Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.FakeMS


  • This topic is locked This topic is locked
28 replies to this topic

#1 Nick718

Nick718

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 10 November 2014 - 05:10 PM

Our miscrosoft essentials found some Trojans hidden on the computer. I removed the listed viruses and ran malwarebytes which found and removed 4 more. I am concerned remnants are still on the PC as it is prompting we can't open attachments due to security settings. The admin account is running smoothly. Any help would be appreciated.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/10/2014
Scan Time: 2:53:16 PM
Logfile:
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.11.10.08
Rootkit Database: v2014.11.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Store

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 208171
Time Elapsed: 8 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
Trojan.FakeMS, C:\ProgramData\GuqaXugex\GuqaXugex.dat, Quarantined, [5ac662d81c60ab8b145ff0f105fc18e8],
Trojan.FakeMS, C:\ProgramData\NixyObpum\NixyObpum.dat, Quarantined, [3ae60b2f9edeb87e5b1827ba44bd46ba],
Trojan.FakeMS, C:\ProgramData\RohuBegob\RohuBegob.dat, Quarantined, [eb3545f5d7a5a4922d46855c03febb45],
Trojan.FakeMS, C:\ProgramData\SugruYojdi\SugruYojdi.dat, Quarantined, [59c78fab82fa95a1551e03de04fde41c],

Physical Sectors: 0
(No malicious items detected)

(end)

___________________________________________________

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344
Run by Sweet Nicholas Admin at 16:37:48 on 2014-11-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.989.41 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\StarMicronics\TSP100\Software\20100314\Ondemand.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\High Meadow Business Solutions\RetailEdge 8.2\RetailEdge_8_2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\StarMicronics\TSP100\Software\20100314\Ondemand.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\dpnsvr.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\fixmapi.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wextract.exe
C:\Windows\system32\fixmapi.exe
C:\Windows\system32\dvdupgrd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\fixmapi.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SAB3C.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_268_ActiveX.exe -update activex
mRun: [TSP100ecoOndemand] c:\program files\starmicronics\tsp100\software\20100314\Ondemand.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2014\QBW32.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.141 167.206.245.135 167.206.245.136
TCP: Interfaces\{E009B2E6-1BA6-4FAD-8D3A-C2B2D4446F22} : DHCPNameServer = 192.168.1.141 167.206.245.135 167.206.245.136
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - c:\program files\intuit\quickbooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2013-9-20 577088]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2014-6-24 126128]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2014-1-20 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-12-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2014-4-7 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-9-21 1809720]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 95920]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2014-2-27 1248256]
R2 Service_DB;RetailEdge_Server;c:\program files\high meadow business solutions\retailedge 8.2\server\RetailEdge_Server_8_0.exe [2014-4-6 7651840]
R3 CBUSB;MARX CryptoTech LP;c:\windows\system32\drivers\CBUSB.sys [2014-4-6 45056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-9-21 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-9-21 110296]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 QuickBooksDB24;QuickBooksDB24;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb24 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB24 [?]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-9-21 860472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2009-10-27 105984]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-15 108032]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-9-21 51928]
S3 PortEmulator;Port Emulator (Star);c:\program files\starmicronics\tsp100\software\20100314\portemu_umdf_tsp100u.exe [2010-2-4 139264]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-7-20 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-7-20 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2014-11-10 20:27:08 -------- d-sh--w- c:\users\sweet nicholas admin\appdata\local\EmieUserList
2014-11-10 20:27:07 -------- d-sh--w- c:\users\sweet nicholas admin\appdata\local\EmieSiteList
2014-11-10 20:26:36 -------- d-----w- c:\users\sweet nicholas admin\appdata\roaming\Acer
2014-11-10 20:26:31 -------- d-----w- c:\users\sweet nicholas admin\appdata\roaming\Leader Technologies
2014-11-10 20:11:32 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c4c1131f-91f0-4c1c-b4a5-b0c9637696d5}\offreg.dll
2014-11-10 01:12:11 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c4c1131f-91f0-4c1c-b4a5-b0c9637696d5}\mpengine.dll
2014-11-09 21:12:45 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-11-09 02:08:06 -------- d-----w- c:\programdata\GuqaXugex
2014-11-09 02:08:00 -------- d-----w- c:\programdata\NixyObpum
2014-11-09 01:25:36 -------- d-----w- c:\programdata\SugruYojdi
2014-11-09 01:25:31 -------- d-----w- c:\programdata\RohuBegob
2014-11-07 15:48:13 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6a54707-3603-49d4-9e9e-8769eb68358a}\gapaengine.dll
2014-10-15 10:55:59 81560 ----a-w- c:\windows\system32\mscories.dll
.
==================== Find3M  ====================
.
2014-11-10 20:37:20 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-30 11:24:45 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-28 16:06:04 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-10-28 16:06:03 85864 ----a-w- c:\windows\system32\LMIinit.dll
2014-10-28 16:06:03 53096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-10-28 16:06:03 31592 ----a-w- c:\windows\system32\LMIport.dll
2014-10-10 01:44:58 230912 ----a-w- c:\windows\system32\generaltel.dll
2014-10-10 01:44:35 396288 ----a-w- c:\windows\system32\aepdu.dll
2014-10-10 01:39:38 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-29 00:41:36 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 01:25:12 4201472 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 01:14:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- c:\windows\system32\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- c:\windows\system32\msi.dll
2014-09-13 01:40:05 67072 ----a-w- c:\windows\system32\packager.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-05 01:52:41 5703168 ----a-w- c:\windows\system32\mstscax.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-29 01:44:52 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-19 02:41:38 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2014-08-19 02:41:22 50688 ----a-w- c:\windows\system32\appidapi.dll
2014-08-19 02:41:22 27648 ----a-w- c:\windows\system32\appidsvc.dll
2014-08-19 02:40:49 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-08-19 02:40:49 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2014-08-19 01:48:34 50176 ----a-w- c:\windows\system32\drivers\appid.sys
.
============= FINISH: 16:39:03.35 ===============
---------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2014 7:14:10 PM
System Uptime: 11/10/2014 3:11:16 PM (1 hours ago)
.
Motherboard: FOXCONN |  | 2A8Ch
Processor: Pentium® Dual-Core  CPU      E5400  @ 2.70GHz | CPU 1 | 2700/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 71.454 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP109: 10/30/2014 11:48:03 AM - Windows Update
RP110: 11/3/2014 10:48:02 AM - Windows Update
RP111: 11/6/2014 10:48:31 AM - Windows Update
RP112: 11/9/2014 4:12:36 PM - Windows Update
RP113: 11/10/2014 4:30:53 PM - Installed Software Updater
RP114: 11/10/2014 4:33:35 PM - Installed Epson Event Manager
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.07)
EPSON Connect version 1.0
Epson Customer Participation
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EPSON XP-810 Series Printer Uninstall
EPSON XP-810 User’s Guide version 1.0
EpsonNet Print
EpsonNet Setup
Google Toolbar for Internet Explorer
Google Update Helper
LogMeIn
LTCM Client
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
One-Click Export
QuickBooks
QuickBooks Premier: Retail Edition 2014
Realtek High Definition Audio Driver
RetailEdge 8.2
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Software Updater
TSP100 Setup Version 4.0.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
.
==== Event Viewer Messages From Past Week ========
.
11/9/2014 1:58:43 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.187.1668.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.11104.0   Error code: 0x80070102   Error description: The wait operation timed out.
11/9/2014 1:34:47 AM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
11/9/2014 1:17:50 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:SWF/CVE-2014-0497.A&threatid=2147685304   Name: Exploit:SWF/CVE-2014-0497.A   ID: 2147685304   Severity: Severe   Category: Exploit   Path: containerfile:_C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAXRMW10\pruncdflashlow[1].swf;containerfile:_C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HENSY92M\pruncdflashlow[1].swf;file:_C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAXRMW10\pruncdflashlow[1].swf->(ZWS);file:_C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HENSY92M\pruncdflashlow[1].swf->(ZWS)   Detection Origin: Internet   Detection Type: Concrete   Detection Source: Real-Time Protection   User: NT AUTHORITY\SYSTEM   Process Name: C:\Users\Store\AppData\Roaming\Wiypizu\acofi.exe   Action: Quarantine   Action Status:  No additional actions required   Error Code: 0x80070002   Error description: The system cannot find the file specified.    Signature Version: AV: 1.187.1631.0, AS: 1.187.1631.0, NIS: 113.23.0.0   Engine Version: AM: 1.1.11104.0, NIS: 2.1.11005.0
11/5/2014 10:47:41 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.187.1286.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.11104.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/10/2014 4:30:28 PM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
11/10/2014 11:56:31 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!ac&threatid=2147684005   Name: Trojan:Win32/Dynamer!ac   ID: 2147684005   Severity: Severe   Category: Trojan   Path: file:_C:\Users\Store\AppData\Local\acillao.dll;regkey:_HKCU@S-1-5-21-156844327-1427955894-274932498-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\acillao;runkey:_HKCU@S-1-5-21-156844327-1427955894-274932498-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\acillao   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: Real-Time Protection   User: NT AUTHORITY\SYSTEM   Process Name: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe   Action: Quarantine   Action Status:  No additional actions required   Error Code: 0x80070005   Error description: Access is denied.    Signature Version: AV: 1.187.1710.0, AS: 1.187.1710.0, NIS: 113.23.0.0   Engine Version: AM: 1.1.11104.0, NIS: 2.1.11005.0
.
==== End Of File ===========================

 

 



BC AdBot (Login to Remove)

 


#2 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 11 November 2014 - 10:13 AM

I also reran Microsoft essentials and it detected Trojan:Win32/Powessere.A!reg. I removed it via Microsoft essentials.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 15 November 2014 - 05:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555601 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:46 AM

Posted 17 November 2014 - 05:19 PM

Greetings Nick718 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 18 November 2014 - 12:18 AM

Thanks for your help Gary. When I ran the adwcleaner and it rebooted the log files did not automatically open.  I am attaching the two notepad files but please note there was a quarantine folder I did not copy the contents of.

 

# AdwCleaner v4.101 - Report created 17/11/2014 at 23:20:40
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Sweet Nicholas Admin - SWEETNICHOLASAD
# Running from : C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\802PGLGG\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v33.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [997 octets] - [17/11/2014 23:20:40]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [1056 octets] ##########

 

________________________________________________

# AdwCleaner v4.101 - Report created 17/11/2014 at 23:22:47
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Sweet Nicholas Admin - SWEETNICHOLASAD
# Running from : C:\Users\Store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\802PGLGG\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMicronics\Star TSP100\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v33.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [1134 octets] - [17/11/2014 23:20:40]
AdwCleaner[S0].txt - [1183 octets] - [17/11/2014 23:22:47]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1243 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Professional x86
Ran by Sweet Nicholas Admin on Mon 11/17/2014 at 23:43:19.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/17/2014 at 23:44:30.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by Sweet Nicholas Admin (administrator) on SWEETNICHOLASAD on 18-11-2014 00:06:15
Running from C:\Users\Sweet Nicholas Admin\Desktop
Loaded Profiles: Sweet Nicholas Admin & Store & LogMeInRemoteUser & QBDataServiceUser24 (Available profiles: Sweet Nicholas Admin & Store & LogMeInRemoteUser & QBDataServiceUser24)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2014\QBDBMgrN.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Star Micronics Co., Ltd.) C:\Program Files\StarMicronics\TSP100\Software\20100314\Ondemand.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TSP100ecoOndemand] => C:\Program Files\StarMicronics\TSP100\Software\20100314\Ondemand.exe [61440 2010-02-08] (Star Micronics Co., Ltd.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863840 2013-05-01] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-12-11] (LogMeIn, Inc.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [503392 2013-05-01] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKU\S-1-5-21-156844327-1427955894-274932498-1000\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE [199680 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-156844327-1427955894-274932498-1001\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE [199680 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-156844327-1427955894-274932498-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILOE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-156844327-1427955894-274932498-1001\...\MountPoints2: {4af30eda-bdf9-11e3-a2bd-806e6f6e6963} - D:\SETUP.exe
HKU\S-1-5-21-156844327-1427955894-274932498-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-156844327-1427955894-274932498-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-156844327-1427955894-274932498-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x37FB82FAED51CF01
HKU\S-1-5-21-156844327-1427955894-274932498-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-156844327-1427955894-274932498-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-156844327-1427955894-274932498-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x61DA59357A52CF01
HKU\S-1-5-21-156844327-1427955894-274932498-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKU\S-1-5-21-156844327-1427955894-274932498-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-156844327-1427955894-274932498-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://sweetnicholas.lorexddns.net:85/HiDvrOcx.cab
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.141 167.206.245.135 167.206.245.136

FireFox:
========
FF ProfilePath: C:\Users\Sweet Nicholas Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u0p1rag6.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-09-20] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 PortEmulator; C:\Program Files\StarMicronics\TSP100\Software\20100314\portemu_umdf_tsp100u.exe [139264 2010-02-04] (Star Micronics Co., Ltd.) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-02-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-02-27] (Intuit Inc.) [File not signed]
R3 QuickBooksDB24; C:\Program Files\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2014-02-27] (Intuit, Inc.) [File not signed]
R2 Service_DB; C:\Program Files\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe [7651840 2013-11-04] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CBUSB; C:\Windows\System32\drivers\CBUSB.sys [45056 2014-04-06] (MARX CryptoTech LP)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S1 ebppijma; \??\C:\Windows\system32\drivers\ebppijma.sys [X]
S1 efsqjqbb; \??\C:\Windows\system32\drivers\efsqjqbb.sys [X]
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 00:06 - 2014-11-18 00:06 - 00010994 _____ () C:\Users\Sweet Nicholas Admin\Desktop\FRST.txt
2014-11-18 00:06 - 2014-11-18 00:06 - 00000000 ____D () C:\FRST
2014-11-18 00:03 - 2014-11-18 00:03 - 01108992 _____ (Farbar) C:\Users\Sweet Nicholas Admin\Desktop\FRST.exe
2014-11-17 23:44 - 2014-11-17 23:44 - 00000648 _____ () C:\Users\Sweet Nicholas Admin\Desktop\JRT.txt
2014-11-17 23:43 - 2014-11-17 23:43 - 00000000 ____D () C:\Windows\ERUNT
2014-11-17 23:20 - 2014-11-17 23:39 - 00000000 ____D () C:\AdwCleaner
2014-11-16 19:02 - 2014-11-16 19:02 - 00000000 ____D () C:\Users\Store\AppData\Local\OneClick
2014-11-15 16:23 - 2014-11-15 16:23 - 00000242 _____ () C:\ProgramData\RmUserCfg.ini
2014-11-15 16:23 - 2014-11-15 16:23 - 00000034 _____ () C:\ProgramData\IpAndPort.fig
2014-11-15 16:23 - 2014-11-15 16:23 - 00000000 ____D () C:\DVR
2014-11-12 13:01 - 2014-11-12 13:01 - 00000000 ____D () C:\Users\Sweet Nicholas Admin\AppData\Roaming\Mozilla
2014-11-12 13:01 - 2014-11-12 13:01 - 00000000 ____D () C:\Users\Sweet Nicholas Admin\AppData\Local\Mozilla
2014-11-12 10:47 - 2014-11-12 10:47 - 00000000 ____D () C:\Windows\pss
2014-11-12 10:46 - 2014-11-12 10:46 - 00000000 __SHD () C:\Users\Sweet Nicholas Admin\AppData\Local\EmieBrowserModeList
2014-11-12 09:56 - 2014-11-12 09:56 - 00000000 __SHD () C:\Users\Store\AppData\Local\EmieBrowserModeList
2014-11-11 23:36 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 23:36 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 23:36 - 2014-11-05 22:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 23:36 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 23:36 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 23:36 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 23:36 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 23:36 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 23:36 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 23:36 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 23:36 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 23:36 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 23:36 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 23:36 - 2014-11-05 21:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 23:36 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 23:36 - 2014-11-05 21:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 23:36 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 23:36 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 23:36 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 23:36 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 23:36 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 23:36 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 23:36 - 2014-11-05 21:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 23:36 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 23:36 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 23:36 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 23:36 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 23:36 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 23:36 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 23:36 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 23:36 - 2014-11-05 12:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 23:36 - 2014-11-05 12:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 23:36 - 2014-11-05 12:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 23:36 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 23:36 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 23:36 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 23:36 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 23:36 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 23:36 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 23:36 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 23:36 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 23:36 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 23:36 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 23:36 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 23:36 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 23:36 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 23:36 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 23:36 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 23:36 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 23:36 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 23:36 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 23:36 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 23:36 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 23:36 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 23:36 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 23:36 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 23:36 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 12:31 - 2014-11-17 23:41 - 00000000 ____D () C:\Users\Store\Desktop\Virus
2014-11-10 18:47 - 2014-11-10 18:47 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Mozilla
2014-11-10 18:47 - 2014-11-10 18:47 - 00000000 ____D () C:\Users\Store\AppData\Local\Mozilla
2014-11-10 18:46 - 2014-11-10 18:46 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-10 18:46 - 2014-11-10 18:46 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-10 18:46 - 2014-11-10 18:46 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-10 18:46 - 2014-11-10 18:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-10 18:46 - 2014-11-10 18:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 16:39 - 2014-11-10 17:11 - 00000000 ____D () C:\Users\Sweet Nicholas Admin\Desktop\Virus Scan
2014-11-10 15:27 - 2014-11-10 15:27 - 00000000 __SHD () C:\Users\Sweet Nicholas Admin\AppData\Local\EmieUserList
2014-11-10 15:27 - 2014-11-10 15:27 - 00000000 __SHD () C:\Users\Sweet Nicholas Admin\AppData\Local\EmieSiteList
2014-11-10 15:26 - 2014-11-10 15:26 - 00000000 ____D () C:\Users\Sweet Nicholas Admin\AppData\Roaming\Leader Technologies
2014-11-10 15:26 - 2014-11-10 15:26 - 00000000 ____D () C:\Users\Sweet Nicholas Admin\AppData\Roaming\Acer
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\NixyObpum
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\GuqaXugex
2014-11-08 20:30 - 2014-11-09 12:01 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Wiypizu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ryetewcy
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Pehutu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ovkiqex
2014-11-08 20:26 - 2014-11-09 11:54 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-08 20:26 - 2014-11-09 11:54 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\SugruYojdi
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\RohuBegob
2014-11-08 20:25 - 2014-11-10 11:58 - 00000000 ____D () C:\Users\Store\AppData\Roaming\FrameworkUpdate7
2014-11-08 20:25 - 2014-11-09 11:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-08 20:25 - 2014-11-08 20:25 - 00000448 ____H () C:\Users\Store\AppData\Roaming\麽鎒駓覜
2014-10-24 08:18 - 2014-10-24 08:18 - 00000020 ___SH () C:\Users\QBDataServiceUser24\ntuser.ini
2014-10-24 08:18 - 2014-10-24 08:18 - 00000000 ____D () C:\Users\QBDataServiceUser24
2014-10-24 08:18 - 2014-04-07 14:50 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Microsoft Help
2014-10-24 08:18 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 08:18 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 00:01 - 2014-04-07 12:07 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-17 23:37 - 2014-04-07 12:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-17 23:30 - 2009-07-13 23:34 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 23:30 - 2009-07-13 23:34 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 23:29 - 2014-04-07 12:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-17 23:27 - 2010-11-20 16:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 23:25 - 2014-04-06 18:14 - 01105639 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 23:23 - 2014-04-07 12:07 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-17 23:23 - 2014-04-07 12:07 - 00000958 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-17 23:23 - 2010-11-20 16:48 - 00070224 _____ () C:\Windows\PFRO.log
2014-11-17 23:23 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 23:23 - 2009-07-13 23:39 - 00031311 _____ () C:\Windows\setupact.log
2014-11-17 23:10 - 2014-06-24 12:10 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-810 Series Update {0BBF4491-DDCF-4B6D-BFE4-64619DF43688}.job
2014-11-17 23:10 - 2014-06-24 12:10 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-810 Series Invitation {0BBF4491-DDCF-4B6D-BFE4-64619DF43688}.job
2014-11-17 23:10 - 2014-05-26 10:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 10:39 - 2014-09-21 20:09 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 09:59 - 2014-04-06 18:14 - 00000000 ____D () C:\Users\Sweet Nicholas Admin
2014-11-12 03:57 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 03:20 - 2009-07-13 23:33 - 00426440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:19 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 03:04 - 2014-04-06 19:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:02 - 2014-07-18 19:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:00 - 2014-07-18 19:58 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 09:15 - 2014-09-21 20:09 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-11 09:15 - 2014-09-21 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 09:15 - 2014-09-21 20:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-11 09:12 - 2014-04-07 12:56 - 00000000 ____D () C:\Users\Sweet Nicholas Admin\AppData\Local\Adobe
2014-11-11 09:11 - 2014-05-26 10:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-11 09:11 - 2014-05-26 10:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-10 16:32 - 2014-04-06 18:37 - 00000000 ____D () C:\ProgramData\EPSON
2014-11-10 16:31 - 2014-04-06 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-11-10 15:30 - 2014-04-06 19:18 - 00000000 ____D () C:\Users\Sweet Nicholas Admin\AppData\Roaming\Adobe
2014-10-30 06:24 - 2014-04-06 18:35 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 11:06 - 2014-04-07 12:07 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-10-28 11:06 - 2014-04-07 12:07 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-10-28 11:06 - 2014-04-07 12:07 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-10-28 11:06 - 2014-04-07 12:07 - 00000000 ____D () C:\Program Files\LogMeIn
2014-10-24 08:18 - 2014-04-06 19:13 - 00000000 ____D () C:\ProgramData\Intuit

Some content of TEMP:
====================
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Abspdf.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfu.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfui.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\cdintf.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\InstallAX.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\MSIZAP.EXE
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\stlport_r50.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\xmllite.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is6087.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is7686.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isAC9.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isD529.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-15 00:52

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014
Ran by Sweet Nicholas Admin at 2014-11-18 00:06:40
Running from C:\Users\Sweet Nicholas Admin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.40.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.21.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-810 Series Printer Uninstall (HKLM\...\EPSON XP-810 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-810 User’s Guide version 1.0 (HKLM\...\UsersGuideEPSON XP-810 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
LogMeIn (HKLM\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
LTCM Client (HKLM\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
One-Click Export (HKLM\...\{AF31C757-C918-4B08-8E42-B4D6A0F9B79D}) (Version: 1.7.0.0 - Payroll Service)
QuickBooks (Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Retail Edition 2014 (HKLM\...\{40A0E3C3-31E1-4ECC-882D-DF441B105986}) (Version: 24.0.4005.2403 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
RetailEdge 8.2 (HKLM\...\{AC0224E5-0DE1-423D-A5EB-69FB8816A52F}_is1) (Version:  - High Meadow Business Solutions)
Software Updater (HKLM\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
TSP100 Setup Version 4.0.0 (HKLM\...\{4A096471-B24B-4724-AA97-55F2B3B31895}) (Version: 4.0.0 - Star Micronics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{180B3E63-8969-4C40-9C43-3D0071A8A361}\localserver32 -> C:\Program Files\One-Click Export\OneClickExportProcessor.exe (Payroll Service)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBWMain.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{90B71B47-07B5-3AAD-893C-5A64CA5F7622}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{9D79C204-E34B-444F-907C-6AE16DA73B18}\InprocServer32 -> C:\Program Files\One-Click Export\OneClickExportProcessorPS.dll ()
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

10-11-2014 21:30:53 Installed Software Updater
10-11-2014 21:33:35 Installed Epson Event Manager
12-11-2014 08:00:16 Windows Update
15-11-2014 16:17:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {090F0893-EAD5-47EB-8F2A-E3D2229C884B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {5D3E8079-6930-4FB8-8CBF-250CA7A49E88} - System32\Tasks\EPSON XP-810 Series Update {0BBF4491-DDCF-4B6D-BFE4-64619DF43688} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLOE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {AF8D4170-D12B-443B-88FF-5C559CCF1892} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)
Task: {C1CE08FB-D3FA-4AD0-8D2B-9F9F7EF41915} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {CC2B4EA1-958D-4A70-A3B3-8201190425D7} - \Security Center Update - 4219297677 No Task File <==== ATTENTION
Task: {EC25783F-FDF7-4FFD-B12F-D1DFA653F6F4} - System32\Tasks\EPSON XP-810 Series Invitation {0BBF4491-DDCF-4B6D-BFE4-64619DF43688} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLOE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-810 Series Invitation {0BBF4491-DDCF-4B6D-BFE4-64619DF43688}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLOE.EXE
Task: C:\Windows\Tasks\EPSON XP-810 Series Update {0BBF4491-DDCF-4B6D-BFE4-64619DF43688}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLOE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-06 18:16 - 2013-11-04 13:07 - 07651840 _____ () C:\Program Files\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-156844327-1427955894-274932498-500 - Administrator - Disabled)
Guest (S-1-5-21-156844327-1427955894-274932498-501 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-156844327-1427955894-274932498-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
QBDataServiceUser24 (S-1-5-21-156844327-1427955894-274932498-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser24
Store (S-1-5-21-156844327-1427955894-274932498-1001 - Limited - Enabled) => C:\Users\Store
Sweet Nicholas Admin (S-1-5-21-156844327-1427955894-274932498-1000 - Administrator - Enabled) => C:\Users\Sweet Nicholas Admin

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/18/2014 00:03:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (11/18/2014 00:00:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 76%
Total physical RAM: 989.24 MB
Available physical RAM: 232.35 MB
Total Pagefile: 2013.24 MB
Available Pagefile: 852.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1867.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:66.93 GB) NTFS
Drive d: (XP-810) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 68E69672)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:46 AM

Posted 18 November 2014 - 10:25 PM

Thanks for the reply. I apologize for my delay, I wasn't notified you replied.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-156844327-1427955894-274932498-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
SearchScopes: HKU\S-1-5-21-156844327-1427955894-274932498-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S1 ebppijma; \??\C:\Windows\system32\drivers\ebppijma.sys [X]
S1 efsqjqbb; \??\C:\Windows\system32\drivers\efsqjqbb.sys [X]
S4 LMIRfsClientNP; No ImagePath
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\NixyObpum
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\GuqaXugex
2014-11-08 20:30 - 2014-11-09 12:01 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Wiypizu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ryetewcy
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Pehutu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ovkiqex
2014-11-08 20:26 - 2014-11-09 11:54 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-08 20:26 - 2014-11-09 11:54 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\SugruYojdi
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\RohuBegob
2014-11-08 20:25 - 2014-11-10 11:58 - 00000000 ____D () C:\Users\Store\AppData\Roaming\FrameworkUpdate7
2014-11-08 20:25 - 2014-11-09 11:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Abspdf.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfu.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfui.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\cdintf.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\InstallAX.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\MSIZAP.EXE
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\stlport_r50.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\xmllite.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is6087.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is7686.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isAC9.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isD529.exe
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
Task: {CC2B4EA1-958D-4A70-A3B3-8201190425D7} - \Security Center Update - 4219297677 No Task File <==== ATTENTION
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Edited by Oh My!, 20 November 2014 - 08:38 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 19 November 2014 - 11:13 PM

Thanks again Gary. The computer seems to be running fine.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-11-2014
Ran by Store at 2014-11-19 22:41:49 Run:1
Running from C:\Users\Store\Desktop
Loaded Profiles: Store & LogMeInRemoteUser (Available profiles: Sweet Nicholas Admin & Store & LogMeInRemoteUser & QBDataServiceUser24)
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-156844327-1427955894-274932498-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
SearchScopes: HKU\S-1-5-21-156844327-1427955894-274932498-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S1 ebppijma; \??\C:\Windows\system32\drivers\ebppijma.sys [X]
S1 efsqjqbb; \??\C:\Windows\system32\drivers\efsqjqbb.sys [X]
S4 LMIRfsClientNP; No ImagePath
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\NixyObpum
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\GuqaXugex
2014-11-08 20:30 - 2014-11-09 12:01 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Wiypizu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ryetewcy
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Pehutu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ovkiqex
2014-11-08 20:26 - 2014-11-09 11:54 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-08 20:26 - 2014-11-09 11:54 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\SugruYojdi
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\RohuBegob
2014-11-08 20:25 - 2014-11-10 11:58 - 00000000 ____D () C:\Users\Store\AppData\Roaming\FrameworkUpdate7
2014-11-08 20:25 - 2014-11-09 11:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-08 20:25 - 2014-11-08 20:25 - 00000448 ____H () C:\Users\Store\AppData\Roaming\????
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Abspdf.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfu.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfui.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\cdintf.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\InstallAX.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\MSIZAP.EXE
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\stlport_r50.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\xmllite.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is6087.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is7686.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isAC9.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isD529.exe
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
Task: {CC2B4EA1-958D-4A70-A3B3-8201190425D7} - \Security Center Update - 4219297677 No Task File <==== ATTENTION
EmptyTemp:
*****************

"HKU\S-1-5-21-156844327-1427955894-274932498-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
ebppijma => Error deleting Service
efsqjqbb => Error deleting Service
LMIRfsClientNP => Error deleting Service
C:\ProgramData\NixyObpum => Moved successfully.
C:\ProgramData\GuqaXugex => Moved successfully.
C:\Users\Store\AppData\Roaming\Wiypizu => Moved successfully.
C:\Users\Store\AppData\Roaming\Ryetewcy => Moved successfully.
C:\Users\Store\AppData\Roaming\Pehutu => Moved successfully.
C:\Users\Store\AppData\Roaming\Ovkiqex => Moved successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.
C:\ProgramData\SugruYojdi => Moved successfully.
C:\ProgramData\RohuBegob => Moved successfully.
C:\Users\Store\AppData\Roaming\FrameworkUpdate7 => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.

"C:\Users\Store\AppData\Roaming\????" directory move:

Could not move "C:\Users\Store\AppData\Roaming\????" directory. => Scheduled to move on reboot.

"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Abspdf.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfu.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuamd64.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfui.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuia64.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiamd64.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiia64.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\cdintf.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\InstallAX.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\MSIZAP.EXE" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\PDFPRT400.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\stlport_r50.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\xmllite.dll" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is6087.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is7686.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isAC9.exe" => File/Directory not found.
"C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isD529.exe" => File/Directory not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC2B4EA1-958D-4A70-A3B3-8201190425D7}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4219297677" => Key not found.
EmptyTemp: => Removed 14.1 GB temporary data.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:46 AM

Posted 19 November 2014 - 11:29 PM

Greetings,

I am going to need some time to really look at the results but am running out of time tonight. I know it is late for you as well. I will certainly post tomorrow after I have had a chance to make sense of all the errors in the report.

In the meantime, would you mind running FRST again making sure to check Addition.txt? That will allow me to see if the files with errors are still being reported or if they are gone.

Thanks and I will see you tomorrow! :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 20 November 2014 - 11:08 AM

When saving the fixlist to desktop I get an error.

 

"this file contains characters in Unicode format which will be lost if you save this file as an ANSI encoded text file. To keep the Unicode information, click cancel below and then select one of the Unicode options from the encoding drop down list"

 

So last night I saved it as an ANSI file, should I be saving it as a Unicode file? If so which one?

 

I did make sure the addition.txt was checked last night.

 

And noticed this "2014-11-08 20:25 - 2014-11-08 20:25 - 00000448 ____H () C:\Users\Store\AppData\Roaming\麽鎒駓覜 " in your code. Could this be the issue?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:46 AM

Posted 20 November 2014 - 02:45 PM

That may be why we got those results we got.  Please rerun the fixlist but remove that entry.

 

Following that use Windows Explorer, navigate to that entry and delete it.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 20 November 2014 - 08:36 PM

I'm a little unclear so before I move on just want to clarify. 

 

1) remove that line from fixlist

 

2) rerun FRST and paste results

 

What am I exactly navigating to and deleting afterwards?



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:46 AM

Posted 20 November 2014 - 08:41 PM

Sorry, I was not as clear as I could have been.  I modified the fixlist in Post #6. Please repeat the instructions in that Post and provide the results in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 21 November 2014 - 12:07 AM

When I opened FRST it ran within seconds, I did not even have to click the fix button.

 

 

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-21 00:04:11)<=

==> ATTENTION: System is not rebooted.
"C:\Users\Store\AppData\Roaming\????" => Directory could not move.

==== End of Fixlog ====



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:46 AM

Posted 21 November 2014 - 09:34 AM

Not sure we did this correctly. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-156844327-1427955894-274932498-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
SearchScopes: HKU\S-1-5-21-156844327-1427955894-274932498-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S1 ebppijma; \??\C:\Windows\system32\drivers\ebppijma.sys [X]
S1 efsqjqbb; \??\C:\Windows\system32\drivers\efsqjqbb.sys [X]
S4 LMIRfsClientNP; No ImagePath
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\NixyObpum
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\GuqaXugex
2014-11-08 20:30 - 2014-11-09 12:01 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Wiypizu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ryetewcy
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Pehutu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ovkiqex
2014-11-08 20:26 - 2014-11-09 11:54 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-08 20:26 - 2014-11-09 11:54 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\SugruYojdi
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\RohuBegob
2014-11-08 20:25 - 2014-11-10 11:58 - 00000000 ____D () C:\Users\Store\AppData\Roaming\FrameworkUpdate7
2014-11-08 20:25 - 2014-11-09 11:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Abspdf.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfu.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfui.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\cdintf.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\InstallAX.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\MSIZAP.EXE
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\stlport_r50.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\xmllite.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is6087.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is7686.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isAC9.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isD529.exe
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
Task: {CC2B4EA1-958D-4A70-A3B3-8201190425D7} - \Security Center Update - 4219297677 No Task File <==== ATTENTION
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Nick718

Nick718
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 21 November 2014 - 10:17 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-11-2014
Ran by Sweet Nicholas Admin at 2014-11-21 10:10:29 Run:2
Running from C:\Users\Sweet Nicholas Admin\Desktop
Loaded Profiles: Sweet Nicholas Admin & Store & LogMeInRemoteUser & QBDataServiceUser24 (Available profiles: Sweet Nicholas Admin & Store & LogMeInRemoteUser & QBDataServiceUser24)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-156844327-1427955894-274932498-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
SearchScopes: HKU\S-1-5-21-156844327-1427955894-274932498-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S1 ebppijma; \??\C:\Windows\system32\drivers\ebppijma.sys [X]
S1 efsqjqbb; \??\C:\Windows\system32\drivers\efsqjqbb.sys [X]
S4 LMIRfsClientNP; No ImagePath
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\NixyObpum
2014-11-08 21:08 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\GuqaXugex
2014-11-08 20:30 - 2014-11-09 12:01 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Wiypizu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ryetewcy
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Pehutu
2014-11-08 20:30 - 2014-11-08 20:30 - 00000000 ____D () C:\Users\Store\AppData\Roaming\Ovkiqex
2014-11-08 20:26 - 2014-11-09 11:54 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-08 20:26 - 2014-11-09 11:54 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\SugruYojdi
2014-11-08 20:25 - 2014-11-10 15:08 - 00000000 ____D () C:\ProgramData\RohuBegob
2014-11-08 20:25 - 2014-11-10 11:58 - 00000000 ____D () C:\Users\Store\AppData\Roaming\FrameworkUpdate7
2014-11-08 20:25 - 2014-11-09 11:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Abspdf.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfu.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfui.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\cdintf.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\InstallAX.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\MSIZAP.EXE
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\stlport_r50.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\xmllite.dll
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is6087.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is7686.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isAC9.exe
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isD529.exe
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
Task: {CC2B4EA1-958D-4A70-A3B3-8201190425D7} - \Security Center Update - 4219297677 No Task File <==== ATTENTION
EmptyTemp:
*****************

"HKU\S-1-5-21-156844327-1427955894-274932498-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
ebppijma => Service deleted successfully.
efsqjqbb => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
"C:\ProgramData\NixyObpum" => File/Directory not found.
"C:\ProgramData\GuqaXugex" => File/Directory not found.
"C:\Users\Store\AppData\Roaming\Wiypizu" => File/Directory not found.
"C:\Users\Store\AppData\Roaming\Ryetewcy" => File/Directory not found.
"C:\Users\Store\AppData\Roaming\Pehutu" => File/Directory not found.
"C:\Users\Store\AppData\Roaming\Ovkiqex" => File/Directory not found.
"C:\ProgramData\@system.temp" => File/Directory not found.
"C:\ProgramData\@system3.att" => File/Directory not found.
"C:\ProgramData\SugruYojdi" => File/Directory not found.
"C:\ProgramData\RohuBegob" => File/Directory not found.
"C:\Users\Store\AppData\Roaming\FrameworkUpdate7" => File/Directory not found.
"C:\ProgramData\Windows Genuine Advantage" => File/Directory not found.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Abspdf.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfu.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuamd64.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfui.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuia64.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiamd64.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\acfpdfuiia64.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\cdintf.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\InstallAX.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\MSIZAP.EXE => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\PDFPRT400.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\stlport_r50.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\xmllite.dll => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is6087.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_is7686.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isAC9.exe => Moved successfully.
C:\Users\Sweet Nicholas Admin\AppData\Local\Temp\_isD529.exe => Moved successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}" => Key deleted successfully.
"HKU\S-1-5-21-156844327-1427955894-274932498-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC2B4EA1-958D-4A70-A3B3-8201190425D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC2B4EA1-958D-4A70-A3B3-8201190425D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4219297677" => Key deleted successfully.
EmptyTemp: => Removed 1.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users