Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable Run or Unistall AVG 2015 Prevented By Restriction Policy


  • This topic is locked This topic is locked
10 replies to this topic

#1 aflower1

aflower1

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 20 December 2014 - 12:21 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Alan Flowers at 8:56:53 on 2014-12-20
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1093 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\DOCUME~1\ALANFL~1\LOCALS~1\Temp\ocr1.tmp\bin\rubyw.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\DOCUME~1\ALANFL~1\LOCALS~1\Temp\ocr2.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Program Files\pia_manager\openvpn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uProxyOverride = 127.0.0.1;*.local;127.0.0.1:9421;<local>
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [Akamai NetSession Interface] "c:\documents and settings\alan flowers\local settings\application data\akamai\netsession_win.exe"
uRun: [Private Internet Access] "c:\program files\pia_manager\pia_manager.exe" --startup
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\scansoft\omnipage15.0\pdfconverter3\IEShellExt.dll /100
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{80A78BF9-1F55-44C7-85ED-06B85CCEB1A2} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{C44A14BF-24FF-47D7-A660-A99894A0FDCE} : NameServer = 209.222.18.222,209.222.18.218
TCP: Interfaces\{C44A14BF-24FF-47D7-A660-A99894A0FDCE} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENetFlt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages =  scecli kbdusr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alan flowers\application data\mozilla\firefox\profiles\7cp54sdz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
FF - ExtSQL: !HIDDEN! 2009-07-08 16:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-10-29 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-11-8 42784]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-8-10 242216]
R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2011-2-23 366224]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca0994dcd80f7c;Google Update Service (gupdate1ca0994dcd80f7c);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 107912]
S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\novastor\novastor novabackup\ManagementServer.Agent.Service.exe [2011-1-25 179200]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-9-15 16968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2019-12-15 03:32:33    --------    d-----w-    c:\documents and settings\all users\application data\Xactware
2019-12-15 03:19:37    --------    d-----w-    c:\program files\Microsoft SQL Server
2014-12-13 17:06:22    3981488    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-12-07 18:07:08    --------    d-----w-    c:\documents and settings\alan flowers\application data\AVG2015
2014-12-07 18:03:28    --------    d--h--w-    C:\$AVG
2014-12-07 18:03:28    --------    d-----w-    c:\documents and settings\all users\application data\AVG2015
2014-12-07 18:02:48    --------    d-----w-    c:\program files\AVG
2014-12-07 17:54:52    --------    d-----w-    c:\documents and settings\all users\application data\MFAData
2014-12-07 17:54:52    --------    d-----w-    c:\documents and settings\alan flowers\local settings\application data\MFAData
2014-12-07 17:54:52    --------    d-----w-    c:\documents and settings\alan flowers\local settings\application data\Avg2015
2014-12-07 17:27:05    --------    d-----w-    C:\AVG_Remover
2014-11-28 19:31:18    --------    d-----w-    c:\documents and settings\alan flowers\local settings\application data\Avg
2014-11-22 18:04:05    --------    d-----w-    C:\AdwCleaner
.
==================== Find3M  ====================
.
2014-12-13 17:06:29    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 17:06:29    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-13 16:20:52    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-08 16:04:08    42784    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2014-10-30 05:35:14    198936    ----a-w-    c:\windows\system32\drivers\avgidsdriverlx.sys
2014-10-10 22:13:58    200984    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-01 18:11:18    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-07-08 16:37:14    101544    ----a-w-    c:\program files\common files\LinkInstaller.exe
.
============= FINISH:  9:03:56.79 ===============
 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 PM

Posted 24 December 2014 - 03:41 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please list your issues.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 aflower1

aflower1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 25 December 2014 - 09:44 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-12-2014
Ran by Alan Flowers at 2014-12-25 06:38:19
Running from C:\Documents and Settings\Alan Flowers\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adaptec UDF Reader (HKLM\...\Adaptec UDF Reader) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-214105172-2450956443-2813705907-1006\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Software Update (HKLM\...\{A260B422-70E1-41E2-957D-F76FA21266D5}) (Version: 1.1.0.3 - Apple Computer, Inc.)
Autodesk DWF Viewer (HKLM\...\Autodesk DWF Viewer) (Version:  - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.2.0.1 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.3.0.11 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.2.0.11 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.6.0.9 - )
Canon Utilities Digital Photo Professional 3.9 (HKLM\...\DPP) (Version: 3.9.4.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Color Efex Pro 3.0 Complete (HKLM\...\Color Efex Pro 3.0 Complete) (Version: 3.0 - Nik Software, Inc.)
Color LaserJet 2600n (HKLM\...\HP-Color LaserJet 2600n) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
DocumentViewer (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
FreeZip (HKLM\...\FreeZip) (Version:  - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_CPL30A5m) (Version:  - )
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
hp deskjet 5550 series (Remove only) (HKLM\...\hp deskjet 5550 series) (Version:  - )
HP Document Viewer 5.3 (HKLM\...\HP Document Viewer) (Version: 5.3 - HP)
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.2.0006 - HPQ)
HP Image Transfer v.1.9.7 (HKLM\...\HP Image Transfer) (Version:  - )
HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
hp instant support (HKLM\...\hp instant support) (Version: 4.03.03 - Motive Communications, Inc.)
HP QuickPlay 2.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Software Update (HKLM\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.006 - HEWLET~1|Hewlett-Packard)
HP User Guides 0019 (HKLM\...\{E74E3D81-773B-4DCF-B706-50236F80BD81}) (Version: 1.00.0000 - Hewlett-Packard)
HP User Guides--System Recovery (HKLM\...\{BC96BBA7-C634-460E-AD18-A0A994213F80}) (Version: 1.00.0001 - Hewlett-Packard)
HP Wireless Assistant 2.00 C1 (HKLM\...\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}) (Version: 2.00 C1 - Hewlett-Packard Company)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InCD (HKLM\...\InCD!UninstallKey) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Jasc Media Center Plus 3 CD (HKLM\...\Jasc Media Center Plus 3) (Version:  - )
KODAK 1400 Printer Calibration Software (HKLM\...\{2E75ED26-3118-4802-AEBB-C5CF41E49DED}) (Version: 1.00.0000 - Eastman Kodak)
KODAK PROFESSIONAL 1400 Printer Software (HKLM\...\InstallShield_{01A96F01-AB9A-4675-B554-1C1D835C3132}) (Version: 1.00.0000 - Eastman Kodak)
KODAK PROFESSIONAL 1400 Printer Software (Version: 1.00.0000 - Eastman Kodak) Hidden
Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version:  - )
LightScribe  1.4.56.1 (Version: 1.4.56.1 - Integrator) Hidden
Magic ISO Maker v5.4 (build 0255) (HKLM\...\Magic ISO Maker v5.4 (build 0255)) (Version:  - )
Magic ISO Maker v5.5 (build 0272) (HKLM\...\Magic ISO Maker v5.5 (build 0272)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mask Pro 4.1 (HKLM\...\{2DFAC810-6DD8-4E23-96A4-BEB118408203}) (Version: 4.1.2 - onOne Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 - Language Pack (italiano) (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - ITA) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ActiveSync 3.8 (HKLM\...\Windows CE Services) (Version:  - )
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Color Control Panel Applet for Windows XP (HKLM\...\{CE378F36-E404-4244-A33F-F50A2A6D31BD}) (Version: 01.00.0177.00 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Multimedia Algebra v1.00 (HKLM\...\Sof921034Ver100DeinstKey) (Version:  - )
Multimedia Geometry v1.00 (HKLM\...\Sof921041Ver100DeinstKey) (Version:  - )
Multimedia Pre-Algebra v1.00 (HKLM\...\Sof921027Ver100DeinstKey) (Version:  - )
Nero Media Player (HKLM\...\NMPUninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NeroVision Express 2 (HKLM\...\NeroVision!UninstallKey) (Version:  - )
Noiseware Professional Plug-in (HKLM\...\{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}) (Version: 4.1.1.0 - Imagenomic)
NovaBACKUP (HKLM\...\NovaBACKUP) (Version: 12.0.13 - NovaStor)
NovaBACKUP (Version: 12.0.13 - NovaStor) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PhotoTools 1.0 Professional Edition (HKLM\...\{B01DD5B7-9862-43D7-BCA3-7882A17E4328}) (Version: 1.0 - onOne Software)
PhotoTune 2 (HKLM\...\{7C723788-585C-4537-92AC-CF616209197C}) (Version: 2.2 - onOne Software)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version:  - )
PowerISO (HKLM\...\PowerISO) (Version:  - )
Private Internet Access Support Files (HKLM\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Quick Launch Buttons 5.20 F2 (HKLM\...\{CEB326EC-8F40-47B2-BA22-BB092565D66F}) (Version: 5.20 F2 - Hewlett-Packard Company)
QuickBooks (Version: 21.0.4008.904 - Intuit Inc.) Hidden
QuickBooks Basic 2002 (HKLM\...\{809987B2-F964-11D4-A1A5-00104BD190B1}) (Version:  - )
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4008.904 - Intuit Inc.)
Remote Display Control (HKLM\...\Remote Display Control) (Version:  - )
ScanSoft PDF Converter 3.0 (HKLM\...\{602A205F-8D02-48EE-8782-262B2103B984}) (Version: 3.00.0000 - ScanSoft, Inc)
ScanSoft PDF Create 3.0 (HKLM\...\{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}) (Version: 3.00.0000 - ScanSoft, Inc.)
Simpson AutoCAD Menu (HKLM\...\Simpson AutoCAD Menu) (Version:  - )
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Sonic Solutions)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
SpywareBlaster 4.5 (HKLM\...\SpywareBlaster_is1) (Version: 4.5.0 - Javacool Software LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) (Version: 1.15.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
TourSetup (HKLM\...\{A01FC76F-CC09-4658-9E37-5C2F635EE708}) (Version: 1.0.0 - Microsoft)
TurboCAD v4 (HKLM\...\TurboCADv4DeinstKey) (Version:  - )
TURBOFloorPlan3D Home & Landscape PRO (HKLM\...\InstallShield_{7D8BAF74-7F27-4DAD-AB9D-9C9B417009AE}) (Version: 14.1 - IMSIDesign)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
upapp (HKLM\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0540.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. )
Wireless Home Network Setup (HKLM\...\{09D8492A-C8E2-421E-927D-46800FB327A3}) (Version: 1.1.19.0 - Hewlett-Packard)
WordWeb (HKLM\...\WordWeb) (Version: 2.0 - Antony Lewis)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe No File
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-214105172-2450956443-2813705907-1006_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 00:00 - 2010-09-23 18:31 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6FED8555-1A7D-4938-BC23-DA6EFBD7D7B8}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2004-10-06 17:45 - 2004-10-06 17:45 - 00026910 ____N () C:\WINDOWS\system32\EK1400LM.DLL
2012-01-08 05:41 - 2012-01-08 05:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-02-23 13:48 - 2011-02-23 13:48 - 00014336 _____ () C:\Program Files\NovaStor\NovaStor NovaBACKUP\WindowsEventLogWriter.dll
2011-02-23 13:46 - 2011-02-23 13:46 - 00173200 _____ () C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
2010-10-06 19:30 - 2010-10-06 19:30 - 00005120 _____ () C:\Program Files\NovaStor\NovaStor NovaBACKUP\throttle.dll
2011-02-23 13:54 - 2011-02-23 13:54 - 00108688 _____ () C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll
2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 ____N () C:\WINDOWS\system32\PSIService.exe
2014-08-09 14:08 - 2014-08-24 05:25 - 08817902 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-12-25 04:27 - 2014-12-25 04:27 - 00012800 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00009728 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00014848 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2014-12-25 04:26 - 2014-12-25 04:26 - 00094208 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\src\rgloader\rgloader193.mswin.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00009216 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00094208 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00126976 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00087552 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00016384 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00127316 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\bin\libffi-6.dll
2014-12-25 04:27 - 2014-12-25 04:27 - 00008704 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00013312 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00095744 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00026624 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr3.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00012800 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00009728 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00014848 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00094208 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\src\rgloader\rgloader193.mswin.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00094208 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00118784 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00069120 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00083968 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\bin\zlib1.dll
2014-12-25 04:27 - 2014-12-25 04:27 - 00026624 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00275968 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00015360 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00008192 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00009216 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00023552 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00008704 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00008704 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00008704 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00008704 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00036352 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00126976 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00087552 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00016384 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00127316 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\bin\libffi-6.dll
2014-12-25 04:27 - 2014-12-25 04:27 - 00013312 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00095744 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2014-12-25 04:27 - 2014-12-25 04:27 - 00026624 _____ () C:\Documents and Settings\Alan Flowers\Local Settings\temp\ocr5.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-08-09 14:08 - 2014-08-24 05:25 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-08-09 14:08 - 2014-08-24 05:25 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00573440 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-08-09 14:08 - 2014-08-24 05:25 - 00152969 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-08-09 14:08 - 2014-08-24 05:25 - 00098697 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2014-12-20 09:02 - 2014-12-20 09:02 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-214105172-2450956443-2813705907-1006\Software\Classes\.exe: exefile =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Alan Flowers^Start Menu^Programs^Startup^eFax 4.4.lnk => C:\WINDOWS\pss\eFax 4.4.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorVisionStartup.lnk => C:\WINDOWS\pss\ColorVisionStartup.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\WINDOWS\pss\Intuit Data Protect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk => C:\WINDOWS\pss\NovaBACKUP Tray Control.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-214105172-2450956443-2813705907-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Alan Flowers (S-1-5-21-214105172-2450956443-2813705907-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Alan Flowers
ASPNET (S-1-5-21-214105172-2450956443-2813705907-1004 - Limited - Enabled)
Guest (S-1-5-21-214105172-2450956443-2813705907-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-214105172-2450956443-2813705907-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-214105172-2450956443-2813705907-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2014 04:51:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALAN FLOWERS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/19/2014 06:23:42 PM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2844285, P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (12/19/2014 06:23:22 PM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2898856, P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (12/06/2014 04:43:47 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2729450, P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (11/22/2014 06:40:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALAN FLOWERS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/22/2014 06:40:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALAN FLOWERS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/22/2014 06:40:48 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALAN FLOWERS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/16/2014 07:21:20 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2789643, P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (11/15/2014 06:56:11 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2729450, P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (11/15/2014 06:54:11 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2789643, P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.


System errors:
=============
Error: (12/25/2014 04:27:57 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.30.1.10 for the Network Card with network address 00FF80A78BF9 has been
denied by the DHCP server 10.30.1.13 (The DHCP Server sent a DHCPNACK message).

Error: (12/25/2014 04:27:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Beep
UdfReadr

Error: (12/25/2014 04:26:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (12/20/2014 07:33:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Beep

Error: (12/20/2014 07:32:17 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.30.1.22 for the Network Card with network address 00FF80A78BF9 has been
denied by the DHCP server 10.30.1.9 (The DHCP Server sent a DHCPNACK message).

Error: (12/20/2014 07:31:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (12/19/2014 06:25:43 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2844285).

Error: (12/19/2014 06:25:43 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2898856).

Error: (12/19/2014 06:20:49 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.30.1.10 for the Network Card with network address 00FF80A78BF9 has been
denied by the DHCP server 10.30.1.21 (The DHCP Server sent a DHCPNACK message).

Error: (12/19/2014 06:20:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Beep


Microsoft Office Sessions:
=========================
Error: (12/25/2014 04:51:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALAN FLOWERS\RECENT\DESKTOP.INI

Error: (12/19/2014 06:23:42 PM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb284428510331618msif9.0.40215.0installx86xp0

Error: (12/19/2014 06:23:22 PM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb289885610331618msif9.0.40215.0installx86xp0

Error: (12/06/2014 04:43:47 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb272945010331618msif9.0.40215.0installx86xp0

Error: (11/22/2014 06:40:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALAN FLOWERS\RECENT\DESKTOP.INI

Error: (11/22/2014 06:40:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALAN FLOWERS\RECENT\DESKTOP.INI

Error: (11/22/2014 06:40:48 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ALAN FLOWERS\RECENT\DESKTOP.INI

Error: (11/16/2014 07:21:20 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb278964310331618msif9.0.40215.0installx86xp0

Error: (11/15/2014 06:56:11 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb272945010331618msif9.0.40215.0installx86xp0

Error: (11/15/2014 06:54:11 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb278964310331618msif9.0.40215.0installx86xp0


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2500 @ 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 2046.04 MB
Available physical RAM: 1023.17 MB
Total Pagefile: 3427.28 MB
Available Pagefile: 2524.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:66.06 GB) (Free:17.13 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:7.45 GB) (Free:0.31 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 94E494E4)
Partition 1: (Active) - (Size=66.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.5 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=1 GB) - (Type=D7)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-12-2014
Ran by Alan Flowers (administrator) on HPNOTEBOOK on 25-12-2014 06:37:15
Running from C:\Documents and Settings\Alan Flowers\My Documents\Downloads
Loaded Profile: Alan Flowers (Available profiles: Alan Flowers & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Ahead Software AG) C:\Program Files\Ahead\InCD\incdsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NovaStor) C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
() C:\WINDOWS\system32\PSIService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Ahead Software AG) C:\Program Files\Ahead\InCD\InCD.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\Akamai\netsession_win.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(http://www.ruby-lang.org/) C:\DOCUME~1\ALANFL~1\LOCALS~1\temp\ocr3.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\DOCUME~1\ALANFL~1\LOCALS~1\temp\ocr5.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945 2005-11-11] (Synaptics, Inc.)
HKLM\...\Run: [RecGuard] => C:\Windows\SMINST\RecGuard.exe [1187840 2005-10-11] ()
HKLM\...\Run: [InCD] => C:\Program Files\Ahead\InCD\InCD.exe [1269870 2004-02-27] (Ahead Software AG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-214105172-2450956443-2813705907-1006\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [405583 2005-01-04] (Microsoft Corporation)
HKU\S-1-5-21-214105172-2450956443-2813705907-1006\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-214105172-2450956443-2813705907-1006\...\Run: [Private Internet Access] => C:\Program Files\pia_manager\pia_manager.exe [8817902 2014-08-24] ()
Lsa: [Notification Packages] scecli kbdusr.dll
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-214105172-2450956443-2813705907-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-214105172-2450956443-2813705907-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
SearchScopes: HKU\S-1-5-21-214105172-2450956443-2813705907-1006 -> DefaultScope {CC267213-AEF8-411C-9F36-5111D8DBC138} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
SearchScopes: HKU\S-1-5-21-214105172-2450956443-2813705907-1006 -> {493C220A-F8AB-4A37-B4F4-C58279C7810B} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-214105172-2450956443-2813705907-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={F46BACB6-6218-44F4-8339-0578DEB98128}&mid=ae893a60219947d08a6fd146f61b06df-a439d1bfda71b7a4c68c1bf11912aaad0e76589a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-08 08:05:28&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-214105172-2450956443-2813705907-1006 -> {CC267213-AEF8-411C-9F36-5111D8DBC138} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} -  No File
Toolbar: HKU\S-1-5-21-214105172-2450956443-2813705907-1006 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKU\S-1-5-21-214105172-2450956443-2813705907-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-214105172-2450956443-2813705907-1006 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{C44A14BF-24FF-47D7-A660-A99894A0FDCE}: [NameServer] 209.222.18.222,209.222.18.218

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Alan Flowers\Application Data\Mozilla\Firefox\Profiles\7cp54sdz.default
FF Homepage: hxxp://www.foxnews.com/
FF NetworkProxy: "no_proxies_on", "127.0.0.1,*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Alan Flowers\Application Data\Mozilla\Firefox\Profiles\7cp54sdz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-28]
FF Extension: Adblock Plus - C:\Documents and Settings\Alan Flowers\Application Data\Mozilla\Firefox\Profiles\7cp54sdz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-10]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2007-04-23] (Adobe Systems) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 Backup Client Agent Service; C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [179200 2011-01-25] () [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-26] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S2 gupdate1ca0994dcd80f7c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [98304 2005-11-28] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [847984 2004-02-27] (Ahead Software AG) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2005-11-15] (Hewlett-Packard Company) [File not signed]
R2 nsService; C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe [366224 2011-02-23] (NovaStor) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-07-06] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-11-08] (AVG Technologies)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [56648 2005-08-18] (Broadcom Corporation.) [File not signed]
S3 cvspydr2; C:\WINDOWS\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc)
R1 eabfiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [7936 2005-05-05] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5760 2005-05-05] (Hewlett-Packard Development Company, L.P.)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [569856 2006-04-18] (Conexant Systems Inc.)
S3 hitmanpro35; C:\WINDOWS\system32\drivers\hitmanpro35.sys [16968 2010-09-17] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-07] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R4 InCDfs; C:\WINDOWS\system32\Drivers\InCDfs.sys [94320 2004-02-27] (Ahead Software AG) [File not signed]
R1 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [27440 2004-02-27] (Ahead Software AG) [File not signed]
U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [9561 2004-02-27] (Ahead Software AG) [File not signed]
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [46652 2008-03-13] (PowerISO Computing, Inc.) [File not signed]
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-08-24] (The OpenVPN Project) [File not signed]
S1 UdfReadr; C:\WINDOWS\system32\Drivers\UdfReadr.sys [206208 2002-02-22] (Roxio) [File not signed]
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2006-01-31] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [104064 2004-12-06] (Microsoft Corporation)
S1 Beep; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2019-12-14 19:32 - 2019-12-14 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Xactware
2019-12-14 19:26 - 2019-12-14 19:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2005
2019-12-14 19:26 - 2014-08-03 10:00 - 00000000 ____D () C:\Program Files\Microsoft.NET
2019-12-14 19:19 - 2012-03-07 00:30 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-25 06:37 - 2014-12-25 06:37 - 00000000 ____D () C:\FRST
2014-12-20 09:04 - 2014-12-20 09:08 - 00012764 _____ () C:\Documents and Settings\Alan Flowers\Desktop\dds.txt
2014-12-20 09:04 - 2014-12-20 09:04 - 00026437 _____ () C:\Documents and Settings\Alan Flowers\Desktop\attach.txt
2014-12-20 09:02 - 2014-12-20 09:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 09:06 - 2014-12-13 09:06 - 03981488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-12-07 10:07 - 2014-12-07 10:07 - 00000000 ____D () C:\Documents and Settings\Alan Flowers\Application Data\AVG2015
2014-12-07 10:04 - 2014-12-07 10:04 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2014-12-07 10:04 - 2014-12-07 10:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-12-07 10:03 - 2014-12-07 10:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-12-07 10:03 - 2014-12-07 10:03 - 00000000 ___HD () C:\$AVG
2014-12-07 10:02 - 2014-12-07 10:02 - 00000000 ____D () C:\Program Files\AVG
2014-12-07 09:54 - 2014-12-25 04:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-12-07 09:54 - 2014-12-07 10:05 - 00000000 ____D () C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\Avg2015
2014-12-07 09:54 - 2014-12-07 09:54 - 00000000 ____D () C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\MFAData
2014-12-07 09:27 - 2014-12-07 09:27 - 00000000 ____D () C:\AVG_Remover
2014-11-28 11:31 - 2014-11-28 11:31 - 00000000 ____D () C:\Documents and Settings\Alan Flowers\Local Settings\Application Data\Avg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2019-12-14 19:12 - 2007-03-28 05:51 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{6FED8555-1A7D-4938-BC23-DA6EFBD7D7B8}.job
2014-12-25 06:37 - 2010-09-23 18:36 - 00000000 ____D () C:\Documents and Settings\Alan Flowers\Local Settings\temp
2014-12-25 06:20 - 2009-07-20 16:05 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 06:06 - 2012-06-02 05:39 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-25 05:02 - 2006-02-22 00:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-12-25 04:51 - 2006-05-16 00:11 - 00000000 ____D () C:\Documents and Settings\Alan Flowers
2014-12-25 04:37 - 2004-08-07 05:16 - 01751633 ____N () C:\WINDOWS\WindowsUpdate.log
2014-12-25 04:35 - 2013-11-10 13:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-25 04:27 - 2004-08-07 05:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-25 04:26 - 2006-02-22 00:35 - 00043758 _____ () C:\WINDOWS\system32\nvapps.xml
2014-12-25 04:26 - 2004-08-06 21:51 - 00000157 ____N () C:\WINDOWS\wiadebug.log
2014-12-25 04:26 - 2004-08-06 21:51 - 00000050 ____N () C:\WINDOWS\wiaservc.log
2014-12-25 04:25 - 2014-04-03 04:15 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-25 04:25 - 2009-07-20 16:05 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 04:25 - 2004-08-07 05:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-20 13:24 - 2006-05-16 00:11 - 00000278 ___SH () C:\Documents and Settings\Alan Flowers\ntuser.ini
2014-12-20 13:24 - 2004-08-07 05:16 - 00032384 ____N () C:\WINDOWS\SchedLgU.Txt
2014-12-20 10:23 - 2010-10-04 04:42 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2014-12-13 09:10 - 2013-08-14 19:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 09:06 - 2012-06-02 05:38 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-13 09:06 - 2011-05-14 05:13 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-13 09:03 - 2006-05-15 22:12 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 08:20 - 2014-07-04 04:22 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 07:50 - 2011-01-11 12:41 - 00000000 ____D () C:\Program Files\RingCentral
2014-12-13 07:50 - 2011-01-11 12:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RingCentral
2014-12-13 07:50 - 2004-08-07 04:58 - 00000845 _____ () C:\WINDOWS\win.ini
2014-12-13 07:46 - 2006-08-14 12:10 - 00000000 ____D () C:\Documents and Settings\Alan Flowers\Application Data\uTorrent

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 PM

Posted 25 December 2014 - 11:01 AM

Running from C:\Documents and Settings\Alan Flowers\My Documents\Downloads

Would you please follow my instructions?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 PM

Posted 29 December 2014 - 06:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 PM

Posted 29 December 2014 - 02:56 PM

User returned.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 aflower1

aflower1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 31 December 2014 - 10:56 PM

btw, Happy New Year......

Going out with the wife for the evening, will check back tomorrow. Any instructions on how to proceed would be great, thanks



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 PM

Posted 01 January 2015 - 07:31 AM

I gave you a hint in Post #4.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 aflower1

aflower1
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 01 January 2015 - 11:46 AM

Feedback?

AVG 2015 is installed on an older HP Pavilion laptop, when I try to open AVG ver 2015.0.557 I get the error "Windows cannot open this program because it has been prevented by a software restriction".

Unable to uninstall with same message after error code, "Error:1260 - Windows cannot open this program because it has been prevented by a software restriction".



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 PM

Posted 01 January 2015 - 03:05 PM

What are you talking about?

I gave you instructions in Post #4.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 PM

Posted 06 January 2015 - 07:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users