Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Pop ups especially when I try to click on a link need removal help


  • This topic is locked This topic is locked
32 replies to this topic

#1 depogirl

depogirl

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 23 October 2014 - 11:50 AM

hi all I regularly use malware bytes but its not removing the random pop ups. i should have known better than to download a file the other day... ;(.  Most of the pages I can close out but its beyond annoying and keeping me from working. here is my log (below and attached) please help when able to and thanks in advance for your help:

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by mlitt at 9:44:17 on 2014-10-23
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3292.1579 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Novell\Messenger\NMCL32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.live.com
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Novell Messenger] "c:\program files\novell\messenger\NMCL32.exe"
mRun: [NWTRAY] NWTRAY.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\progra~1\novell\messen~1\NMCL32.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP7EP2-4/event/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1083
TCP: NameServer = 8.8.8.8 68.116.46.115 69.144.127.53
TCP: Interfaces\{6E45A073-141C-420C-B784-F35216C223D4} : DHCPNameServer = 8.8.8.8 68.116.46.115 69.144.127.53
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 ncv1_0
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mlitt\appdata\roaming\mozilla\firefox\profiles\hl3sutw8.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\mlitt\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\mlitt\appdata\local\dvcplugin1.7.1.0\32\npDolbyVoiceConference1710.dll
FF - plugin: c:\users\mlitt\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\mlitt\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\users\mlitt\appdata\roaming\hopster\couponprinterplugin\2.0.2.0\npCouponPrinterPlugin.dll
FF - plugin: c:\users\mlitt\appdata\roaming\hopster\couponprinterplugin\2.0.2.0\npPrintUtil.dll
FF - plugin: c:\users\mlitt\appdata\roaming\mozilla\firefox\profiles\hl3sutw8.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\mlitt\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\drivers\ncfilter.sys [2012-7-13 91776]
R0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\drivers\ncrecognizer.sys [2012-7-13 111232]
R0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\drivers\ncuncfilter.sys [2012-7-13 22656]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-20 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 199448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 CouponPrinterService;Coupon Printer Service;c:\program files\coupons\CouponPrinterService.exe [2014-2-13 153072]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-8-25 47640]
R2 NCFSD;Novell Client File System Redirector;c:\program files\novell\client\xtier\drivers\ncfsd.sys [2012-7-13 91264]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\novell\client\xtier\drivers\ncioctl.sys [2012-7-13 61568]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-3-9 1248256]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2012-4-3 228824]
R2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2012-9-5 84112]
R2 webinstrNew;webinstrNew;c:\windows\system32\drivers\webinstrNew.sys [2014-10-22 51336]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\novell\client\xtier\services\xtsvcmgr.exe [2012-7-13 17024]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]
R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-15 108032]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-2 25600]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-1 1343400]
.
=============== Created Last 30 ================
.
2014-10-23 14:44:14    2275    ----a-w-    c:\windows\patsearch.bin
2014-10-22 23:16:59    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-22 23:16:47    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-22 23:16:47    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-22 23:16:47    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-10-22 23:09:34    51336    ----a-w-    c:\windows\system32\drivers\webinstrNew.sys
2014-10-22 15:23:25    --------    d-----w-    c:\users\mlitt\appdata\roaming\AVG2015
2014-10-22 15:20:36    --------    d-----w-    c:\programdata\AVG2015
2014-10-21 16:30:46    --------    d-----w-    c:\program files\Valassis
2014-10-21 15:46:58    --------    d-----w-    c:\users\mlitt\appdata\local\Avg2015
2014-10-15 14:34:53    2363904    ----a-w-    c:\windows\system32\msi.dll
2014-10-01 13:38:31    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-30 15:46:44    225576    ----a-w-    c:\program files\mozilla firefox\browser\plugins\npatgpc.dll
2014-09-30 15:46:44    --------    d-----w-    c:\users\mlitt\appdata\local\WebEx
2014-09-29 14:16:13    --------    d-----w-    c:\program files\iPod
2014-09-29 14:15:55    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-29 14:15:55    --------    d-----w-    c:\program files\iTunes
2014-09-24 13:48:05    2048    ----a-w-    c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-22 21:30:59    86912    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-10-22 21:30:59    53096    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-10-22 21:30:57    85864    ----a-w-    c:\windows\system32\LMIinit.dll
2014-10-22 21:30:57    31592    ----a-w-    c:\windows\system32\LMIport.dll
2014-10-21 16:03:26    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-21 15:39:05    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-21 15:39:05    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-10 01:44:58    230912    ----a-w-    c:\windows\system32\generaltel.dll
2014-10-10 01:44:35    396288    ----a-w-    c:\windows\system32\aepdu.dll
2014-10-10 01:39:38    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-10-01 18:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-29 00:41:36    2379264    ----a-w-    c:\windows\system32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-09-19 01:25:12    4201472    ----a-w-    c:\windows\system32\jscript9.dll
2014-09-19 01:14:57    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    c:\windows\system32\wininet.dll
2014-09-13 01:40:05    67072    ----a-w-    c:\windows\system32\packager.dll
2014-09-04 05:04:15    372736    ----a-w-    c:\windows\system32\rastls.dll
2014-08-23 01:46:55    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-21 04:49:40    193304    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2014-08-19 02:41:38    50176    ----a-w-    c:\windows\system32\setbcdlocale.dll
2014-08-19 02:41:22    50688    ----a-w-    c:\windows\system32\appidapi.dll
2014-08-19 02:41:22    27648    ----a-w-    c:\windows\system32\appidsvc.dll
2014-08-19 02:40:49    96768    ----a-w-    c:\windows\system32\appidpolicyconverter.exe
2014-08-19 02:40:49    16896    ----a-w-    c:\windows\system32\appidcertstorecheck.exe
2014-08-19 01:48:34    50176    ----a-w-    c:\windows\system32\drivers\appid.sys
2014-08-01 11:35:06    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
.
============= FINISH:  9:48:07.25 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 28 October 2014 - 11:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553037 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 02 November 2014 - 01:00 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 07 November 2014 - 09:43 AM

logs as requested - apologies as I know I am supposed to attach one log but there is not an option to attach only to copy/paste

please let me know the next steps and thank you!!

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by mlitt at 15:31:54 on 2014-11-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3292.1175 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Novell\Messenger\NMCL32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\mlitt\AppData\Local\Temp\CF7E.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Novell\GroupWise\grpwise.exe
C:\Program Files\Novell\GroupWise\GWSync.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Program Files\Canon\MP Navigator EX 1.0\mpnex10.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.live.com
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Novell Messenger] "c:\program files\novell\messenger\NMCL32.exe"
mRun: [NWTRAY] NWTRAY.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\progra~1\novell\messen~1\NMCL32.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1083
TCP: NameServer = 8.8.8.8 68.116.46.115 69.144.127.53
TCP: Interfaces\{6E45A073-141C-420C-B784-F35216C223D4} : DHCPNameServer = 8.8.8.8 68.116.46.115 69.144.127.53
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 ncv1_0
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mlitt\appdata\roaming\mozilla\firefox\profiles\hl3sutw8.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\mlitt\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\mlitt\appdata\local\dvcplugin1.7.1.0\32\npDolbyVoiceConference1710.dll
FF - plugin: c:\users\mlitt\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\mlitt\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\users\mlitt\appdata\roaming\hopster\couponprinterplugin\2.0.2.0\npCouponPrinterPlugin.dll
FF - plugin: c:\users\mlitt\appdata\roaming\hopster\couponprinterplugin\2.0.2.0\npPrintUtil.dll
FF - plugin: c:\users\mlitt\appdata\roaming\mozilla\firefox\profiles\hl3sutw8.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\mlitt\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\mlitt\appdata\roaming\revtrax\revtraxprintmycoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\drivers\ncfilter.sys [2012-7-13 91776]
R0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\drivers\ncrecognizer.sys [2012-7-13 111232]
R0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\drivers\ncuncfilter.sys [2012-7-13 22656]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-20 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 199448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 CouponPrinterService;Coupon Printer Service;c:\program files\coupons\CouponPrinterService.exe [2014-2-13 153072]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-8-25 47640]
R2 NCFSD;Novell Client File System Redirector;c:\program files\novell\client\xtier\drivers\ncfsd.sys [2012-7-13 91264]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\novell\client\xtier\drivers\ncioctl.sys [2012-7-13 61568]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-3-9 1248256]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2012-4-3 228824]
R2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2012-9-5 84112]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\novell\client\xtier\services\xtsvcmgr.exe [2012-7-13 17024]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]
R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-15 108032]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-2 25600]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-1 1343400]
.
=============== Created Last 30 ================
.
2014-11-06 17:18:43    --------    d-----w-    c:\users\mlitt\appdata\roaming\RevTrax
2014-10-30 03:23:56    --------    d-----w-    c:\users\mlitt\appdata\roaming\java
2014-10-27 15:17:28    --------    d-----w-    C:\AdwCleaner
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-10-27 03:28:13    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2014-10-27 03:21:58    --------    d-----w-    c:\program files\iPod
2014-10-27 03:21:57    --------    d-----w-    c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-27 03:21:57    --------    d-----w-    c:\program files\iTunes
2014-10-23 14:44:14    2275    ----a-w-    c:\windows\patsearch.bin
2014-10-22 23:16:59    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-22 23:16:47    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-22 23:16:47    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-22 23:16:47    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-10-22 15:23:25    --------    d-----w-    c:\users\mlitt\appdata\roaming\AVG2015
2014-10-22 15:20:36    --------    d-----w-    c:\programdata\AVG2015
2014-10-21 16:30:46    --------    d-----w-    c:\program files\Valassis
2014-10-21 15:46:58    --------    d-----w-    c:\users\mlitt\appdata\local\Avg2015
2014-10-15 14:34:53    2363904    ----a-w-    c:\windows\system32\msi.dll
.
==================== Find3M  ====================
.
2014-10-29 03:37:29    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-29 03:37:29    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-22 21:30:59    86912    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-10-22 21:30:59    53096    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-10-22 21:30:57    85864    ----a-w-    c:\windows\system32\LMIinit.dll
2014-10-22 21:30:57    31592    ----a-w-    c:\windows\system32\LMIport.dll
2014-10-21 16:03:26    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-10 01:44:58    230912    ----a-w-    c:\windows\system32\generaltel.dll
2014-10-10 01:44:35    396288    ----a-w-    c:\windows\system32\aepdu.dll
2014-10-10 01:39:38    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-10-02 21:23:20    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2014-10-02 21:23:20    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2014-10-01 18:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-29 00:41:36    2379264    ----a-w-    c:\windows\system32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-09-25 01:40:50    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-19 01:25:12    4201472    ----a-w-    c:\windows\system32\jscript9.dll
2014-09-19 01:14:57    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    c:\windows\system32\wininet.dll
2014-09-13 01:40:05    67072    ----a-w-    c:\windows\system32\packager.dll
2014-09-09 21:47:10    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-04 05:04:15    372736    ----a-w-    c:\windows\system32\rastls.dll
2014-08-23 01:46:55    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-21 04:49:40    193304    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2014-08-19 02:41:38    50176    ----a-w-    c:\windows\system32\setbcdlocale.dll
2014-08-19 02:41:22    50688    ----a-w-    c:\windows\system32\appidapi.dll
2014-08-19 02:41:22    27648    ----a-w-    c:\windows\system32\appidsvc.dll
2014-08-19 02:40:49    96768    ----a-w-    c:\windows\system32\appidpolicyconverter.exe
2014-08-19 02:40:49    16896    ----a-w-    c:\windows\system32\appidcertstorecheck.exe
2014-08-19 01:48:34    50176    ----a-w-    c:\windows\system32\drivers\appid.sys
.
============= FINISH: 15:34:43.96 ===============
 

 

attach log

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/25/2012 12:56:33 PM
System Uptime: 11/6/2014 6:07:48 AM (9 hours ago)
.
Motherboard: Dell Inc. |  | 0M858N
Processor: Intel® Core™2 Duo CPU     E7500  @ 2.93GHz | CPU | 2926/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 132.802 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (NTFS) - 1863 GiB total, 1341.748 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SonicWALL Virtual NIC
Device ID: ROOT\SWVNIC\0000
Manufacturer: SonicWALL
Name: SonicWALL Virtual NIC
PNP Device ID: ROOT\SWVNIC\0000
Service: SWVNIC
.
==== System Restore Points ===================
.
RP527: 11/6/2014 7:00:24 AM - Scheduled Checkpoint
RP528: 11/6/2014 9:18:07 AM - Installed RevTraxPrintMyCoupon
.
==== Installed Programs ======================
.
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Digital Editions 2.0
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2015
BBSAK
BlackBerry Desktop Software 7.1
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalina Savings Printer
Cisco WebEx Meetings
Dolby Voice Conference Plugin 1.7.1.0
GroupWise
GroupWise Client - VC Runtimes (release)
iCloud
iTunes
Java 7 Update 67
Java 8 Update 25
Java Auto Updater
Kyocera Product Library
LogMeIn
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WSE 3.0 Runtime
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
Nike+ Connect
NMAS Challenge Response Method
NMAS Client
Novell Client for Windows
Novell Messenger
P@H-Protocol
Polycom RealPresence Desktop
PowerDVD DX
Presto! PageManager 7.15.16
Quark Update
QuarkXPress
QuickBooks
QuickBooks Connection Diagnostic Tool
QuickBooks Pro 2011
QuickTime 7
RealLegal E-Transcript Bundle Viewer
RevTraxPrintMyCoupon
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
SonicWALL Global VPN Client
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2012 x86 Redistributables
Welcome Home To Windows Phone
Windows Phone app for desktop
.
==== Event Viewer Messages From Past Week ========
.
11/6/2014 6:12:52 AM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
11/5/2014 9:11:22 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
11/4/2014 1:39:56 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
 



#5 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 08 November 2014 - 04:50 PM

hi all is anyone watching this? just have not heard back thanks



#6 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 18 November 2014 - 06:41 PM

checking in on this again nobodys responded not sure what is the next step?



#7 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,280 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:53 AM

Posted 18 November 2014 - 06:54 PM

This topic has been re-opened at the request of the person who originally posted.

#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:53 PM

Posted 20 November 2014 - 02:18 AM

Apology for the delay. Let's get started.

Hi depogirl, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • Farbar Tool Log(s) --
      • FRST.txt
      • Addition.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 20 November 2014 - 06:14 PM

ok will run stay tuned



#10 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 20 November 2014 - 06:32 PM

as promised

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
Ran by mlitt (administrator) on WSN4 on 20-11-2014 15:16:45
Running from C:\Users\mlitt\Downloads
Loaded Profiles: mlitt & QBDataServiceUser21 (Available profiles: A & mlitt & Michel2 & QBDataServiceUser21 & DefaultAppPool)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
() C:\Windows\System32\nwtray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Novell, Inc.) C:\Program Files\Novell\Messenger\NMCL32.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
(Novell, Inc.) C:\Program Files\Novell\GroupWise\grpwise.exe
(Novell, Inc.) C:\Program Files\Novell\GroupWise\gwsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NWTRAY] => C:\Windows\system32\NWTRAY.EXE [34944 2012-07-13] ()
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-06-08] (LogMeIn, Inc.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2009-07-06] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\...\Run: [Novell Messenger] => C:\Program Files\Novell\Messenger\NMCL32.exe [1433675 2011-10-07] (Novell, Inc.)
HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3505383968-4064583084-4054668064-1005\...\Run: [ROC_JAN2013_TB] => "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
URLSearchHook: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1083
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 69.144.127.53

FireFox:
========
FF ProfilePath: C:\Users\mlitt\AppData\Roaming\Mozilla\Firefox\Profiles\hl3sutw8.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: @citrixonline.com/appdetectorplugin -> C:\Users\mlitt\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mlitt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\mlitt\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: dolby.com/DolbyVoiceConference1710 -> C:\Users\mlitt\AppData\Local\DVCPlugin1.7.1.0\32\npDolbyVoiceConference1710.dll (Dolby Laboratories)
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: hopster.com/CouponPrinterPlugin -> C:\Users\mlitt\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\mlitt\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\mlitt\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\mlitt\AppData\Roaming\Mozilla\Firefox\Profiles\hl3sutw8.default\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: Consumer Input - C:\Users\mlitt\AppData\Roaming\Mozilla\Firefox\Profiles\hl3sutw8.default\Extensions\ConsumerInput@Compete.xpi [2014-11-18]
FF HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\...\Firefox\Extensions: [{DA3F2A65-5659-CF57-1A88-CC82088D0BEB}] - C:\Program Files\ver5SpeeditUp\181.xpi

Chrome:
=======
CHR Profile: C:\Users\mlitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\mlitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-15]
CHR Extension: (YouTube) - C:\Users\mlitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-10-15] (Coupons.com Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-10-02] (Macrovision Europe Ltd.) [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-05-31] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-03-09] (Intuit Inc.) [File not signed]
R3 QuickBooksDB21; C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe [679936 2010-04-27] (Intuit, Inc.) [File not signed]
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [228824 2012-04-03] (SonicWALL, Inc.)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [17024 2012-07-13] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [109144 2011-08-04] (Citrix Systems, Inc.)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91776 2012-07-13] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [91264 2012-07-13] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [61568 2012-07-13] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [111232 2012-07-13] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22656 2012-07-13] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27264 2012-07-13] (Novell, Inc.)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [84112 2012-04-03] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2009-03-04] (SonicWALL, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [65152 2012-07-13] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [64128 2012-07-13] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [41088 2012-07-13] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [18560 2012-07-13] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [66176 2012-07-13] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [30848 2012-07-13] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [45696 2012-07-13] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [28800 2012-07-13] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [22144 2012-07-13] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [28800 2012-07-13] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [45184 2012-07-13] (Novell, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys E499E422412EF37576092A52648DB2B4
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiskx.sys CB2C2B24BD7E64CFB2B24D401FF5BBC0
C:\Windows\System32\DRIVERS\avgidsdriverx.sys 5C238CDA802ECA79D7C05EEDDEA7001B
C:\Windows\System32\DRIVERS\avgidshx.sys 6A019432682A6BD98B1548015CA7A4D4
C:\Windows\System32\DRIVERS\avgidsshimx.sys 2429F7F025F63532B6B264D97E4ECA49
C:\Windows\System32\DRIVERS\avgldx86.sys 9AFD535116E986D49877B811F3665E8E
C:\Windows\System32\DRIVERS\avglogx.sys D94378757947E02AE9BC484DF196A44D
C:\Windows\System32\DRIVERS\avgmfx86.sys 35DD83C14AA01F4817BA46A4D6B6A520
C:\Windows\System32\DRIVERS\avgrkx86.sys F016B95273E0B1961F204F7FD2FFD811
C:\Windows\System32\DRIVERS\avgtdix.sys 5A22A7A67BFB67D3223B7A339FC97780
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dnelwf.sys A2E81B695AA83DE46E49835EF9664999
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\System32\DRIVERS\e1k6032.sys 3EA531906572FFD549B72A10F828E58C
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67
C:\Windows\System32\DRIVERS\igdkmd32.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
C:\Windows\System32\Drivers\ksecpkg.sys 1E1845606C5A4579F7F3D95796CC1ED1
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Program Files\LogMeIn\x86\RaInfo.sys 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049
C:\Windows\System32\DRIVERS\lmimirr.sys 4477689E2D8AE6B78BA34C9AF4CC1ED1
C:\Windows\system32\drivers\LMIRfsDriver.sys 3FAA563DDF853320F90259D455A01D79
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nx6000.sys 956741C67ABAA78B19AADC5474936842
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NCFilter.sys 01964A3817E60468E4D72E515BC46BE3
C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys DEF4F10A4C98DF51EE1FA9FAECBAE305
C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys 04489A14BB6EAC7A2CBB6B9F09ED8550
C:\Windows\System32\DRIVERS\NCRecognizer.sys BCCEEC992C22F32B0F0F70B6AED5B816
C:\Windows\System32\DRIVERS\NCUncFilter.sys 71DC875C57E79243DA8F6ECE5F977CBD
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys 0753F388A717EDC670CE41D86AD0DE92
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 344D1FA0438A967F1A2BAA42C86D6E19
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys 03E0FE281823BA64B3782F5B38950E73
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RimSerial.sys 2C4FB2E9F039287767C384E46EE91030
C:\Windows\System32\Drivers\RootMdm.sys 564297827D213F52C7A3A2FF749568CA
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\system32\Drivers\SWIPsec.sys DFE5F8341D050B97E811B2B903589344
C:\Windows\System32\DRIVERS\swvnic.sys 962B13026B10B82D2874BFDA4ECC048D
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys EC1C23779BB41A8B2AB2AA6FCE308BDE
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys 2636480892B19E48EA54957773EAD322
C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys 22766AB88547AE21AF449CF70E086E27
C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys 693BF0720E75E455AE89F86C46C7EDEF
C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys 60F314E41BCC7FE7FB31CE8B12E8EBCB
C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys DF63E0B0F235A3F473C651F0A45086D1
C:\Program Files\Novell\Client\XTier\Drivers\niam.sys EB6F6BE7B00E69D4B0B4684C316545DE
C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys 7BC0DE232E486DD23F7CCEFDD1861A1E
C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys 38F2171FA67AE31D0FD6C702DC1F7E76
C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys 720E20CBF5A68FAC1D8FAEFDE12DF504
C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys D5BFBFF13BE7F29C2F3898A2C822A0D7
C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys BF87D4C03FA80C77F59F0E758FE313C2

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 15:16 - 2014-11-20 15:18 - 00037825 _____ () C:\Users\mlitt\Downloads\FRST.txt
2014-11-20 15:15 - 2014-11-20 15:17 - 00000000 ____D () C:\FRST
2014-11-20 15:15 - 2014-11-20 15:15 - 01108992 _____ (Farbar) C:\Users\mlitt\Downloads\FRST.exe
2014-11-19 13:23 - 2014-11-19 13:23 - 47017984 _____ () C:\Users\mlitt\Desktop\SOUND DEPOSITION SERVICE INC. (Backup Nov 19,2014  01 23 PM).QBB
2014-11-19 12:57 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 12:57 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 12:25 - 2014-11-18 12:25 - 00000000 ____D () C:\Users\mlitt\AppData\Roaming\Compete
2014-11-18 12:24 - 2014-11-18 12:24 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-11-18 12:24 - 2014-11-18 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
2014-11-16 18:56 - 2014-11-16 18:56 - 07013079 _____ () C:\Users\mlitt\Desktop\Sound-Foley Power Point Presentation 11-2014.pptx
2014-11-16 18:26 - 2014-11-16 18:55 - 07013076 _____ () C:\Users\mlitt\Desktop\DC PP Final 11-14.pptx
2014-11-13 16:51 - 2014-11-13 16:52 - 46628864 _____ () C:\Users\mlitt\Desktop\SOUND DEPOSITION SERVICE INC. (Backup Nov 13,2014  04 50 PM).QBB
2014-11-12 21:25 - 2014-11-12 21:25 - 00000000 __SHD () C:\Users\mlitt\AppData\Local\EmieBrowserModeList
2014-11-12 15:33 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 15:33 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 15:33 - 2014-11-05 19:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 15:33 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 15:33 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 15:33 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 15:33 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 15:33 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 15:33 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 15:33 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 15:33 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 15:33 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 15:33 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 15:33 - 2014-11-05 18:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 15:33 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 15:33 - 2014-11-05 18:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 15:33 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 15:33 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 15:33 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 15:33 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 15:33 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 15:33 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 15:33 - 2014-11-05 18:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 15:33 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 15:33 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 15:33 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 15:33 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 15:33 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 15:33 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 15:33 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 15:33 - 2014-11-05 09:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 15:33 - 2014-11-05 09:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 15:33 - 2014-11-05 09:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 15:33 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 15:33 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 15:33 - 2014-10-13 17:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 15:33 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 15:33 - 2014-10-13 17:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 15:33 - 2014-10-13 17:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 15:33 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 15:33 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 15:33 - 2014-10-09 16:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 15:33 - 2014-10-02 17:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 15:33 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 15:33 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 15:33 - 2014-10-02 17:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 15:33 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 15:33 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 15:33 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 15:33 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 15:33 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 15:33 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 15:33 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 15:33 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 15:33 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 15:33 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-10 16:54 - 2014-11-11 15:17 - 00008616 _____ () C:\Users\mlitt\Desktop\AVISPL list.xlsx
2014-11-10 16:48 - 2014-11-10 16:48 - 46616576 _____ () C:\Users\mlitt\Desktop\SOUND DEPOSITION SERVICE INC. (Backup Nov 10,2014  04 48 PM).QBB
2014-11-10 16:00 - 2014-11-10 16:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 16:50 - 2014-11-09 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-08 13:47 - 2014-11-08 13:47 - 00000000 ____D () C:\Program Files\Valassis
2014-11-08 13:44 - 2014-11-08 13:45 - 02119632 _____ (Valassis) C:\Users\mlitt\Downloads\P@H_prodcand-EIPxrSY1.exe
2014-11-06 16:38 - 2014-11-06 16:40 - 00000000 ____D () C:\Users\mlitt\Desktop\Sound Certifications
2014-11-06 16:36 - 2014-11-06 16:40 - 00000000 ____D () C:\Users\mlitt\Desktop\Job search 2014
2014-11-06 15:31 - 2014-11-06 15:31 - 00688992 ____R (Swearware) C:\Users\mlitt\Downloads\dds(1).com
2014-11-06 09:18 - 2014-11-06 09:18 - 00000000 ____D () C:\Users\mlitt\AppData\Roaming\RevTrax
2014-11-06 09:15 - 2014-11-06 09:17 - 01732608 _____ () C:\Users\mlitt\Downloads\RevTraxPrintMyCoupon.msi
2014-11-04 08:06 - 2014-11-04 08:07 - 46583808 _____ () C:\Users\mlitt\Desktop\SOUND DEPOSITION SERVICE INC. (Backup Nov 04,2014  08 06 AM).QBB
2014-10-29 21:34 - 2014-10-29 21:34 - 00213784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-10-29 19:23 - 2014-10-29 19:23 - 00000000 ____D () C:\Users\mlitt\AppData\Roaming\java
2014-10-29 15:45 - 2014-11-04 11:02 - 00015067 _____ () C:\Users\mlitt\Desktop\29oct 2014 cash received.xlsx
2014-10-27 07:17 - 2014-10-27 07:40 - 00000000 ____D () C:\AdwCleaner
2014-10-27 07:15 - 2014-10-27 07:16 - 01998336 _____ () C:\Users\mlitt\Downloads\AdwCleaner.exe
2014-10-26 19:27 - 2014-10-26 19:28 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-26 19:27 - 2014-10-26 19:27 - 00001817 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-26 19:27 - 2014-10-26 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-26 19:23 - 2014-10-26 19:23 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-26 19:23 - 2014-10-26 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-26 19:21 - 2014-10-26 19:23 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-26 19:21 - 2014-10-26 19:23 - 00000000 ____D () C:\Program Files\iTunes
2014-10-26 19:21 - 2014-10-26 19:21 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 08:49 - 2014-10-23 08:49 - 00009118 _____ () C:\Users\mlitt\Desktop\DDS Attach.txt
2014-10-23 08:48 - 2014-11-06 15:36 - 00020028 _____ () C:\Users\mlitt\Desktop\dds.txt
2014-10-23 08:48 - 2014-11-06 15:36 - 00008352 _____ () C:\Users\mlitt\Desktop\attach.txt
2014-10-23 08:43 - 2014-10-23 08:43 - 00688992 ____R (Swearware) C:\Users\mlitt\Downloads\dds.com
2014-10-23 06:44 - 2014-10-23 06:44 - 00002275 _____ () C:\Windows\patsearch.bin
2014-10-22 15:16 - 2014-10-27 06:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 15:16 - 2014-10-22 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 15:16 - 2014-10-22 15:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-22 15:16 - 2014-10-01 10:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 15:16 - 2014-10-01 10:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 15:09 - 2014-10-22 15:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-22 07:23 - 2014-10-22 07:23 - 00000000 ____D () C:\Users\mlitt\AppData\Roaming\AVG2015
2014-10-22 07:22 - 2014-11-13 11:19 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-22 07:20 - 2014-10-22 09:46 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 08:34 - 2014-10-21 08:35 - 02119632 _____ (Valassis) C:\Users\mlitt\Downloads\P@H_prodcand-cAnqra0J.exe
2014-10-21 07:46 - 2014-10-22 07:38 - 00000000 ____D () C:\Users\mlitt\AppData\Local\Avg2015
2014-10-21 07:02 - 2014-10-21 07:02 - 00573592 _____ () C:\Windows\Minidump\102114-48438-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 15:18 - 2010-05-12 16:44 - 00000000 ____D () C:\Users\mlitt\Documents\GroupWise
2014-11-20 14:46 - 2012-08-25 18:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 13:55 - 2012-08-25 11:22 - 01645980 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 11:33 - 2012-08-25 14:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-20 09:14 - 2012-08-25 19:04 - 00000100 _____ () C:\Windows\WPCMAPI.INI
2014-11-20 06:47 - 2009-07-13 20:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 06:47 - 2009-07-13 20:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 06:45 - 2012-08-25 11:58 - 00823106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 06:40 - 2014-01-28 07:39 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-20 06:40 - 2014-01-28 07:39 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-20 06:40 - 2013-01-23 07:41 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-11-20 06:40 - 2012-08-25 17:52 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-20 06:40 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 06:40 - 2009-07-13 20:39 - 00104291 _____ () C:\Windows\setupact.log
2014-11-19 17:07 - 2012-08-27 19:16 - 00000000 ____D () C:\Users\mlitt\AppData\Roaming\.oit
2014-11-18 12:24 - 2012-11-17 06:16 - 00008564 _____ () C:\Users\mlitt\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-11-18 12:24 - 2012-11-17 06:16 - 00000000 ____D () C:\Program Files\Common Files\XCPCSync.OEM
2014-11-18 12:24 - 2012-11-17 06:16 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
2014-11-18 12:21 - 2014-06-05 09:14 - 00000000 ____D () C:\Program Files\Citrix
2014-11-17 15:43 - 2011-11-29 17:34 - 00000000 ____D () C:\Users\mlitt\Desktop\Litt Family Trust
2014-11-15 07:44 - 2011-08-30 07:03 - 00000000 ____D () C:\Users\mlitt\Desktop\coupons and online purchase
2014-11-13 19:03 - 2010-05-24 16:04 - 00002048 ___HC () C:\Users\mlitt\Documents\Default.rdp
2014-11-13 17:37 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\rescache
2014-11-13 17:06 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 16:13 - 2012-08-26 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-11-13 16:13 - 2012-08-26 16:07 - 00000000 ____D () C:\Program Files\Coupons
2014-11-13 11:19 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-12 21:48 - 2011-08-31 11:00 - 00025428 _____ () C:\Users\mlitt\Desktop\medical spreadsheet 2010.xlsx
2014-11-12 21:20 - 2009-07-13 20:33 - 00427208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 21:18 - 2014-05-07 06:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:15 - 2012-08-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 21:12 - 2013-08-14 20:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 21:09 - 2012-09-30 12:48 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 17:16 - 2014-06-05 09:13 - 00000000 ____D () C:\Users\mlitt\AppData\Local\Citrix
2014-11-12 15:22 - 2012-08-26 15:55 - 00262218 _____ () C:\Windows\PFRO.log
2014-11-12 15:22 - 2012-08-25 18:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-11 16:46 - 2012-08-25 18:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-11 16:46 - 2012-08-25 18:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 06:36 - 2012-11-28 07:18 - 00000000 ____D () C:\Users\mlitt\AppData\Roaming\Apple Computer
2014-11-09 12:31 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 09:59 - 2014-06-09 13:49 - 00000000 ____D () C:\Users\DefaultAppPool
2014-11-05 17:17 - 2011-05-18 20:42 - 00018316 _____ () C:\Users\mlitt\Desktop\building scenarios.xlsx
2014-11-04 07:55 - 2013-06-20 11:21 - 00020528 _____ () C:\Users\mlitt\Desktop\FEDEXJunework2013.xlsx
2014-11-02 20:10 - 2009-07-13 20:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-29 15:38 - 2012-10-04 14:38 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-28 19:38 - 2014-08-16 12:00 - 00000000 ____D () C:\Users\mlitt\AppData\Local\Adobe
2014-10-26 19:21 - 2014-09-29 06:15 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-26 19:21 - 2012-11-28 07:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-23 08:16 - 2014-09-17 07:07 - 00000000 ____D () C:\Users\mlitt\AppData\Local\Nike
2014-10-22 15:16 - 2012-08-25 14:31 - 00000000 ____D () C:\Users\mlitt\AppData\Roaming\Malwarebytes
2014-10-22 15:16 - 2012-08-25 14:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 15:16 - 2012-08-25 14:31 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-22 13:31 - 2012-08-25 17:52 - 00000000 ____D () C:\Program Files\LogMeIn
2014-10-22 13:30 - 2012-08-25 17:52 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-10-22 13:30 - 2012-08-25 17:52 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-10-22 13:30 - 2012-08-25 17:52 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-10-22 07:23 - 2012-08-25 15:34 - 00000000 ____D () C:\Program Files\AVG
2014-10-21 08:04 - 2013-09-25 06:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 08:03 - 2014-08-08 06:53 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-21 07:02 - 2013-02-14 16:43 - 00000000 ____D () C:\Windows\Minidump
2014-10-21 07:02 - 2013-02-14 16:42 - 265168843 _____ () C:\Windows\MEMORY.DMP

Some content of TEMP:
====================
C:\Users\mlitt\AppData\Local\Temp\5E90_fdminst.exe
C:\Users\mlitt\AppData\Local\Temp\airD70B.exe
C:\Users\mlitt\AppData\Local\Temp\airDD91.exe
C:\Users\mlitt\AppData\Local\Temp\avguidx.dll
C:\Users\mlitt\AppData\Local\Temp\CommonInstaller.exe
C:\Users\mlitt\AppData\Local\Temp\fRlr6.dll
C:\Users\mlitt\AppData\Local\Temp\fRlr6.exe
C:\Users\mlitt\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\mlitt\AppData\Local\Temp\install_flashplayer11x32_mssd_aih_1.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\mlitt\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\mlitt\AppData\Local\Temp\MSETUP4.EXE
C:\Users\mlitt\AppData\Local\Temp\oi_{05634AAD-319B-418B-8E62-CC8E743524D4}.exe
C:\Users\mlitt\AppData\Local\Temp\oi_{57AF8396-611D-44C9-AF3F-E9A5DA23737A}.exe
C:\Users\mlitt\AppData\Local\Temp\ose00000.exe
C:\Users\mlitt\AppData\Local\Temp\Quarantine.exe
C:\Users\mlitt\AppData\Local\Temp\ScriptHelper.exe
C:\Users\mlitt\AppData\Local\Temp\sqlite3.dll
C:\Users\mlitt\AppData\Local\Temp\tmpCEA8.tmp_934263519440.exe
C:\Users\mlitt\AppData\Local\Temp\ToolbarInstaller.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {fd0d2f93-eef1-11e1-a8a6-83c63255a832}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {fd0d2f95-eef1-11e1-a8a6-83c63255a832}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {fd0d2f93-eef1-11e1-a8a6-83c63255a832}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {fd0d2f95-eef1-11e1-a8a6-83c63255a832}
device                  ramdisk=[C:]\Recovery\fd0d2f95-eef1-11e1-a8a6-83c63255a832\Winre.wim,{fd0d2f96-eef1-11e1-a8a6-83c63255a832}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\fd0d2f95-eef1-11e1-a8a6-83c63255a832\Winre.wim,{fd0d2f96-eef1-11e1-a8a6-83c63255a832}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {fd0d2f93-eef1-11e1-a8a6-83c63255a832}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {fd0d2f96-eef1-11e1-a8a6-83c63255a832}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\fd0d2f95-eef1-11e1-a8a6-83c63255a832\boot.sdi



LastRegBack: 2014-11-18 07:12

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2014
Ran by mlitt at 2014-11-20 15:19:23
Running from C:\Users\mlitt\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
BBSAK (HKLM\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MX700 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series) (Version:  - )
Canon MX700 series User Registration (HKLM\...\Canon MX700 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
Dolby Voice Conference Plugin 1.7.1.0 (HKLM\...\Dolby Voice Conference Plugin 1.7.1.0_is1) (Version: 1.7.1.0 - Dolby Laboratories)
GroupWise (HKLM\...\{31A83836-5DBA-4EF9-ADC2-5AC247D89C7E}) (Version: 12.0.2 - Novell)
GroupWise Client - VC Runtimes (release) (Version: 1.00.0000 - Novell) Hidden
iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
LogMeIn (HKLM\...\{22461A1C-BD68-4D90-9897-1DB146D55ECB}) (Version: 4.1.2504 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1) (HKLM\...\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}) (Version:  - )
NMAS Challenge Response Method (HKLM\...\{8CBFE0AB-3EBF-4103-BA48-59EB4FF66AD1}) (Version: 2.8.3.3 - Novell, Inc.)
NMAS Client (HKLM\...\{56BC75EA-B19F-4C14-85B8-3FA61C0C791F}) (Version: 3.5.1.1 - Novell, Inc.)
Novell Client for Windows (HKLM\...\Novell Client for Windows) (Version: 2 SP2 (IR4a) - Novell, Inc.)
Novell Messenger (HKLM\...\{3FC0833E-073C-4D5D-A046-74BC32358CB3}) (Version: 2.2.1 - Novell, Inc.)
P@H-Protocol (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Polycom RealPresence Desktop (HKLM\...\{8BE13AF9-8D86-4B44-9843-2533589A01CB}) (Version: 3.0.0.38914 - Polycom, Inc.)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Presto! PageManager 7.15.16 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
Quark Update (HKLM\...\{82154114-943B-4A6F-9B20-073C9573E93E}) (Version: 1.0.0.2 - Quark, Inc.)
QuarkXPress (HKLM\...\{EACCA5D3-5E48-4181-B953-1842BA6FED32}) (Version: 10.2.0.0 - Quark Software Inc.)
QuickBooks (Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Connection Diagnostic Tool (HKLM\...\{8FC44A80-059E-4358-BBB4-50FAEBED7627}) (Version: 4.0.0 - Intuit)
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealLegal E-Transcript Bundle Viewer (HKLM\...\{521D6EE7-E5B6-4E9B-837A-BEF39247FF07}) (Version: 6.0.1.887 - Thomson Reuters)
RevTraxPrintMyCoupon (HKLM\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
ScanSoft OmniPage SE 4 (HKLM\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SonicWALL Global VPN Client (HKLM\...\{40624553-811E-400E-B69B-38D8926A66BD}) (Version: 4.2.6 - SonicWALL)
SonicWALL Global VPN Client (HKLM\...\{52ABB5F7-2B03-4FCD-A83F-63166186BF00}) (Version: 4.7.3 - SonicWALL)
Unity Web Player (HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Home To Windows Phone (HKLM\...\{4E69C950-AF6A-11E1-41BB-0021D0FB5AF1}) (Version: 1.0.0.055 - MarkSpace)
Windows Phone app for desktop (HKLM\...\{E786AE85-8A30-4CF2-BF70-57404A5CD684}) (Version: 1.0.1720.1 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\mlitt\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5700330B-D97E-5600-959F-2C33DC75C7F0}\InprocServer32 -> C:\Users\mlitt\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{942C5E0E-7F1A-4B36-A05C-38C60FE9DD6D}\InprocServer32 -> C:\Users\mlitt\AppData\Local\DVCPlugin1.7.1.0\32\npDolbyVoiceConference1710.dll (Dolby Laboratories)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9F3041F6-9C7A-5252-AD04-F3C9EF05D2D9}\InprocServer32 -> C:\Users\mlitt\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\mlitt\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\QBDataServiceUser21\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\QBDataServiceUser21\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

20-11-2014 15:14:12 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {68F1EAF4-CF1B-49CA-9406-FA851490F9C3} - System32\Tasks\Quark Updater => C:\Program Files\Quark\Quark Update\AutoUpdate.exe [2011-11-25] ()
Task: {7EC6C058-159D-4C0B-A69F-75D6866A358C} - System32\Tasks\{C64D298A-B6D8-41A0-85E1-A3B6631A842C} => C:\Program Files\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {A00EB71D-1A2B-4637-B2E5-1B2EFF1CE485} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {CB71C763-59F3-49B5-99D4-3AC144806364} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1781A60-63F5-4AB6-A963-67A8661E9BCA} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Quark Updater.job => C:\Program Files\Quark\Quark Update\AutoUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2012-07-13 15:49 - 2012-07-13 15:49 - 00039552 _____ () C:\Windows\system32\ncv1_0.DLL
2012-07-13 15:49 - 2012-07-13 15:49 - 00909440 _____ () C:\Windows\system32\ncnetprovider.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00092800 _____ () C:\Windows\system32\NCLangID.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00156800 _____ () C:\Windows\system32\MAPBASE.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00230528 _____ () C:\Windows\system32\NWSHLXNT.dll
2012-07-13 14:58 - 2012-07-13 14:58 - 00015872 _____ () C:\Windows\system32\nls\ENGLISH\NCLangIDR.DLL
2012-07-13 15:03 - 2012-07-13 15:03 - 00086016 _____ () C:\Windows\system32\nls\ENGLISH\MAPBASER.DLL
2012-07-13 15:04 - 2012-07-13 15:04 - 00101376 _____ () C:\Windows\system32\nls\ENGLISH\NWSHLXNTR.DLL
2012-07-13 15:05 - 2012-07-13 15:05 - 00488448 _____ () C:\Windows\system32\nls\ENGLISH\ncnetproviderR.DLL
2012-07-13 15:49 - 2012-07-13 15:49 - 00120448 _____ () C:\Program Files\Novell\Client\XTier\Common\libslp.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00034944 _____ () C:\Windows\System32\nwtray.exe
2012-07-13 15:49 - 2012-07-13 15:49 - 00909440 _____ () C:\Windows\System32\NCNetProvider.DLL
2012-07-13 15:49 - 2012-07-13 15:49 - 00092800 _____ () C:\Windows\System32\NCLangID.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00156800 _____ () C:\Windows\System32\MAPBASE.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00230528 _____ () C:\Windows\System32\NWSHLXNT.dll
2012-07-13 14:58 - 2012-07-13 14:58 - 00015872 _____ () C:\Windows\System32\nls\ENGLISH\NCLangIDR.DLL
2012-07-13 15:03 - 2012-07-13 15:03 - 00086016 _____ () C:\Windows\System32\nls\ENGLISH\MAPBASER.DLL
2012-07-13 15:04 - 2012-07-13 15:04 - 00101376 _____ () C:\Windows\System32\nls\ENGLISH\NWSHLXNTR.DLL
2012-07-13 15:05 - 2012-07-13 15:05 - 00488448 _____ () C:\Windows\System32\nls\ENGLISH\NCNetProviderR.DLL
2013-05-15 10:00 - 2009-02-27 15:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2013-05-15 10:00 - 2009-02-27 15:32 - 00020480 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2013-05-19 15:26 - 2006-09-20 07:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2014-02-03 22:42 - 2014-02-03 22:42 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 22:18 - 2005-07-19 22:18 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll
2014-02-03 22:42 - 2014-02-03 22:42 - 00348488 _____ () C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00126792 _____ () C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2014-02-03 22:42 - 2014-02-03 22:42 - 00176968 _____ () C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00042824 _____ () C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00101704 _____ () C:\Program Files\Intuit\QuickBooks 2011\ReportBridge.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00070472 _____ () C:\Program Files\Intuit\QuickBooks 2011\QB2WPFBridge.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00070984 _____ () C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetBridge.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00093512 _____ () C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetInterop.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00098632 _____ () C:\Program Files\Intuit\QuickBooks 2011\Webification.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00058184 _____ () C:\Program Files\Intuit\QuickBooks 2011\htmlhelper.dll
2013-05-19 15:26 - 2006-10-30 15:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
2014-11-10 16:00 - 2014-11-10 16:00 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-11 16:46 - 2014-11-11 16:46 - 16840880 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-05-15 10:00 - 2013-05-08 05:51 - 00019056 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\viewerps.dll
2013-05-15 10:00 - 2009-02-27 11:52 - 00258048 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Nike+ Connect => "C:\Users\mlitt\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

========================= Accounts: ==========================

A (S-1-5-21-3505383968-4064583084-4054668064-1001 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-3505383968-4064583084-4054668064-500 - Administrator - Disabled)
Guest (S-1-5-21-3505383968-4064583084-4054668064-501 - Limited - Disabled)
Michel2 (S-1-5-21-3505383968-4064583084-4054668064-1004 - Administrator - Enabled) => C:\Users\Michel2
mlitt (S-1-5-21-3505383968-4064583084-4054668064-1003 - Administrator - Enabled) => C:\Users\mlitt
QBDataServiceUser21 (S-1-5-21-3505383968-4064583084-4054668064-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser21
setupws (S-1-5-21-3505383968-4064583084-4054668064-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2014 00:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x2790
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/20/2014 10:15:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1a20
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/20/2014 07:25:34 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (11/20/2014 07:25:34 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection String:CON=QBConnectionPool-Probe-QB_WSN4_21;;DBF=F:\Michel's Back ups 2012 August\SOUND DEPOSITION SERVICE INC..QBW;CommLinks="ShMem,tcpip(IP=192.168.1.100;TO=5;DOBROADCAST=NONE;port=55343)";ServerName=QB_WSN4_21;DBN=fab5decdc74f4d12b1c4e69dc9772955

Error: (11/20/2014 07:25:34 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection Error:Invalid user ID or password

Error: (11/20/2014 06:41:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/20/2014 06:41:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/20/2014 06:41:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/19/2014 02:17:14 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
ACApplyChanges::Apply - Unrecognized change file command.

Error: (11/19/2014 01:23:36 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed


System errors:
=============
Error: (11/20/2014 03:01:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2014 06:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/20/2014 06:43:31 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/20/2014 06:43:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/20/2014 06:43:26 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/20/2014 06:43:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/20/2014 06:39:59 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (11/19/2014 01:03:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/19/2014 00:56:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/19/2014 00:56:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (09/21/2014 09:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1713 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (07/11/2014 05:16:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9676 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 95%
Total physical RAM: 3291.61 MB
Available physical RAM: 146.79 MB
Total Pagefile: 6581.51 MB
Available Pagefile: 1720.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.97 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.72 GB) (Free:131.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:1335.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=232.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000C894B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 20 November 2014 - 06:36 PM

Part two

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2014
Ran by mlitt at 2014-11-20 15:19:23
Running from C:\Users\mlitt\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
BBSAK (HKLM\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MX700 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series) (Version:  - )
Canon MX700 series User Registration (HKLM\...\Canon MX700 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
Dolby Voice Conference Plugin 1.7.1.0 (HKLM\...\Dolby Voice Conference Plugin 1.7.1.0_is1) (Version: 1.7.1.0 - Dolby Laboratories)
GroupWise (HKLM\...\{31A83836-5DBA-4EF9-ADC2-5AC247D89C7E}) (Version: 12.0.2 - Novell)
GroupWise Client - VC Runtimes (release) (Version: 1.00.0000 - Novell) Hidden
iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
LogMeIn (HKLM\...\{22461A1C-BD68-4D90-9897-1DB146D55ECB}) (Version: 4.1.2504 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1) (HKLM\...\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}) (Version:  - )
NMAS Challenge Response Method (HKLM\...\{8CBFE0AB-3EBF-4103-BA48-59EB4FF66AD1}) (Version: 2.8.3.3 - Novell, Inc.)
NMAS Client (HKLM\...\{56BC75EA-B19F-4C14-85B8-3FA61C0C791F}) (Version: 3.5.1.1 - Novell, Inc.)
Novell Client for Windows (HKLM\...\Novell Client for Windows) (Version: 2 SP2 (IR4a) - Novell, Inc.)
Novell Messenger (HKLM\...\{3FC0833E-073C-4D5D-A046-74BC32358CB3}) (Version: 2.2.1 - Novell, Inc.)
P@H-Protocol (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Polycom RealPresence Desktop (HKLM\...\{8BE13AF9-8D86-4B44-9843-2533589A01CB}) (Version: 3.0.0.38914 - Polycom, Inc.)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Presto! PageManager 7.15.16 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
Quark Update (HKLM\...\{82154114-943B-4A6F-9B20-073C9573E93E}) (Version: 1.0.0.2 - Quark, Inc.)
QuarkXPress (HKLM\...\{EACCA5D3-5E48-4181-B953-1842BA6FED32}) (Version: 10.2.0.0 - Quark Software Inc.)
QuickBooks (Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Connection Diagnostic Tool (HKLM\...\{8FC44A80-059E-4358-BBB4-50FAEBED7627}) (Version: 4.0.0 - Intuit)
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealLegal E-Transcript Bundle Viewer (HKLM\...\{521D6EE7-E5B6-4E9B-837A-BEF39247FF07}) (Version: 6.0.1.887 - Thomson Reuters)
RevTraxPrintMyCoupon (HKLM\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
ScanSoft OmniPage SE 4 (HKLM\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SonicWALL Global VPN Client (HKLM\...\{40624553-811E-400E-B69B-38D8926A66BD}) (Version: 4.2.6 - SonicWALL)
SonicWALL Global VPN Client (HKLM\...\{52ABB5F7-2B03-4FCD-A83F-63166186BF00}) (Version: 4.7.3 - SonicWALL)
Unity Web Player (HKU\S-1-5-21-3505383968-4064583084-4054668064-1003\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Home To Windows Phone (HKLM\...\{4E69C950-AF6A-11E1-41BB-0021D0FB5AF1}) (Version: 1.0.0.055 - MarkSpace)
Windows Phone app for desktop (HKLM\...\{E786AE85-8A30-4CF2-BF70-57404A5CD684}) (Version: 1.0.1720.1 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\mlitt\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5700330B-D97E-5600-959F-2C33DC75C7F0}\InprocServer32 -> C:\Users\mlitt\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{942C5E0E-7F1A-4B36-A05C-38C60FE9DD6D}\InprocServer32 -> C:\Users\mlitt\AppData\Local\DVCPlugin1.7.1.0\32\npDolbyVoiceConference1710.dll (Dolby Laboratories)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{9F3041F6-9C7A-5252-AD04-F3C9EF05D2D9}\InprocServer32 -> C:\Users\mlitt\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\mlitt\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\QBDataServiceUser21\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\QBDataServiceUser21\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3505383968-4064583084-4054668064-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

20-11-2014 15:14:12 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {68F1EAF4-CF1B-49CA-9406-FA851490F9C3} - System32\Tasks\Quark Updater => C:\Program Files\Quark\Quark Update\AutoUpdate.exe [2011-11-25] ()
Task: {7EC6C058-159D-4C0B-A69F-75D6866A358C} - System32\Tasks\{C64D298A-B6D8-41A0-85E1-A3B6631A842C} => C:\Program Files\Intuit\QuickBooks 2011\QBW32Pro.exe [2014-02-03] (Intuit Inc.)
Task: {A00EB71D-1A2B-4637-B2E5-1B2EFF1CE485} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {CB71C763-59F3-49B5-99D4-3AC144806364} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1781A60-63F5-4AB6-A963-67A8661E9BCA} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Quark Updater.job => C:\Program Files\Quark\Quark Update\AutoUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2012-07-13 15:49 - 2012-07-13 15:49 - 00039552 _____ () C:\Windows\system32\ncv1_0.DLL
2012-07-13 15:49 - 2012-07-13 15:49 - 00909440 _____ () C:\Windows\system32\ncnetprovider.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00092800 _____ () C:\Windows\system32\NCLangID.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00156800 _____ () C:\Windows\system32\MAPBASE.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00230528 _____ () C:\Windows\system32\NWSHLXNT.dll
2012-07-13 14:58 - 2012-07-13 14:58 - 00015872 _____ () C:\Windows\system32\nls\ENGLISH\NCLangIDR.DLL
2012-07-13 15:03 - 2012-07-13 15:03 - 00086016 _____ () C:\Windows\system32\nls\ENGLISH\MAPBASER.DLL
2012-07-13 15:04 - 2012-07-13 15:04 - 00101376 _____ () C:\Windows\system32\nls\ENGLISH\NWSHLXNTR.DLL
2012-07-13 15:05 - 2012-07-13 15:05 - 00488448 _____ () C:\Windows\system32\nls\ENGLISH\ncnetproviderR.DLL
2012-07-13 15:49 - 2012-07-13 15:49 - 00120448 _____ () C:\Program Files\Novell\Client\XTier\Common\libslp.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00034944 _____ () C:\Windows\System32\nwtray.exe
2012-07-13 15:49 - 2012-07-13 15:49 - 00909440 _____ () C:\Windows\System32\NCNetProvider.DLL
2012-07-13 15:49 - 2012-07-13 15:49 - 00092800 _____ () C:\Windows\System32\NCLangID.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00156800 _____ () C:\Windows\System32\MAPBASE.dll
2012-07-13 15:49 - 2012-07-13 15:49 - 00230528 _____ () C:\Windows\System32\NWSHLXNT.dll
2012-07-13 14:58 - 2012-07-13 14:58 - 00015872 _____ () C:\Windows\System32\nls\ENGLISH\NCLangIDR.DLL
2012-07-13 15:03 - 2012-07-13 15:03 - 00086016 _____ () C:\Windows\System32\nls\ENGLISH\MAPBASER.DLL
2012-07-13 15:04 - 2012-07-13 15:04 - 00101376 _____ () C:\Windows\System32\nls\ENGLISH\NWSHLXNTR.DLL
2012-07-13 15:05 - 2012-07-13 15:05 - 00488448 _____ () C:\Windows\System32\nls\ENGLISH\NCNetProviderR.DLL
2013-05-15 10:00 - 2009-02-27 15:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2013-05-15 10:00 - 2009-02-27 15:32 - 00020480 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2013-05-19 15:26 - 2006-09-20 07:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2014-02-03 22:42 - 2014-02-03 22:42 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 22:18 - 2005-07-19 22:18 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll
2014-02-03 22:42 - 2014-02-03 22:42 - 00348488 _____ () C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00126792 _____ () C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2014-02-03 22:42 - 2014-02-03 22:42 - 00176968 _____ () C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00042824 _____ () C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00101704 _____ () C:\Program Files\Intuit\QuickBooks 2011\ReportBridge.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00070472 _____ () C:\Program Files\Intuit\QuickBooks 2011\QB2WPFBridge.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00070984 _____ () C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetBridge.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00093512 _____ () C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetInterop.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00098632 _____ () C:\Program Files\Intuit\QuickBooks 2011\Webification.dll
2014-02-03 22:43 - 2014-02-03 22:43 - 00058184 _____ () C:\Program Files\Intuit\QuickBooks 2011\htmlhelper.dll
2013-05-19 15:26 - 2006-10-30 15:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
2014-11-10 16:00 - 2014-11-10 16:00 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-11 16:46 - 2014-11-11 16:46 - 16840880 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-05-15 10:00 - 2013-05-08 05:51 - 00019056 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\viewerps.dll
2013-05-15 10:00 - 2009-02-27 11:52 - 00258048 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Nike+ Connect => "C:\Users\mlitt\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

========================= Accounts: ==========================

A (S-1-5-21-3505383968-4064583084-4054668064-1001 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-3505383968-4064583084-4054668064-500 - Administrator - Disabled)
Guest (S-1-5-21-3505383968-4064583084-4054668064-501 - Limited - Disabled)
Michel2 (S-1-5-21-3505383968-4064583084-4054668064-1004 - Administrator - Enabled) => C:\Users\Michel2
mlitt (S-1-5-21-3505383968-4064583084-4054668064-1003 - Administrator - Enabled) => C:\Users\mlitt
QBDataServiceUser21 (S-1-5-21-3505383968-4064583084-4054668064-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser21
setupws (S-1-5-21-3505383968-4064583084-4054668064-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2014 00:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x2790
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/20/2014 10:15:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1a20
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/20/2014 07:25:34 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (11/20/2014 07:25:34 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection String:CON=QBConnectionPool-Probe-QB_WSN4_21;;DBF=F:\Michel's Back ups 2012 August\SOUND DEPOSITION SERVICE INC..QBW;CommLinks="ShMem,tcpip(IP=192.168.1.100;TO=5;DOBROADCAST=NONE;port=55343)";ServerName=QB_WSN4_21;DBN=fab5decdc74f4d12b1c4e69dc9772955

Error: (11/20/2014 07:25:34 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection Error:Invalid user ID or password

Error: (11/20/2014 06:41:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/20/2014 06:41:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/20/2014 06:41:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/19/2014 02:17:14 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
ACApplyChanges::Apply - Unrecognized change file command.

Error: (11/19/2014 01:23:36 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed


System errors:
=============
Error: (11/20/2014 03:01:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2014 06:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/20/2014 06:43:31 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/20/2014 06:43:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/20/2014 06:43:26 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/20/2014 06:43:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/20/2014 06:39:59 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (11/19/2014 01:03:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/19/2014 00:56:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/19/2014 00:56:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (09/21/2014 09:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1713 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (07/11/2014 05:16:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9676 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 95%
Total physical RAM: 3291.61 MB
Available physical RAM: 146.79 MB
Total Pagefile: 6581.51 MB
Available Pagefile: 1720.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.97 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.72 GB) (Free:131.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:1335.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=232.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000C894B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================


thank you in advance for the help



#12 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:53 PM

Posted 21 November 2014 - 01:49 AM

Hi,
  • Step #2 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • RevTraxPrintMyCoupon
    • Catalina Savings Printer
 
  • Step #3 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      Emptytemp:
      Closeprocesses:
      FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
      FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\mlitt\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
      FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\mlitt\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
      C:\Users\mlitt\AppData\Roaming\RevTrax
      C:\Users\mlitt\AppData\Roaming\CATALI~2\
      FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
      C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
      FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\mlitt\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
      HKLM\...\Run: [] => [X]
      CMD: ipconfig /flushdns
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #5 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
    • AdwCleaner Log
    • Junkware Removal Tool Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#13 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 21 November 2014 - 11:37 AM

fiixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-11-2014
Ran by mlitt at 2014-11-21 08:15:56 Run:3
Running from C:\Users\mlitt\Desktop
Loaded Profiles: mlitt & QBDataServiceUser21 (Available profiles: A & mlitt & Michel2 & QBDataServiceUser21 & DefaultAppPool)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Emptytemp:
Closeprocesses:
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\mlitt\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\mlitt\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
C:\Users\mlitt\AppData\Roaming\RevTrax
C:\Users\mlitt\AppData\Roaming\CATALI~2\
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\mlitt\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
HKLM\...\Run: [] => [X]
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\mlitt\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\mlitt\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax) => Error: No automatic fix found for this entry.
"C:\Users\mlitt\AppData\Roaming\RevTrax" => File/Directory not found.
"C:\Users\mlitt\AppData\Roaming\CATALI~2" => File/Directory not found.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
"C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => File/Directory not found.
FF Plugin HKU\S-1-5-21-3505383968-4064583084-4054668064-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\mlitt\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 18.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

adwcleaner:

# AdwCleaner v4.101 - Report created 21/11/2014 at 08:27:35
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : mlitt - WSN4
# Running from : C:\Users\mlitt\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3368 octets] - [27/10/2014 07:17:32]
AdwCleaner[R1].txt - [1009 octets] - [27/10/2014 07:27:40]
AdwCleaner[R2].txt - [1069 octets] - [27/10/2014 07:34:59]
AdwCleaner[R3].txt - [1491 octets] - [21/11/2014 08:24:07]
AdwCleaner[S0].txt - [3488 octets] - [27/10/2014 07:21:32]
AdwCleaner[S1].txt - [1126 octets] - [27/10/2014 07:40:28]
AdwCleaner[S2].txt - [1422 octets] - [21/11/2014 08:27:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1482 octets] ##########
 

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Professional x86
Ran by mlitt on Fri 11/21/2014 at  8:31:29.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] couponprinterservice
Successfully deleted: [Service] couponprinterservice



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{90A7296D-006B-4D08-BDA9-45985051E21D}



~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Emptied folder: C:\Users\mlitt\AppData\Roaming\mozilla\firefox\profiles\hl3sutw8.default\minidumps [324 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/21/2014 at  8:34:59.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

THANK YOU



#14 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:53 PM

Posted 22 November 2014 - 03:02 AM

How is your system?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#15 depogirl

depogirl
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 23 November 2014 - 10:50 PM

Hi Valinorum,

its ok but I am noticing some latency not sure if this is normal or not






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users