Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help, computer is infected with addware and malware.

Started by Falcor2 , Feb 18 2016 02:48 PM

  • Please log in to reply

#16
RKinner
Posted 23 February 2016 - 07:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

go into Control Panel, Java, Security and set the slider to the Highest then OK.  That will prevent Java from being exploited.  

 

If you run another FRST with Addition.txt checked and post both logs I can make a fixlist which will remove  Dell Embassy Trust Suite by Wave


  • 0

Advertisements

#17
Falcor2
Posted 23 February 2016 - 10:06 AM

Falcor2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

OK, I set the security slider in Java control panel to the highest level.

While removing  Dell Embassy Trust Suite by Wave, can we get rid of ( Get-A-Clip) at the same time?

 

Thank you very much for all your help sofar

Logs to follow

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by Front Desk (administrator) on JEANNE (23-02-2016 10:43:12)
Running from C:\Documents and Settings\Front Desk\Desktop
Loaded Profiles: Front Desk (Available Profiles: Front Desk & LogMeInRemoteUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [mflstart] => C:\Program Files\Get-a-Clip\mflstart.exe
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll [2015-11-19] (LogMeIn, Inc.)
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
AppInit_DLLs: mfllib.dll => No File
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2239EF8C-819A-4115-AC14-D60C944FE5A9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{319CB493-C1AA-42CD-89B4-2AE44929C51E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9479C24B-3DD6-4ED9-AA95-D0D78551B73E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> DefaultScope {DD259C95-6D0C-4027-9478-CEB509D0DDE3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> {DD259C95-6D0C-4027-9478-CEB509D0DDE3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> No File
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///D:/Scripts/LTOCX14N.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} hxxps://vpn.flaglerhospital.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} hxxps://images.flaglerhospital.org/ami/install/msxml4.cab
DPF: {8B9D77B2-39C0-4674-AF42-BBD50FF71781} hxxps://images.doctorsimaginggroup.com/ami/install/amiviewer.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} hxxp://www.flaglerhospital.org/extranet/nav/vpn/webinst.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mygp.gp.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1083
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2012-05-14] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-07] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Front Desk\Application Data\Mozilla\Firefox\Profiles\som590nm.default-1455821559859
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2007805527-2214855839-2415389009-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Front Desk\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-01-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2007805527-2214855839-2415389009-1005: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Front Desk\Application Data\Zoom\bin\npzoomplugin.dll [2015-11-30] (Zoom Video Communications, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-01-19]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\WINDOWS\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-19]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-17]
CHR Extension: (Norton Safe) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIGuardianSvc; C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe [411632 2015-11-19] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-20] (Symantec Corporation)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-05-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-07-28] (Intuit Inc.) [File not signed]
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-18] (SigmaTel, Inc.) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe /Processid:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 AE1000; C:\WINDOWS\System32\DRIVERS\AE1000XP.sys [816672 2010-02-12] (Ralink Technology, Corp.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21393 2007-10-09] (Cisco Systems, Inc.)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20160213.003\BHDrvx86.sys [1193032 2015-10-08] (Symantec Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1605050.00F\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 DXEC01; C:\WINDOWS\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2016-01-22] (Symantec Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
R3 IDSxpx86; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20160222.001\IDSxpx86.sys [548536 2016-02-13] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20160222.033\NAVENG.SYS [104440 2016-01-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20160222.033\NAVEX15.SYS [1647216 2016-01-22] (Symantec Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\1605050.00F\SRTSP.SYS [712944 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1605050.00F\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1228296 2007-02-18] (SigmaTel, Inc.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\1605050.00F\SYMEFASI.SYS [1287408 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [103152 2015-07-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1605050.00F\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1605050.00F\SYMTDI.SYS [388440 2015-11-11] (Symantec Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 10:43 - 2016-02-23 10:44 - 00019776 _____ C:\Documents and Settings\Front Desk\Desktop\FRST.txt
2016-02-23 10:42 - 2016-02-23 10:43 - 00000000 ____D C:\FRST
2016-02-23 10:41 - 2016-02-18 14:34 - 01722368 _____ (Farbar) C:\Documents and Settings\Front Desk\Desktop\FRST.exe
2016-02-21 13:39 - 2016-02-23 10:19 - 00000000 ____D C:\Program Files\SpeedFan
2016-02-21 13:39 - 2016-02-21 13:39 - 00000682 _____ C:\Documents and Settings\Front Desk\Desktop\SpeedFan.lnk
2016-02-21 13:39 - 2016-02-21 13:39 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2016-02-21 13:39 - 2016-02-21 13:39 - 00000000 ____D C:\Documents and Settings\Front Desk\Start Menu\Programs\SpeedFan
2016-02-21 13:37 - 2016-02-21 13:38 - 02218504 _____ C:\Documents and Settings\Front Desk\Desktop\instspeedfan451.exe
2016-02-19 20:10 - 2016-02-19 20:10 - 00003380 _____ C:\Documents and Settings\Front Desk\Desktop\System Idle Process.txt
2016-02-19 20:04 - 2016-02-19 20:04 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Front Desk\Desktop\procexp.exe
2016-02-19 18:12 - 2016-02-19 21:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-19 18:08 - 2016-02-19 18:40 - 00003670 _____ C:\VEW.txt
2016-02-19 16:16 - 2016-02-19 16:16 - 00061440 _____ ( ) C:\Documents and Settings\Front Desk\Desktop\VEW.exe
2016-02-10 14:05 - 2016-02-16 04:10 - 00000000 ____D C:\AdwCleaner
2016-02-10 14:05 - 2016-02-10 14:05 - 01508352 _____ C:\Documents and Settings\Front Desk\Desktop\AdwCleaner.exe
2016-02-10 12:38 - 2016-02-10 12:40 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-10 12:38 - 2016-02-10 12:38 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-10 12:38 - 2016-02-10 12:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-10 12:37 - 2016-02-10 12:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-10 12:37 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-10 12:37 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-10 12:31 - 2016-02-10 12:33 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Front Desk\Desktop\mbam-setup-2.2.0.1024.exe
2016-02-09 06:25 - 2016-02-19 18:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-09 06:25 - 2016-02-18 12:27 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-09 06:25 - 2016-02-18 12:27 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-02-09 06:25 - 2016-02-09 06:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2016-02-09 06:21 - 2016-02-09 06:21 - 00000000 ____D C:\Documents and Settings\Front Desk\Temp
2016-01-30 18:12 - 2016-01-30 18:13 - 00000000 ____D C:\Documents and Settings\Front Desk\My Documents\METLIFE

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 10:44 - 2007-10-24 15:24 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Temp
2016-02-23 10:35 - 2014-11-17 12:44 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-23 10:32 - 2015-06-18 07:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-23 10:32 - 2014-11-17 12:44 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-23 10:32 - 2004-08-11 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-23 10:24 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2016-02-23 10:23 - 2007-10-09 01:05 - 00003930 _____ C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2016-02-23 10:23 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-23 10:22 - 2004-08-11 17:20 - 00032488 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-23 10:21 - 2007-10-24 15:24 - 00000178 ___SH C:\Documents and Settings\Front Desk\ntuser.ini
2016-02-23 09:51 - 2015-08-14 12:47 - 00000524 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job
2016-02-23 09:29 - 2015-08-23 12:32 - 00000620 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job
2016-02-22 18:05 - 2015-07-17 19:21 - 00000000 ____D C:\Documents and Settings\Front Desk\My Documents\KATIE
2016-02-22 18:02 - 2012-04-23 14:54 - 00002515 _____ C:\Documents and Settings\Front Desk\Desktop\Microsoft Office Word 2007.lnk
2016-02-21 20:33 - 2010-08-06 15:55 - 00000572 ____C C:\Documents and Settings\Front Desk\My Documents\spider.sav
2016-02-21 14:46 - 2004-08-11 17:02 - 00000000 ____D C:\WINDOWS\Help
2016-02-21 13:49 - 2007-10-09 01:05 - 00000000 ____D C:\Program Files\Dell
2016-02-19 02:00 - 2004-08-11 17:20 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2016-02-18 12:32 - 2007-10-24 15:24 - 00000000 ____D C:\Documents and Settings\Front Desk
2016-02-16 04:03 - 2014-06-12 08:27 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Application Data\Adobe
2016-02-14 01:05 - 2014-03-13 16:00 - 00000000 ____D C:\Documents and Settings\Front Desk\Local Settings\Application Data\NPE
2016-02-12 12:19 - 2015-11-19 20:37 - 00000000 ____D C:\Program Files\LogMeIn Ignition
2016-02-10 17:27 - 2014-12-21 08:14 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-02-10 17:10 - 2014-06-19 14:54 - 00000000 ____D C:\Documents and Settings\Front Desk\Desktop\Old Firefox Data
2016-02-10 17:00 - 2014-04-03 08:22 - 00064152 ____H C:\WINDOWS\system32\mlfcache.dat
2016-02-10 15:14 - 2004-08-11 17:00 - 00000211 __RSH C:\boot.ini
2016-02-10 14:09 - 2011-05-17 16:44 - 00000000 ____D C:\Documents and Settings\Front Desk\Application Data\Yahoo!
2016-02-10 13:37 - 2014-10-04 08:30 - 00000258 __RSH C:\Documents and Settings\All Users\ntuser.pol
2016-02-10 13:37 - 2004-08-11 17:06 - 00000000 ____D C:\Documents and Settings\All Users
2016-02-10 13:35 - 2014-05-02 12:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2016-02-10 12:14 - 2012-04-09 07:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-02-10 11:53 - 2013-02-06 17:10 - 01359594 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2007805527-2214855839-2415389009-1005-0.dat
2016-02-10 11:53 - 2013-01-17 17:04 - 00226746 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-02-10 11:08 - 2008-02-18 08:00 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 06:32 - 2012-06-01 07:42 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-10 06:32 - 2012-06-01 07:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-04 19:46 - 2014-11-17 12:45 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-04 19:46 - 2014-11-17 12:45 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-01-30 18:13 - 2007-10-24 15:24 - 00000000 ___RD C:\Documents and Settings\Front Desk\My Documents

==================== Files in the root of some directories =======

2015-12-02 21:23 - 2015-12-02 21:23 - 0000093 _____ () C:\Documents and Settings\Front Desk\Application Data\ARCompanion.log
2014-11-17 10:39 - 2014-11-17 10:39 - 0001122 ____C () C:\Documents and Settings\Front Desk\Application Data\ConvAPIPlugin.log
2007-11-05 10:11 - 2007-11-05 10:11 - 0012358 ____C () C:\Documents and Settings\Front Desk\Application Data\PFP110JCM.{PB
2007-11-05 10:11 - 2007-11-05 10:11 - 0061678 ____C () C:\Documents and Settings\Front Desk\Application Data\PFP110JPR.{PB
2014-10-14 23:16 - 2014-10-14 23:16 - 0000042 ____C () C:\Documents and Settings\Front Desk\Application Data\WB.CFG
2008-06-19 16:00 - 2008-06-19 16:00 - 0003584 ____C () C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-28 08:24 - 2011-07-28 10:31 - 0015842 __SHC () C:\Documents and Settings\Front Desk\Local Settings\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0
2013-05-10 07:31 - 2013-05-10 07:31 - 0000057 ____C () C:\Documents and Settings\All Users\Application Data\Ament.ini
2014-11-17 09:37 - 2015-12-02 22:39 - 0009099 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2011-07-28 08:24 - 2011-07-28 10:31 - 0015842 __SHC () C:\Documents and Settings\All Users\Application Data\xn20f483ph53a0o7q33nv25f33vqr33fh881r37xjcc0

Some files in TEMP:
====================
C:\Documents and Settings\Front Desk\Local Settings\Temp\jre-8u73-windows-au.exe
C:\Documents and Settings\Front Desk\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\Front Desk\Local Settings\Temp\sfamcc00002.dll
C:\Documents and Settings\Front Desk\Local Settings\Temp\sfextra.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Front Desk (2016-02-23 10:44:46)
Running from C:\Documents and Settings\Front Desk\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2007-10-24 20:24:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2007805527-2214855839-2415389009-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Front Desk (S-1-5-21-2007805527-2214855839-2415389009-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Front Desk
Guest (S-1-5-21-2007805527-2214855839-2415389009-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2007805527-2214855839-2415389009-1004 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-2007805527-2214855839-2415389009-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\LogMeInRemoteUser
SUPPORT_388945a0 (S-1-5-21-2007805527-2214855839-2415389009-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
biolsp patch (Version: 01.00.01.0010 - Wave Systems Corp) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
Brother HL-2040 (HKLM\...\{6319890B-22D5-44C2-ADC3-028226CACF67}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Calendar Packages (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\Calendar Packages) (Version:  - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Embassy Trust Suite by Wave Systems (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.00.00.039 - Wave Systems Corp)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.1.101.6 - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DR Systems Web Ambassador (HKLM\...\{98BCB68E-274F-11D4-B2FA-00105AA9021A}) (Version:  - )
EMBASSY Security Setup (Version: 03.00.00.035 - Wave Systems Corp) Hidden
ESC Home Page Plugin (Version: 03.00.00.013 - Wave Systems Corp) Hidden
ETS Upgrade (Version: 02.00.00.012 - Wave Systems Corp) Hidden
Get-a-Clip (HKLM\...\Get-a-Clip) (Version:  - Get-a-Clip)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.12.0.4431 (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\GoToMeeting) (Version: 7.12.0.4431 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
IntelliSonic Speech Enhancement (HKLM\...\{D9FCA292-1186-421F-8D93-9A5D272AD5D0}) (Version: 2.1.37 - Knowles Acoustics)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Juniper Networks Setup Client (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\Juniper_Setup_Client) (Version: 2.2.3.8885 - Juniper Networks)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version:  - )
LogMeIn (HKLM\...\{EE4CA5AF-4A55-418C-8CB8-74435814207B}) (Version: 4.1.2450 - LogMeIn, Inc.)
LogMeIn Client (HKLM\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marketsplash Shortcuts (HKLM\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
MEDITECH Workstation4.x (HKLM\...\Workstation4.x) (Version:  - )
mHlpDell (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
mIWA (Version: 9.24.0000 - Intel Corporation) Hidden
mLogView (Version: 9.24.0000 - Intel Corporation) Hidden
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
mPfWiz (Version: 9.24.0000 - Intel Corporation) Hidden
MPM (HKLM\...\{D48AD533-BAD5-469B-A9AA-272C6D80E70B}) (Version: 1.00.0000 - Hewlett-Packard)
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
MyCalendar (HKLM\...\Tweaks MyCalendar) (Version: 1.1.3 - Tweaks)
mZConfig (Version: 9.24.0000 - Intel Corporation) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Norton 360 Premier (HKLM\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.122.0 - NortonLive Services)
O2Micro USB Smart Card Reader (Version: 1.00.0000 - Dell Inc.) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
QuickBooks (Version: 21.0.4011.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4011.904 - Intuit Inc.)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.1.12 - Dell Computer Corporation)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Secure Fast PC (HKLM\...\Secure Fast PC1.0) (Version: 1.0 - Developerts LLC)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4820.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Time Clock SBE 2.3 (HKLM\...\Time Clock SBE 2.3) (Version: 2.3 - Barger Solutions)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
upekmsi (Version: 02.00.02.0010 - Wave Systems Corp) Hidden
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Wave Infrastructure Installer (Version: 03.05.10.0050 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.04.00.018 - Wave Systems Corp) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - O2Micro (guardian2) SmartCardReader  (02/05/2007 1.1.3.7) (HKLM\...\5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD) (Version: 02/05/2007 1.1.3.7 - O2Micro)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
Zoom (HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2553\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 -> C:\WINDOWS\system32\dartsock.dll (Dart Communications)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job => C:\Program Files\Citrix\GoToMeeting\4431\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2007805527-2214855839-2415389009-1005.job => C:\Program Files\Citrix\GoToMeeting\4431\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job => c:\Program Files\Microsoft IntelliPoint\ipoint.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-06-06 07:20 - 2010-05-13 22:47 - 00059904 ____N () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\pphp1020.dll
2012-07-27 22:57 - 2002-11-26 12:43 - 00106496 ____N () C:\WINDOWS\system32\BrMuSNMP.dll
2007-10-09 01:24 - 2006-08-18 13:17 - 00056056 ____N () C:\WINDOWS\system32\DLAAPI_W.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\audible.com -> hxxps://www.audible.com
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\doctorsimaginggroup.com -> hxxps://images.doctorsimaginggroup.com
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\flaglerhospital.org -> hxxps://images.flaglerhospital.org
IE trusted site: HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\...\radmd.com -> hxxps://www.radmd.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 17:00 - 2014-05-06 14:20 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2007805527-2214855839-2415389009-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Front Desk\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.254
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Documents and Settings\Front Desk\Local Settings\Temp\7zS414E\OJP8500vA909_Full_14\setup\hpznui01.exe] => Enabled:hpznui01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Front Desk\Local Settings\Temp\7zS414E\OJP8500vA909_Full_14\setup\hpznui01.exe] => Enabled:hpznui01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\ADBServer\rmAGenerator.exe] => Enabled:RMA Gen
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Get-a-Clip\Get-a-Clip.exe] => Enabled:Get-a-Clip
StandardProfile\AuthorizedApplications: [C:\Program Files\Get-a-Clip\MFLService2.exe] => Enabled:Get-a-Clip
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP

==================== Restore Points =========================

26-11-2015 03:53:39 System Checkpoint
27-11-2015 04:19:41 System Checkpoint
28-11-2015 04:53:42 System Checkpoint
29-11-2015 05:04:49 System Checkpoint
30-11-2015 05:22:18 System Checkpoint
01-12-2015 05:22:50 System Checkpoint
02-12-2015 07:11:40 System Checkpoint
02-12-2015 21:19:08 Removed Centricity Enterprise Web 3.0 Client  (SPa10)
02-12-2015 21:20:05 Removed Cisco AnyConnect VPN Client
02-12-2015 21:21:09 Removed Citrix Online Launcher
02-12-2015 21:26:44 Removed Code-X 2013
02-12-2015 21:32:44 Removed Code-X 2014
02-12-2015 21:36:59 Removed DR Systems Web Product Installation
02-12-2015 21:40:39 Removed HP Officejet 6500 E710a-f Product Improvement Study
02-12-2015 21:41:12 Removed HP Officejet 6500 E710n-z Help
02-12-2015 21:41:43 Removed HP Officejet 6500 E710n-z Product Improvement Study
02-12-2015 21:54:18 Removed HP Officejet 6500 E710a-f Help
02-12-2015 22:20:28 Removed MPM
02-12-2015 22:34:04 Removed HP Officejet Pro 8600 Basic Device Software
02-12-2015 22:36:20 Removed HP Officejet Pro 8600 Help
02-12-2015 22:37:01 Removed HP Officejet Pro 8600 Product Improvement Study
02-12-2015 22:41:08 Removed HP Photosmart Essential
02-12-2015 22:41:40 Removed HP Product Detection
02-12-2015 22:42:32 Removed HP Update.
02-12-2015 22:43:44 Removed MSN Toolbar
03-12-2015 23:28:05 System Checkpoint
04-12-2015 23:52:29 System Checkpoint
06-12-2015 01:18:35 System Checkpoint
07-12-2015 01:52:25 System Checkpoint
08-12-2015 01:52:47 System Checkpoint
09-12-2015 02:51:24 System Checkpoint
09-12-2015 03:00:36 Software Distribution Service 3.0
10-12-2015 04:03:55 System Checkpoint
11-12-2015 04:20:24 System Checkpoint
12-12-2015 04:55:55 System Checkpoint
13-12-2015 05:55:53 System Checkpoint
14-12-2015 07:43:40 System Checkpoint
15-12-2015 08:20:02 System Checkpoint
16-12-2015 08:32:03 System Checkpoint
17-12-2015 09:08:37 System Checkpoint
18-12-2015 09:56:37 System Checkpoint
19-12-2015 11:01:09 System Checkpoint
20-12-2015 11:21:19 System Checkpoint
21-12-2015 13:36:56 System Checkpoint
22-12-2015 17:00:21 System Checkpoint
23-12-2015 18:44:07 System Checkpoint
24-12-2015 19:20:34 System Checkpoint
25-12-2015 20:20:35 System Checkpoint
26-12-2015 22:00:33 System Checkpoint
27-12-2015 22:49:30 System Checkpoint
29-12-2015 01:04:17 System Checkpoint
30-12-2015 01:22:27 System Checkpoint
31-12-2015 01:41:07 System Checkpoint
01-01-2016 02:55:33 System Checkpoint
02-01-2016 03:41:02 System Checkpoint
03-01-2016 03:41:22 System Checkpoint
04-01-2016 06:35:50 System Checkpoint
05-01-2016 07:28:15 System Checkpoint
06-01-2016 07:40:31 System Checkpoint
07-01-2016 08:00:11 System Checkpoint
08-01-2016 18:19:05 System Checkpoint
09-01-2016 22:00:38 System Checkpoint
10-01-2016 23:07:09 System Checkpoint
12-01-2016 00:06:08 System Checkpoint
13-01-2016 00:54:03 System Checkpoint
13-01-2016 03:00:20 Software Distribution Service 3.0
14-01-2016 03:42:04 System Checkpoint
15-01-2016 04:54:06 System Checkpoint
16-01-2016 05:54:08 System Checkpoint
17-01-2016 06:42:09 System Checkpoint
18-01-2016 07:26:51 System Checkpoint
19-01-2016 07:35:51 System Checkpoint
20-01-2016 07:58:57 System Checkpoint
21-01-2016 08:00:26 System Checkpoint
22-01-2016 08:53:10 System Checkpoint
23-01-2016 09:45:46 System Checkpoint
24-01-2016 10:45:49 System Checkpoint
25-01-2016 11:06:10 System Checkpoint
26-01-2016 11:45:46 System Checkpoint
27-01-2016 16:33:52 System Checkpoint
28-01-2016 21:19:39 System Checkpoint
30-01-2016 01:19:16 System Checkpoint
31-01-2016 02:31:23 System Checkpoint
01-02-2016 03:11:14 System Checkpoint
02-02-2016 07:23:23 System Checkpoint
03-02-2016 08:19:56 System Checkpoint
04-02-2016 09:45:41 System Checkpoint
05-02-2016 20:08:20 System Checkpoint
06-02-2016 20:52:29 System Checkpoint
08-02-2016 00:09:22 System Checkpoint
09-02-2016 00:21:46 System Checkpoint
10-02-2016 00:33:28 System Checkpoint
10-02-2016 11:06:29 Software Distribution Service 3.0
10-02-2016 12:12:13 Software Distribution Service 3.0
11-02-2016 12:40:49 System Checkpoint
12-02-2016 14:22:50 System Checkpoint
13-02-2016 18:28:22 System Checkpoint
14-02-2016 18:54:30 System Checkpoint
15-02-2016 23:55:25 System Checkpoint
17-02-2016 00:16:24 System Checkpoint
18-02-2016 00:16:32 System Checkpoint
19-02-2016 00:50:44 System Checkpoint
20-02-2016 01:20:45 System Checkpoint
21-02-2016 02:32:47 System Checkpoint
21-02-2016 13:49:22 Removed EMS.
22-02-2016 14:43:25 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2016 10:30:46 AM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (02/23/2016 10:30:43 AM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

Error: (02/23/2016 10:24:01 AM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Error: (02/23/2016 10:24:00 AM) (Source: MSDTC) (EventID: 4112) (User: )
Description: Could not start the MS DTC Transaction Manager.

Error: (02/23/2016 10:24:00 AM) (Source: MSDTC) (EventID: 4185) (User: )
Description: MS DTC Transaction Manager start failed. LogInit returned error 0x2.

Error: (02/23/2016 10:24:00 AM) (Source: MSDTC) (EventID: 4163) (User: )
Description: MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

Error: (02/21/2016 04:35:12 PM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (02/21/2016 04:35:09 PM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

Error: (02/21/2016 04:28:32 PM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Error: (02/21/2016 04:28:31 PM) (Source: MSDTC) (EventID: 4112) (User: )
Description: Could not start the MS DTC Transaction Manager.


System errors:
=============
Error: (02/23/2016 10:24:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/21/2016 04:28:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/21/2016 03:33:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/21/2016 02:00:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/21/2016 01:54:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/19/2016 06:17:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Error: (02/19/2016 05:53:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 29%
Total physical RAM: 2038.04 MB
Available physical RAM: 1436.13 MB
Total Virtual: 3407.06 MB
Available Virtual: 2975.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.73 GB) (Free:78.69 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP