24 - 00000000 ____D C:\Documents and Settings\Front Desk
2016-02-16 04:03 - 2014-06-12 08:27 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Application Data\Adobe
2016-02-14 01:05 - 2014-03-13 16:00 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Application Data\NPE
2016-02-12 12:19 - 2015-11-19 20:37 - 00000000 ____D C:\Program Files\LogMeIn Ignition
2016-02-10 17:27 - 2014-12-21 08:14 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-02-10 17:10 - 2014-06-19 14:54 - 00000000 ____D C:\Documents and Settings\Front Desk\Desktop\Old Firefox Data
2016-02-10 17:00 - 2014-04-03 08:22 - 00064152 ____H C:\WINDOWS\system32\mlfcache.dat
2016-02-10 15:14 - 2004-08-11 17:00 - 00000211 __RSH C:\boot.ini
2016-02-10 14:09 - 2011-05-17 16:44 - 00000000 ____D C:\Documents and Settings\Front Desk\Application Data\Yahoo!
2016-02-10 13:37 - 2014-10-04 08:30 - 00000258 __RSH C:\Documents and Settings\All Users\ntuser.pol
2016-02-10 13:37 - 2004-08-11 17:06 - 00000000 ____D C:\Documents and Settings\All Users
2016-02-10 13:35 - 2014-05-02 12:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2016-02-10 12:14 - 2012-04-09 07:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-02-10 11:53 - 2013-02-06 17:10 - 01359594 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2007805527-2214855839-2415389009-1005-0.dat
2016-02-10 11:53 - 2013-01-17 17:04 - 00226746 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-02-10 11:08 - 2008-02-18 08:00 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 06:32 - 2012-06-01 07:42 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-10 06:32 - 2012-06-01 07:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-09 22:58 - 2010-08-06 15:55 - 00000312 ____C C:\Documents and Settings\Front Desk\My Documents\spider.sav
2016-02-04 19:46 - 2014-11-17 12:45 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-04 19:46 - 2014-11-17 12:45 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-01-30 18:13 - 2007-10-24 15:24 - 00000000 ___RD C:\Documents and Settings\Front Desk\My Documents
2016-01-30 07:22 - 2015-07-17 19:21 - 00000000 ____D C:\Documents and Settings\Front Desk\My Documents\KATIE
2016-01-27 19:52 - 2012-04-23 14:54 - 00002515 _____ C:\Documents and Settings\Front Desk\Desktop\Microsoft Office Word 2007.lnk

==================== Files in the root of some directories =======

2015-12-02 21:23 - 2015-12-02 21:23 - 0000093 _____ () C:\Documents and Settings\Front Desk\Application Data\ARCompanion.log
2014-11-17 10:39 - 2014-11-17 10:39 - 0001122 ____C () C:\Documents and Settings\Front Desk\Application Data\ConvAPIPlugin.log
2007-11-05 10:11 - 2007-11-05 10:11 - 0012358 ____C () C:\Documents and Settings\Front Desk\Application Data\PFP110JCM.{PB
2007-11-05 10:11 - 2007-11-05 10:11 - 0061678 ____C () C:\Documents and Settings\Front Desk\Application Data\PFP110JPR.{PB
2014-10-14 23:16 - 2014-10-14 23:16 - 0000042 ____C () C:\Documents and Settings\Front Desk\Application Data\WB.CFG
2008-06-19 16:00 - 2008-06-19 16:00 - 0003584 ____C () C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-28 08:24 - 2011-07-28 10:31 - 0015842 __SHC () C:\Documents and Settings\Front Desk\Local Settings\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0
2013-05-10 07:31 - 2013-05-10 07:31 - 0000057 ____C () C:\Documents and Settings\All Users\Application Data\Ament.ini
2014-11-17 09:37 - 2015-12-02 22:39 - 0009099 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2011-07-28 08:24 - 2011-07-28 10:31 - 0015842 __SHC () C:\Documents and Settings\All Users\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Front Desk (2016-02-19 02:21:43)
Running from C:\Documents and Settings\Front Desk\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2007-10-24 20:24:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2007805527-2214855839-2415389009-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Front Desk (S-1-5-21-2007805527-2214855839-2415389009-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Front Desk
Guest (S-1-5-21-2007805527-2214855839-2415389009-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2007805527-2214855839-2415389009-1004 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-2007805527-2214855839-2415389009-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\LogMeInRemoteUser
SUPPORT_388945a0 (S-1-5-21-2007805527-2214855839-2415389009-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
biolsp patch (Version: 01.00.01.0010 - Wave Systems Corp) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
Brother HL-2040 (HKLM\...\{6319890B-22D5-44C2-ADC3-028226CACF67}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Calendar Packages (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\Calendar Packages) (Version:  - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Embassy Trust Suite by Wave Systems (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.00.00.039 - Wave Systems Corp)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.1.101.6 - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DR Systems Web Ambassador (HKLM\...\{98BCB68E-274F-11D4-B2FA-00105AA9021A}) (Version:  - )
EMBASSY Security Setup (Version: 03.00.00.035 - Wave Systems Corp) Hidden
EMS (HKLM\...\{A21585BC-27A4-4641-9100-875D80FEE805}) (Version: 8.4.0.6197 - Dell Inc.)
ESC Home Page Plugin (Version: 03.00.00.013 - Wave Systems Corp) Hidden
ETS Upgrade (Version: 02.00.00.012 - Wave Systems Corp) Hidden
Get-a-Clip (HKLM\...\Get-a-Clip) (Version:  - Get-a-Clip)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.11.1.4419 (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\GoToMeeting) (Version: 7.11.1.4419 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
IntelliSonic Speech Enhancement (HKLM\...\{D9FCA292-1186-421F-8D93-9A5D272AD5D0}) (Version: 2.1.37 - Knowles Acoustics)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Juniper Networks Setup Client (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\Juniper_Setup_Client) (Version: 2.2.3.8885 - Juniper Networks)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version:  - )
LogMeIn (HKLM\...\{EE4CA5AF-4A55-418C-8CB8-74435814207B}) (Version: 4.1.2450 - LogMeIn, Inc.)
LogMeIn Client (HKLM\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marketsplash Shortcuts (HKLM\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
MEDITECH Workstation4.x (HKLM\...\Workstation4.x) (Version:  - )
mHlpDell (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
mIWA (Version: 9.24.0000 - Intel Corporation) Hidden
mLogView (Version: 9.24.0000 - Intel Corporation) Hidden
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
mPfWiz (Version: 9.24.0000 - Intel Corporation) Hidden
MPM (HKLM\...\{D48AD533-BAD5-469B-A9AA-272C6D80E70B}) (Version: 1.00.0000 - Hewlett-Packard)
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
MyCalendar (HKLM\...\Tweaks MyCalendar) (Version: 1.1.3 - Tweaks)
mZConfig (Version: 9.24.0000 - Intel Corporation) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Norton 360 Premier (HKLM\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.122.0 - NortonLive Services)
O2Micro USB Smart Card Reader (Version: 1.00.0000 - Dell Inc.) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
QuickBooks (Version: 21.0.4011.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4011.904 - Intuit Inc.)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.1.12 - Dell Computer Corporation)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Secure Fast PC (HKLM\...\Secure Fast PC1.0) (Version: 1.0 - Developerts LLC)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4820.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Time Clock SBE 2.3 (HKLM\...\Time Clock SBE 2.3) (Version: 2.3 - Barger Solutions)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
upekmsi (Version: 02.00.02.0010 - Wave Systems Corp) Hidden
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Wave Infrastructure Installer (Version: 03.05.10.0050 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.04.00.018 - Wave Systems Corp) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - O2Micro (guardian2) SmartCardReader  (02/05/2007 1.1.3.7) (HKLM\...\5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD) (Version: 02/05/2007 1.1.3.7 - O2Micro)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
Zoom (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job => C:\Program Files\Citrix\GoToMeeting\4419\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job => C:\Program Files\Citrix\GoToMeeting\4419\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job => c:\Program Files\Microsoft IntelliPoint\ipoint.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-06-06 07:20 - 2010-05-13 22:47 - 00059904 ____N () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\pphp1020.dll
2012-07-27 22:57 - 2002-11-26 12:43 - 00106496 ____N () C:\WINDOWS\system32\BrMuSNMP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\exefile:  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\audible.com -> hxxps://www.audible.com
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\doctorsimaginggroup.com -> hxxps://images.doctorsimaginggroup.com
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\flaglerhospital.org -> hxxps://images.flaglerhospital.org
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\radmd.com -> hxxps://www.radmd.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 17:00 - 2014-05-06 14:20 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Front Desk\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.254
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Documents and Settings\Front Desk\Local Settings\Temp\7zS414E\OJP8500vA909_Full_14\setup\hpznui01.exe] => Enabled:hpznui01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Front Desk\Local Settings\Temp\7zS414E\OJP8500vA909_Full_14\setup\hpznui01.exe] => Enabled:hpznui01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\ADBServer\rmAGenerator.exe] => Enabled:RMA Gen
StandardProfile\AuthorizedApplications: [C:\Program Files\Get-a-Clip\Get-a-Clip.exe] => Enabled:Get-a-Clip
StandardProfile\AuthorizedApplications: [C:\Program Files\Get-a-Clip\MFLService2.exe] => Enabled:Get-a-Clip
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [12005:TCP] => Enabled:Get-a-Clip

==================== Restore Points =========================

21-11-2015 22:07:36 System Checkpoint
22-11-2015 23:26:46 System Checkpoint
23-11-2015 23:52:49 System Checkpoint
25-11-2015 03:44:06 System Checkpoint
26-11-2015 03:53:39 System Checkpoint
27-11-2015 04:19:41 System Checkpoint
28-11-2015 04:53:42 System Checkpoint
29-11-2015 05:04:49 System Checkpoint
30-11-2015 05:22:18 System Checkpoint
01-12-2015 05:22:50 System Checkpoint
02-12-2015 07:11:40 System Checkpoint
02-12-2015 21:19:08 Removed Centricity Enterprise Web 3.0 Client  (SPa10)
02-12-2015 21:20:05 Removed Cisco AnyConnect VPN Client
02-12-2015 21:21:09 Removed Citrix Online Launcher
02-12-2015 21:26:44 Removed Code-X 2013
02-12-2015 21:32:44 Removed Code-X 2014
02-12-2015 21:36:59 Removed DR Systems Web Product Installation
02-12-2015 21:40:39 Removed HP Officejet 6500 E710a-f Product Improvement Study
02-12-2015 21:41:12 Removed HP Officejet 6500 E710n-z Help
02-12-2015 21:41:43 Removed HP Officejet 6500 E710n-z Product Improvement Study
02-12-2015 21:54:18 Removed HP Officejet 6500 E710a-f Help
02-12-2015 22:20:28 Removed MPM
02-12-2015 22:34:04 Removed HP Officejet Pro 8600 Basic Device Software
02-12-2015 22:36:20 Removed HP Officejet Pro 8600 Help
02-12-2015 22:37:01 Removed HP Officejet Pro 8600 Product Improvement Study
02-12-2015 22:41:08 Removed HP Photosmart Essential
02-12-2015 22:41:40 Removed HP Product Detection
02-12-2015 22:42:32 Removed HP Update.
02-12-2015 22:43:44 Removed MSN Toolbar
03-12-2015 23:28:05 System Checkpoint
04-12-2015 23:52:29 System Checkpoint
06-12-2015 01:18:35 System Checkpoint
07-12-2015 01:52:25 System Checkpoint
08-12-2015 01:52:47 System Checkpoint
09-12-2015 02:51:24 System Checkpoint
09-12-2015 03:00:36 Software Distribution Service 3.0
10-12-2015 04:03:55 System Checkpoint
11-12-2015 04:20:24 System Checkpoint
12-12-2015 04:55:55 System Checkpoint
13-12-2015 05:55:53 System Checkpoint
14-12-2015 07:43:40 System Checkpoint
15-12-2015 08:20:02 System Checkpoint
16-12-2015 08:32:03 System Checkpoint
17-12-2015 09:08:37 System Checkpoint
18-12-2015 09:56:37 System Checkpoint
19-12-2015 11:01:09 System Checkpoint
20-12-2015 11:21:19 System Checkpoint
21-12-2015 13:36:56 System Checkpoint
22-12-2015 17:00:21 System Checkpoint
23-12-2015 18:44:07 System Checkpoint
24-12-2015 19:20:34 System Checkpoint
25-12-2015 20:20:35 System Checkpoint
26-12-2015 22:00:33 System Checkpoint
27-12-2015 22:49:30 System Checkpoint
29-12-2015 01:04:17 System Checkpoint
30-12-2015 01:22:27 System Checkpoint
31-12-2015 01:41:07 System Checkpoint
01-01-2016 02:55:33 System Checkpoint
02-01-2016 03:41:02 System Checkpoint
03-01-2016 03:41:22 System Checkpoint
04-01-2016 06:35:50 System Checkpoint
05-01-2016 07:28:15 System Checkpoint
06-01-2016 07:40:31 System Checkpoint
07-01-2016 08:00:11 System Checkpoint
08-01-2016 18:19:05 System Checkpoint
09-01-2016 22:00:38 System Checkpoint
10-01-2016 23:07:09 System Checkpoint
12-01-2016 00:06:08 System Checkpoint
13-01-2016 00:54:03 System Checkpoint
13-01-2016 03:00:20 Software Distribution Service 3.0
14-01-2016 03:42:04 System Checkpoint
15-01-2016 04:54:06 System Checkpoint
16-01-2016 05:54:08 System Checkpoint
17-01-2016 06:42:09 System Checkpoint
18-01-2016 07:26:51 System Checkpoint
19-01-2016 07:35:51 System Checkpoint
20-01-2016 07:58:57 System Checkpoint
21-01-2016 08:00:26 System Checkpoint
22-01-2016 08:53:10 System Checkpoint
23-01-2016 09:45:46 System Checkpoint
24-01-2016 10:45:49 System Checkpoint
25-01-2016 11:06:10 System Checkpoint
26-01-2016 11:45:46 System Checkpoint
27-01-2016 16:33:52 System Checkpoint
28-01-2016 21:19:39 System Checkpoint
30-01-2016 01:19:16 System Checkpoint
31-01-2016 02:31:23 System Checkpoint
01-02-2016 03:11:14 System Checkpoint
02-02-2016 07:23:23 System Checkpoint
03-02-2016 08:19:56 System Checkpoint
04-02-2016 09:45:41 System Checkpoint
05-02-2016 20:08:20 System Checkpoint
06-02-2016 20:52:29 System Checkpoint
08-02-2016 00:09:22 System Checkpoint
09-02-2016 00:21:46 System Checkpoint
10-02-2016 00:33:28 System Checkpoint
10-02-2016 11:06:29 Software Distribution Service 3.0
10-02-2016 12:12:13 Software Distribution Service 3.0
11-02-2016 12:40:49 System Checkpoint
12-02-2016 14:22:50 System Checkpoint
13-02-2016 18:28:22 System Checkpoint
14-02-2016 18:54:30 System Checkpoint
15-02-2016 23:55:25 System Checkpoint
17-02-2016 00:16:24 System Checkpoint
18-02-2016 00:16:32 System Checkpoint
19-02-2016 00:50:44 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2016 02:10:59 AM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (02/19/2016 02:10:57 AM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

Error: (02/19/2016 02:04:59 AM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Error: (02/19/2016 02:04:58 AM) (Source: MSDTC) (EventID: 4112) (User: )
Description: Could not start the MS DTC Transaction Manager.

Error: (02/19/2016 02:04:58 AM) (Source: MSDTC) (EventID: 4185) (User: )
Description: MS DTC Transaction Manager start failed. LogInit returned error 0x2.

Error: (02/19/2016 02:04:58 AM) (Source: MSDTC) (EventID: 4163) (User: )
Description: MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

Error: (02/19/2016 02:04:00 AM) (Source: Credant EMS) (EventID: 4096) (User: )
Description: EMS Critical Error: [EmsService] Error [0x0000045a] while creating and starting PCS! "Could not load ProcessConnector library!"

Error: (02/18/2016 02:53:57 PM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (02/18/2016 02:53:54 PM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

Error: (02/18/2016 02:47:30 PM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)


System errors:
=============
Error: (02/19/2016 02:04:58 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/19/2016 02:00:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/19/2016 02:00:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wave UCSPlus service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/19/2016 02:00:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/18/2016 02:47:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/18/2016 11:38:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/18/2016 10:48:37 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/18/2016 10:38:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/16/2016 04:14:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/16/2016 04:10:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MFL Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 26%
Total physical RAM: 2038.04 MB
Available physical RAM: 1491.31 MB
Total Virtual: 3406.14 MB
Available Virtual: 3020.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.73 GB) (Free:79.06 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
RKinner
Posted 19 February 2016 - 06:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
For the following it's usually easier to post the logs as you get them rather than save them up for one big post.
 
I missed a few entries so let's run a second fixlist.
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
It shouldn't need to reboot this time.
 
 
Let's do a full tuneup.  First let it check the hard drive for errors:
 
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  (Alternatively, right click on My Computer and select Manage then Event Viewer) Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
 
reboot
 
The disk check will run and will probably take an hour or more to finish.
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  The second time you run VEW it will overwrite the log so copy it to a Reply or rename it first.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.  Uninstall Speccy.
 
 
XP does not automatically defrag the hard drive so you need to do it manually every month or two.
 
Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Defragmenter.
Click the volume that you want to defragment. C:
 
(Alternatively you can 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.)
 
Click Defragment to begin the operation.
This may take a while depending on the size of the drive and the amount of data on it and how badly it's fragmented but will usually make a big difference in the speed of the PC.
 
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 
 
 
 
 
 
 

  • 0

#5
Falcor2
Posted 19 February 2016 - 03:11 PM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Fix result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Front Desk (2016-02-19 16:08:11) Run:2
Running from C:\Documents and Settings\Front Desk\Desktop
Loaded Profiles: Front Desk (Available Profiles: Front Desk & LogMeInRemoteUser & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\WINDOWS\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\exefile:  <===== ATTENTION
StandardProfile\AuthorizedApplications: [C:\Program Files\Get-a-Clip\Get-a-Clip.exe] => Enabled:Get-a-Clip
StandardProfile\AuthorizedApplications: [C:\Program Files\Get-a-Clip\MFLService2.exe] => Enabled:Get-a-Clip
StandardProfile\GloballyOpenPorts: [12005:TCP] => Enabled:Get-a-Clip









*****************

Chrome DefaultSuggestURL => removed successfully.
C:\Program Files\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\48.0.2564.103\pdf.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files\Citrix\ICA Client\npicaN.dll => not found.
C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll => not found.
C:\WINDOWS\system32\npdeployJava1.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => not found.
"HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\exefile" => key removed successfully.
"HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\.exe" => key removed successfully.
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Classes\exefile => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Get-a-Clip\Get-a-Clip.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Get-a-Clip\MFLService2.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12005:TCP => value removed successfully.

==== End of Fixlog 16:08:13 ====


  • 0

#6
Falcor2
Posted 19 February 2016 - 05:38 PM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/02/2016 6:28:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/02/2016 6:17:35 PM
Type: error Category: 0
Event: 7024 Source: Service Control Manager
The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Log: 'System' Date/Time: 19/02/2016 5:53:20 PM
Type: error Category: 0
Event: 7024 Source: Service Control Manager
The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/02/2016 6:17:06 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down.  Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 19/02/2016 5:51:00 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down.  Check to make sure the network cable is properly connected.
 


  • 0

#7
Falcor2
Posted 19 February 2016 - 05:43 PM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/02/2016 6:40:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/02/2016 6:23:50 PM
Type: error Category: 1
Event: 4124 Source: Ci
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

Log: 'Application' Date/Time: 19/02/2016 6:23:47 PM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will  be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 19/02/2016 6:17:35 PM
Type: error Category: 98
Event: 4691 Source: COM+
The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Log: 'Application' Date/Time: 19/02/2016 6:17:35 PM
Type: error Category: 1
Event: 4112 Source: MSDTC
Could not start the MS DTC Transaction Manager.

Log: 'Application' Date/Time: 19/02/2016 6:17:35 PM
Type: error Category: 2
Event: 4185 Source: MSDTC
MS DTC Transaction Manager start failed. LogInit returned error 0x2.

Log: 'Application' Date/Time: 19/02/2016 6:17:35 PM
Type: error Category: 4
Event: 4163 Source: MSDTC
MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

Log: 'Application' Date/Time: 19/02/2016 6:16:52 PM
Type: error Category: 1
Event: 4096 Source: Credant EMS
EMS Critical Error: [EmsService] Error [0x0000045a] while creating and starting PCS! "Could not load ProcessConnector library!"  

Log: 'Application' Date/Time: 19/02/2016 5:57:45 PM
Type: error Category: 1
Event: 4124 Source: Ci
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

Log: 'Application' Date/Time: 19/02/2016 5:57:42 PM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will  be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 19/02/2016 5:53:21 PM
Type: error Category: 98
Event: 4691 Source: COM+
The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Log: 'Application' Date/Time: 19/02/2016 5:53:20 PM
Type: error Category: 1
Event: 4112 Source: MSDTC
Could not start the MS DTC Transaction Manager.

Log: 'Application' Date/Time: 19/02/2016 5:53:20 PM
Type: error Category: 2
Event: 4185 Source: MSDTC
MS DTC Transaction Manager start failed. LogInit returned error 0x2.

Log: 'Application' Date/Time: 19/02/2016 5:53:20 PM
Type: error Category: 4
Event: 4163 Source: MSDTC
MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

Log: 'Application' Date/Time: 19/02/2016 5:51:28 PM
Type: error Category: 1
Event: 4096 Source: Credant EMS
EMS Critical Error: [EmsService] Error [0x0000045a] while creating and starting PCS! "Could not load ProcessConnector library!"  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#8
Falcor2
Posted 19 February 2016 - 07:13 PM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name
System Idle Process    100.00    0 K    28 K    0        
System        0 K    256 K    4        
 Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs    
 smss.exe        176 K    436 K    876    Windows NT Session Manager    Microsoft Corporation
  csrss.exe        1,812 K    4,124 K    960    Client Server Runtime Process    Microsoft Corporation
  winlogon.exe        6,824 K    4,448 K    992    Windows NT Logon Application    Microsoft Corporation
   services.exe        1,968 K    4,064 K    1040    Services and Controller app    Microsoft Corporation
    svchost.exe        3,488 K    5,372 K    1256    Generic Host Process for Win32 Services    Microsoft Corporation
     wmiprvse.exe        2,224 K    5,460 K    3628    WMI    Microsoft Corporation
    svchost.exe        1,972 K    4,768 K    1320    Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe        22,040 K    32,064 K    1364    Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe        2,392 K    3,408 K    1408    Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe        1,832 K    4,168 K    1680    Generic Host Process for Win32 Services    Microsoft Corporation
    svchost.exe        1,296 K    3,424 K    1708    Generic Host Process for Win32 Services    Microsoft Corporation
    spoolsv.exe        6,200 K    9,672 K    1948    Spooler SubSystem App    Microsoft Corporation
    scardsvr.exe        912 K    2,708 K    1996    Smart Card Resource Management Server    Microsoft Corporation
    svchost.exe        1,348 K    3,864 K    228    Generic Host Process for Win32 Services    Microsoft Corporation
    cisvc.exe        4,332 K    428 K    732    Content Index service    Microsoft Corporation
     cidaemon.exe        1,128 K    532 K    1652    Indexing Service filter daemon    Microsoft Corporation
    EmsService.exe        2,724 K    5,336 K    776    External Media Encryption Service.    Dell Inc.
    LMIGuardianSvc.exe        1,104 K    3,604 K    540    LMIGuardianSvc    LogMeIn, Inc.
    n360.exe        83,200 K    12,416 K    520    Norton 360    Symantec Corporation
     n360.exe        17,808 K    33,556 K    3380    Norton 360    Symantec Corporation
    svchost.exe        1,060 K    3,000 K    576    Generic Host Process for Win32 Services    Microsoft Corporation
    NicConfigSvc.exe        3,392 K    4,688 K    644    Internal Network Card Power Management  Service    Dell Inc.
    SymcPCCULaunchSvc.exe        2,828 K    3,856 K    1512    Norton PC Checkup Launcher Service    Symantec Corporation
    svchost.exe        1,044 K    2,964 K    708    Generic Host Process for Win32 Services    Microsoft Corporation
    QBCFMonitorService.exe        12,472 K    10,056 K    1492    QuickBooks Company File Monitoring Service    Intuit
    QBIDPService.exe        11,312 K    9,688 K    1808    QBIDPService    Intuit Inc.
    stacsv.exe        2,736 K    4,036 K    2132    STacSV Module    SigmaTel, Inc.
    svchost.exe        5,416 K    5,932 K    2484    Generic Host Process for Win32 Services    Microsoft Corporation
    dllhost.exe        1,548 K    5,016 K    2520    COM Surrogate    Microsoft Corporation
    dllhost.exe        2,712 K    7,468 K    3288    COM Surrogate    Microsoft Corporation
    alg.exe        1,220 K    3,672 K    3552    Application Layer Gateway Service    Microsoft Corporation
   lsass.exe        4,196 K    1,884 K    1056    LSA Shell (Export Version)    Microsoft Corporation
explorer.exe        65,788 K    76,348 K    1432    Windows Explorer    Microsoft Corporation
 EmsServiceHelper.exe        3,768 K    7,792 K    400    External Media Encryption Service Helper.    Dell Inc.
 ctfmon.exe        980 K    3,708 K    1560    CTF Loader    Microsoft Corporation
 procexp.exe        18,004 K    23,176 K    4256    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
 


  • 0

#9
RKinner
Posted 19 February 2016 - 08:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If you aren't using them:
 
Uninstall:
 
Dell Embassy Trust Suite by Wave Systems (Lots of errors)
 
EMS  (Lots of errors)
 
Java 7 Update 55  (Obsolete and a security risk)
 
Did Speccy not work for you?

  • 0

#10
Falcor2
Posted 20 February 2016 - 04:51 AM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

I ran Speccy and thought I posted the log, it took a long time to post as it was big. I will load and run it again later today.


  • 0

Advertisements

#11
Falcor2
Posted 20 February 2016 - 05:25 AM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

I see what happened, I tried to copy and paste the log for Speccy.

 

 

Attached File  JEANNE.txt   323.9KB   167 downloads


  • 0

#12
RKinner
Posted 20 February 2016 - 07:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK.
 
Speccy has some interesting news for us:
 
First it's running a bit hot.  This should be under 50°C
 
 
Motherboard
Dell Inc. 0KU184 (Microprocessor) 59 °C
 

 

 

A hot CPU is a slow CPU and also one that may not live too long.  
 
See if you can get Speedfan to work:
 
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
 
It will tell you your temps in real time.  If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. Run a scan or watch a video and see if the temps climb on you.
 
Make sure you are operating on a hard surface and that the air vents are not blocked.  Usually what happens is dust builds up between the fan and heatsink.  You can try a cooling tray but most likely you will need to clean the heatsink.  Some Dells make it easy to get to the fan through a panel held on by 8 screws. (If you google the model number you will usually find Youtube instructions on how to disassemble your laptop to get to the fan.)   If yours is that way, unscrew the fan and clean the heatsink with a  small brush and a vacuum cleaner hose.  DO NOT UNSCREW THE HEATSINK OR COPPER HEAT PIPE.  If cleaning the heatsink does not help then you need to replace the themal paste which will require removing the heat pipe and heatsink assemby.  Sometimes the pads they use instead of paste dry out over time.  I recommend the kit from Arctic Silver 5
 
instructions are on their website.  
 
Your hard drive is not the best.  It's getting a little shaky as it gets old but the SMART still claims it's good.  The following raw values are indications that I don't like:

07
Attribute name Seek Error Rate
Real value 0
Current 79
Worst 60
Threshold 30
Raw Value 002EADFEB6
Status Good
09
 
...
 
 
 
 
 
 
 
Attribute name Reported Uncorrectable Errors
Real value 1,672
Current 1
Worst 1
Threshold 0
Raw Value 0000000688
Status Good
BD
 
 
 
...
 
 
 
Attribute name Hardware ECC Recovered
Real value 0
Current 65
Worst 61
Threshold 0
Raw Value 0008F8EA72
Status Good

 

 

It may not be ready to fail but errors like these will slow it down some since I assume it has to go back and reread the data when it gets an error.


  • 0

#13
Falcor2
Posted 20 February 2016 - 09:18 PM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

I will try to get at the cooling fan to clean tomorrow. I will uninstall EMS and Dell Embassy Trust Suite also tomorrow. Java is still used by some older programs my wife has on disc, so I need to keep that. I will download Speedfan and try it. I did note that while in the program list that ( Get-A-Clip) is still there. This computer was given to my wife when the office she worked at closed. I know it's old, but if it lasts another 6 months it will be replaced. It's mounted to a docking station and stays on 24-7, so it probably has a buildup of dust. As it is the computer is running much better, it seems faster and has no adds or redirects so far. If not tomorrow, I will post on Monday to let you know how it went. Thank you for all your help so far.


  • 0

#14
RKinner
Posted 20 February 2016 - 09:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 55 
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

  • 0

#15
Falcor2
Posted 23 February 2016 - 01:50 AM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

I uninstalled EMS and tried to uninstall Dell Embassy Trust Suite by Wave and got the following message. The wave installer could not uninstall prerequisite wave infrastructure. Reason: Component failed to install. I went to the dell site, and could not find another way to uninstall it.

I installed speedfan and it seems to help with temps running 49-50 C. I checked on cleaning the cooling fan and heatsink and it's a major disassembly and the heat sink must be removed. I will hold off on that for now.

I cleared the Java cache and checked on updating Java but it jumps to Java 8.73 and i'm not sure if it will run on the XP 32 bit system.

I'm checking on getting a new laptop, but it still maybe 2-3 months.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP