Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access Rootkit WinXP SP3. Lousy network performance. Can


  • This topic is locked This topic is locked
31 replies to this topic

#1 bluffwood

bluffwood

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 30 May 2015 - 06:48 PM

Ref: http://www.bleepingcomputer.com/forums/t/577603/email-hacked-high-network-traffic-now-how-do-i-solve-this/#entry3720990

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by rob (administrator) on DELLXPS400 on 30-05-2015 19:39:32
Running from C:\Documents and Settings\rob\Desktop
Loaded Profiles: rob (Available Profiles: rob & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) C:\Program Files\WS_FTP\WS_FTP95.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1260616 2014-12-14] (r2 Studios)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [OpenDNS Updater] => C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-12-17] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [MusicManager] => C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-20] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-05] (Avast Software s.r.o.)
BootExecute: autocheck autochk * defrag_native

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1482476501-1770027372-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1770027372-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://69.130.177.237/DvrOcx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kasperskylab.webex.com/client/WBXclient-T27L10NSP25-10481/event/ieatgpc.cab
Handler: AutorunsDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-04] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-05] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.111.254
Tcpip\..\Interfaces\{70D1DBB6-1346-4AFF-9036-3BB60C39216D}: [NameServer] 192.168.111.254
Tcpip\..\Interfaces\{7D569FDC-B73D-4676-9EA5-56961BDFAE55}: [NameServer] 192.168.111.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-01-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-01-07] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\DOCUME~1\rob\APPLIC~1\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-01-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-01-07] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375\Extensions\adblockpopups@jessehakanen.net.xpi [2014-11-16]
FF Extension: Shareaholic - C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375\Extensions\firefox-extension@shareaholic.com.xpi [2015-01-20]
FF Extension: Adblock Plus - C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-14]
FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2015-05-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-14]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-08-15]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-14]

Chrome:
=======
CHR Profile: C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Google Search) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-30]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-30]
CHR Extension: (RealDownloader) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [135032 2013-03-12] (Bayer Healthcare LLC)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-27] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-05] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-05] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-05-05] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-05] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-05-01] (FTDI Ltd.)
R3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Nbf; C:\WINDOWS\System32\DRIVERS\nbf.sys [98176 2001-08-23] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 ROOTUSB; C:\WINDOWS\System32\Drivers\ROOTUSB.sys [66944 2006-06-14] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 stdriver; C:\WINDOWS\System32\DRIVERS\stdriverx86.sys [43344 2014-01-03] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [254720 2010-04-29] (Vimicro Corporation)
R3 vusbbus; C:\WINDOWS\System32\DRIVERS\vusbbus.sys [47488 2006-06-14] () [File not signed]
R3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
S3 ZD1211BU(SMC); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 19:39 - 2015-05-30 19:40 - 00023921 _____ () C:\Documents and Settings\rob\Desktop\FRST.txt
2015-05-30 19:38 - 2015-05-30 19:39 - 00000000 ____D () C:\FRST
2015-05-30 19:38 - 2015-05-30 19:38 - 01147392 _____ (Farbar) C:\Documents and Settings\rob\Desktop\FRST.exe
2015-05-30 14:28 - 2015-05-30 14:29 - 00004132 _____ () C:\Documents and Settings\rob\Desktop\Rkill.txt
2015-05-30 14:27 - 2015-05-30 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\rob\Desktop\rkill.exe
2015-05-30 13:48 - 2015-05-30 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-05-30 13:45 - 2015-05-30 14:18 - 00000000 ____D () C:\Documents and Settings\rob\Desktop\mbar
2015-05-30 13:41 - 2015-05-30 13:45 - 16502728 _____ (Malwarebytes Corp.) C:\Documents and Settings\rob\Desktop\mbar-1.09.1.1004.exe
2015-05-30 07:58 - 2015-05-30 07:58 - 00001920 _____ () C:\Documents and Settings\rob\Desktop\mb.txt
2015-05-30 07:29 - 2015-05-30 07:30 - 00044441 _____ () C:\Documents and Settings\rob\Desktop\Result.txt
2015-05-30 07:25 - 2015-05-30 07:25 - 00002352 _____ () C:\Documents and Settings\rob\Desktop\FSS.txt
2015-05-30 07:24 - 2015-05-30 07:24 - 00415232 _____ (Farbar) C:\Documents and Settings\rob\Desktop\FSS.exe
2015-05-30 07:21 - 2015-05-30 07:22 - 00852639 _____ () C:\Documents and Settings\rob\Desktop\SecurityCheck.exe
2015-05-29 12:46 - 2015-05-29 12:46 - 00927920 _____ (Adobe Systems Incorporated) C:\Documents and Settings\rob\Desktop\uninstall_flash_player.exe
2015-05-29 12:33 - 2015-05-29 12:34 - 00008747 _____ () C:\WINDOWS\KB2909921-IE8.log
2015-05-29 08:24 - 2015-05-29 08:24 - 00000922 _____ () C:\Documents and Settings\rob\Desktop\Should I Remove It.lnk
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D () C:\Program Files\Reason
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D () C:\Documents and Settings\rob\Start Menu\Programs\Should I Remove It
2015-05-29 07:50 - 2015-05-29 07:50 - 00000128 _____ () C:\Documents and Settings\rob\Desktop\chlorinator.txt
2015-05-28 21:55 - 2015-05-28 21:55 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-05-26 04:04 - 2015-05-26 04:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-05-14 21:43 - 2015-05-14 21:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-07 08:02 - 2015-05-07 08:03 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-05-07 08:02 - 2015-05-07 08:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2015-05-06 19:54 - 2015-05-06 19:54 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-06 19:54 - 2015-05-06 19:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-05-06 19:54 - 2015-05-06 19:53 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-06 19:54 - 2015-05-06 19:53 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-05 11:50 - 2015-05-05 11:50 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-05 11:50 - 2015-05-05 11:50 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-03 20:59 - 2015-05-03 20:59 - 00002979 _____ () C:\Documents and Settings\rob\My Documents\Find the best contractor's in your area.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 19:40 - 2015-01-21 11:01 - 00000000 ____D () C:\Documents and Settings\rob\Local Settings\temp
2015-05-30 19:00 - 2014-12-17 18:44 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003UA.job
2015-05-30 19:00 - 2012-01-15 21:28 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 18:00 - 2011-08-14 23:42 - 00032552 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-30 15:00 - 2012-01-15 21:28 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-30 14:24 - 2014-03-05 22:26 - 00437901 _____ () C:\WINDOWS\setupapi.log
2015-05-30 14:24 - 2011-08-14 23:37 - 01382123 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-30 14:23 - 2012-07-28 14:48 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-30 14:23 - 2011-08-14 23:35 - 00000000 ____D () C:\WINDOWS\Registration
2015-05-30 14:22 - 2014-03-16 13:41 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-30 14:22 - 2011-08-14 19:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-30 14:22 - 2011-08-14 19:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-30 14:21 - 2011-08-14 23:43 - 00000178 ___SH () C:\Documents and Settings\rob\ntuser.ini
2015-05-30 14:21 - 2011-08-14 23:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-30 14:18 - 2011-11-16 10:03 - 00000000 __SHD () C:\Documents and Settings\rob\Local Settings\Application Data\3cedbbe2
2015-05-30 13:48 - 2014-09-03 09:22 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 13:45 - 2014-09-03 09:21 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-30 10:00 - 2014-12-17 18:44 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003Core.job
2015-05-30 09:45 - 2014-09-03 09:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-30 08:01 - 2011-08-15 00:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2015-05-30 07:33 - 2014-09-04 08:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 07:33 - 2012-12-18 20:00 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-29 23:38 - 2011-09-26 09:14 - 00002465 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
2015-05-29 13:12 - 2014-08-16 18:59 - 00000000 ____D () C:\Documents and Settings\rob\Local Settings\Application Data\Adobe
2015-05-29 12:40 - 2015-01-04 16:20 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-29 08:06 - 2011-08-14 23:43 - 00000000 ____D () C:\Documents and Settings\rob
2015-05-28 00:03 - 2011-08-22 20:19 - 00000000 ____D () C:\Documents and Settings\rob\Application Data\Skype
2015-05-27 13:58 - 2004-08-10 07:00 - 00000932 _____ () C:\WINDOWS\win.ini
2015-05-27 13:24 - 2012-02-28 20:07 - 00000000 ____D () C:\Documents and Settings\rob\Application Data\Nova Development
2015-05-26 15:23 - 2011-08-21 13:27 - 00000000 ____D () C:\Program Files\TeamViewer
2015-05-26 09:55 - 2014-03-04 19:25 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-05-26 04:04 - 2015-04-05 01:26 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-05-22 07:42 - 2013-03-05 11:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-22 07:20 - 2012-02-15 22:55 - 00000306 _____ () C:\WINDOWS\QTW.INI
2015-05-16 20:49 - 2011-09-23 13:30 - 00123904 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-15 03:10 - 2013-08-14 03:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-15 03:10 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-15 03:00 - 2011-08-15 00:30 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:12 - 2011-09-13 22:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-05-12 22:07 - 2015-03-13 19:07 - 00002276 _____ () C:\Documents and Settings\rob\Desktop\joomla notes.txt
2015-05-11 12:59 - 2011-11-14 11:04 - 00000089 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
2015-05-10 03:03 - 2011-08-14 23:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-08 15:00 - 2014-03-16 13:41 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-05-07 08:37 - 2013-11-14 13:19 - 00000000 ____D () C:\Documents and Settings\rob\GLUCOFACTS Deluxe
2015-05-07 08:02 - 2011-08-14 23:42 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-07 07:58 - 2013-11-14 13:20 - 00296713 _____ () C:\Documents and Settings\rob\logSequencer.log
2015-05-07 07:57 - 2014-05-02 03:00 - 00014062 _____ () C:\WINDOWS\KB2964358-IE8.log
2015-05-06 19:54 - 2015-02-02 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-05-06 19:53 - 2011-09-19 09:21 - 00000000 ____D () C:\Program Files\Java
2015-05-05 11:50 - 2014-05-03 11:50 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-05 11:50 - 2013-03-21 04:14 - 00209048 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-05 11:50 - 2013-03-21 04:14 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-05 11:50 - 2013-03-21 04:14 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-05 11:50 - 2011-08-15 00:23 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-05 11:50 - 2011-08-15 00:22 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-05 11:50 - 2011-08-15 00:22 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-05-05 11:50 - 2011-08-15 00:22 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys

==================== Files in the root of some directories =======

2015-02-04 03:48 - 2015-02-04 03:48 - 6103040 _____ () C:\Program Files\GUTFF54.tmp
2011-12-02 12:16 - 2015-04-27 15:56 - 0000184 _____ () C:\Documents and Settings\rob\Application Data\default.rss
2014-03-04 22:17 - 2014-03-04 22:17 - 0000047 _____ () C:\Documents and Settings\rob\Application Data\WB.CFG
2015-03-14 13:34 - 2015-03-14 13:34 - 0893239 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\a.zip
2015-03-14 13:34 - 2015-03-14 13:34 - 2162416 _____ (Catalina Marketing Corp) C:\Documents and Settings\rob\Local Settings\Application Data\BcsKtYcHW.dll
2011-09-23 13:30 - 2015-05-16 20:49 - 0123904 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-14 23:46 - 2011-08-14 23:46 - 0000126 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\fusioncache.dat
2013-02-28 20:03 - 2013-02-28 20:03 - 0002146 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\recently-used.xbel

Some files in TEMP:
====================
C:\Documents and Settings\rob\Local Settings\temp\jre-8u45-windows-au.exe
C:\Documents and Settings\rob\Local Settings\temp\npp.6.7.4.Installer.exe
C:\Documents and Settings\rob\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\rob\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\rob\Local Settings\temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by rob at 2015-05-30 19:40:54
Running from C:\Documents and Settings\rob\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1482476501-1770027372-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1482476501-1770027372-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-1482476501-1770027372-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1482476501-1770027372-839522115-1000 - Limited - Disabled)
rob (S-1-5-21-1482476501-1770027372-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\rob
SUPPORT_388945a0 (S-1-5-21-1482476501-1770027372-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (Version: 4.0.15.0 - Nero AG) Hidden
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Connect Add-in (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Adobe Acrobat Connect Add-in) (Version:  - )
Adobe Connect Add-in (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Adobe Connect Add-in) (Version:  - )
Adobe Photoshop 7.0.1 (HKLM\...\Adobe Photoshop 7.0.1) (Version: 7.0.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Airlink101 MFP PS Utility (HKLM\...\{ECE9D6C8-2DE8-4505-920E-103FAF0AC9CF}) (Version:  - )
Allway Sync version 12.2.3 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Explosion Publisher Pro (HKLM\...\{C62D7344-8709-4443-9C95-F90659CBC27F}) (Version: 1.00.0013 - Nova Development)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5183 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.23-060209a1-030546C-Dell - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
Avery Wizard 4.0 (HKLM\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eudora (HKLM\...\{35F4CFB8-6366-4337-B192-E8296375CE92}) (Version: 7.0 - )
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Free AIFF To MP3 Converter (HKLM\...\{A3E98E9F-0627-4955-AB16-9F329B9E3194}) (Version: 1.0.0 - Convert Audio free)
Free M4A WAV to MP3 Audio Converter (HKLM\...\{FA17CBFC-5DB9-4901-9AB5-C27937E8DB3D}_is1) (Version:  - )
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GLUCOFACTS™ Deluxe (HKLM\...\{9F4EC465-8411-48C1-BD8F-B606BE4B6112}) (Version: 3.06.10 - Bayer HealthCare)
GLUCOFACTS™ Deluxe Smart Launch (HKLM\...\{D557DF24-61F6-4731-A3B9-626CA9387D42}) (Version: 1.22.01 - Bayer HealthCare)
Google Chrome (HKLM\...\{6438EBAC-5305-39A5-A93E-88CDFA6CE947}) (Version: 65.61.49249 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 5.2.0.952 (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\GoToMeeting) (Version: 5.2.0.952 - CitrixOnline)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
IEEE 802.11g USB Wireless LAN Adapter (HKLM\...\{581CE7EA-A30D-0000-1211-088635773309}) (Version:  - )
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
iWisoft Flash SWF to Video Converter 3.5 (HKLM\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.5.0 - www.flash-swf-converter.com)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KompoZer 0.8b3 (HKLM\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version:  - KompoZer)
Macromedia FlashPaper 2 (HKLM\...\Macromedia FlashPaper 2_is1) (Version: 2.0.0 - Macromedia)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{C3FFB7B4-F56A-4C85-8FB1-FAEC9D557732}) (Version: 6.10.1072.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\MusicManager) (Version:  - Google, Inc.)
Musicmatch® Jukebox (HKLM\...\{85D3CC30-8859-481A-9654-FD9B74310BEF}) (Version: 10.00.4033 - )
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nero 9 (HKLM\...\{f7433ee6-14ef-43fe-badd-50e7fb1d1dfa}) (Version:  - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Pidgin (HKLM\...\Pidgin) (Version: 2.10.1 - )
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
QuickBooks (Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2011 (HKLM\...\{11E0AC7D-6824-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTime for Windows (32-bit) (HKLM\...\QuickTime32) (Version:  - )
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Should I Remove It (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4493.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Solid Mp4 to DVD Converter and Burner 1.2.7 (HKLM\...\{E82FBDF4-8C05-5611-B8D8-2331145ECA11}_is1) (Version:  - TopviewSoft, Inc.)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
SoundTrax (Version: 4.0.18.0 - Nero AG) Hidden
Startup Delayer v3.0 (build 363) (HKLM\...\Startup Delayer) (Version: 3.0 (build 363) - r2 Studios)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ultra Defragmenter (HKLM\...\UltraDefrag) (Version: 6.0.2 - UltraDefrag Development Team)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
USB PC Camera Plus (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.21.1.000 - Sonix)
Video Download Capture V4.8.2 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.2 - Apowersoft)
Vimicro USB2.0 UVC PC Camera (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2010.03.02 - Vimicro Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VSDC Free Video Editor version 3.1.0.354 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.1.0.354 - Flash-Integro LLC)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 1.0.0.0 - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B02 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\952\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-04-2015 08:02:07 System Checkpoint
19-04-2015 09:05:03 System Checkpoint
20-04-2015 09:39:07 System Checkpoint
21-04-2015 10:39:05 System Checkpoint
22-04-2015 11:40:11 System Checkpoint
23-04-2015 12:39:08 System Checkpoint
24-04-2015 13:13:46 System Checkpoint
25-04-2015 20:19:26 System Checkpoint
26-04-2015 23:14:28 System Checkpoint
27-04-2015 23:15:24 System Checkpoint
29-04-2015 00:13:45 System Checkpoint
30-04-2015 01:13:46 System Checkpoint
01-05-2015 02:13:45 System Checkpoint
02-05-2015 03:13:17 System Checkpoint
03-05-2015 04:13:17 System Checkpoint
04-05-2015 05:10:07 System Checkpoint
05-05-2015 06:07:40 System Checkpoint
05-05-2015 11:50:01 avast! antivirus system restore point
06-05-2015 12:08:36 System Checkpoint
06-05-2015 19:52:09 Removed Java 8 Update 45
07-05-2015 07:55:47 Software Distribution Service 3.0
08-05-2015 09:29:31 System Checkpoint
09-05-2015 09:46:08 System Checkpoint
10-05-2015 03:00:19 Software Distribution Service 3.0
11-05-2015 03:45:30 System Checkpoint
12-05-2015 04:45:35 System Checkpoint
12-05-2015 22:10:08 Software Distribution Service 3.0
12-05-2015 23:19:05 Software Distribution Service 3.0
13-05-2015 03:00:17 Software Distribution Service 3.0
14-05-2015 03:00:19 Software Distribution Service 3.0
15-05-2015 03:00:18 Software Distribution Service 3.0
16-05-2015 03:25:51 System Checkpoint
17-05-2015 04:25:53 System Checkpoint
18-05-2015 05:25:40 System Checkpoint
19-05-2015 06:25:41 System Checkpoint
20-05-2015 07:26:44 System Checkpoint
21-05-2015 08:25:38 System Checkpoint
22-05-2015 09:43:52 System Checkpoint
23-05-2015 10:52:19 System Checkpoint
24-05-2015 12:28:40 System Checkpoint
25-05-2015 12:39:34 System Checkpoint
26-05-2015 17:03:08 System Checkpoint
27-05-2015 17:38:28 System Checkpoint
28-05-2015 18:37:23 System Checkpoint
29-05-2015 08:24:10 Installed Should I Remove It
29-05-2015 12:33:19 Software Distribution Service 3.0
30-05-2015 12:49:53 System Checkpoint
30-05-2015 14:18:22 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-03-04 22:50 - 2015-01-21 15:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003Core.job => C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003UA.job => C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-1770027372-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-1770027372-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_rob.job => C:\Documents and Settings\rob\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_rob.job => C:\Documents and Settings\rob\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_rob.job => C:\Documents and Settings\rob\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-27 18:14 - 2015-05-05 11:50 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-27 18:13 - 2015-05-05 11:50 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-30 13:48 - 2015-05-30 13:48 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053001\algo.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-10 07:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-11-26 06:22 - 2015-03-27 18:14 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-06-16 17:42 - 2010-06-16 17:42 - 00839680 _____ () C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
2014-10-03 08:04 - 2014-10-03 08:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 08:04 - 2014-10-03 08:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 08:04 - 2014-10-03 08:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\no-ip.biz -> bluffwoodcreekorganics.no-ip.biz
IE trusted site: HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\samsungsetup.com -> hxxp://www.samsungsetup.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.111.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IEEE 802.11g USB Wireless LAN Utility.lnk => C:\WINDOWS\pss\IEEE 802.11g USB Wireless LAN Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\WINDOWS\pss\Intuit Data Protect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aim => "C:\Program Files\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: KONICA MINOLTA magicolor 2400W STD => C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MimBoot => C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
MSCONFIG\startupreg: MMTray => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
MSCONFIG\startupreg: NBCore => "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Remote Virtual USB => C:\Program Files\Airlink101\MFP PS Utility\RMVUSB.exe /b
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VMonitorVMUVC => "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\WS_FTP\WS_FTP95.exe] => Enabled:WS_FTP 95
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\rob\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe] => Enabled:Octoshape add-in for Adobe Flash Player
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe] => Enabled:QuickBooks 2011 Data Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\AVAST Software\Avast\AvastUI.exe] => Enabled:avast! Antivirus
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Update\GoogleUpdate.exe] => Enabled:Google Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Qualcomm\Eudora\Eudora.exe] => Enabled:EUDORA
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\plugin-container.exe] => Enabled:Plugin Container for Firefox
StandardProfile\AuthorizedApplications: [C:\Program Files\AIM\aim.exe] => Enabled:AIM
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeCam.exe] => Enabled:LifeCam.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeEnC2.exe] => Enabled:LifeEnC2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeExp.exe] => Enabled:LifeExp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeTray.exe] => Enabled:LifeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Airlink101\MFP PS Utility\RMVUSB.exe] => Enabled:Airlink101 MFP PS Utility
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\Video Download Capture.exe] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftSrv.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDump.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftAC.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftPlayer.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe] => Enabled:Free Torrent Download (ANY)
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\rob\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath_target_1039312859\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe] => Enabled:VSDC Free Video Editor
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Updater.exe] => Enabled:VSDC Free Video Editor Updater
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath_target_829015\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007

==================== Faulty Device Manager Devices =============

Name: RADEON X300 SE 128MB HyperMemory Secondary
Description: RADEON X300 SE 128MB HyperMemory Secondary
Class Guid:  TI Technologies Inc.
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2015 00:39:20 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Root element is missing.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlTextReaderImpl.Throw(Exception e)
   at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res)
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlTextReaderImpl.Read()
   at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
   at System.Xml.XmlDocument.Load(XmlReader reader)
   at System.Xml.XmlDocument.Load(Stream inStream)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="5NLV091" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20051028000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Dell DXP051" Ident_Num="DELLXPS400" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Professional"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (05/29/2015 00:27:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (05/29/2015 00:27:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application flashutil32_17_0_0_169_activex.exe, version 17.0.0.169, faulting module unknown, version 0.0.0.0, fault address 0x10015c07.
Processing media-specific event for [flashutil32_17_0_0_169_activex.exe!ws!]

Error: (05/29/2015 07:50:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/28/2015 09:50:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/27/2015 01:24:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application pubpro.exe, version 1.0.0.13, faulting module story.dll, version 9.0.4.0, fault address 0x00025bee.
Processing media-specific event for [pubpro.exe!ws!]

Error: (05/26/2015 04:46:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/26/2015 08:10:21 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (05/26/2015 08:10:21 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (05/26/2015 08:10:21 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (05/29/2015 07:51:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 10 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (05/26/2015 09:46:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/25/2015 10:33:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/25/2015 10:28:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BayerHealthcareService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/25/2015 10:28:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBIDPService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/25/2015 10:28:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/25/2015 09:18:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TomTomHOMEService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/25/2015 05:22:50 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\Nbf_{772D99BD-DFB3-48F4-B7D4-2729270D7083}.
The backup browser is stopping.

Error: (05/22/2015 07:36:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BayerHealthcareService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/22/2015 07:36:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (12/07/2014 08:15:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 164693 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (11/26/2014 00:16:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 48759 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (04/06/2014 07:48:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1093816 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (01/17/2014 10:39:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 389 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (05/24/2013 09:09:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 531275 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/10/2013 08:58:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 225024 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (03/05/2013 11:45:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 56851 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/23/2012 10:26:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 406 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (04/04/2012 05:52:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71528 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (01/11/2012 10:39:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13678 seconds with 660 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor:  Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 52%
Total physical RAM: 3070.09 MB
Available physical RAM: 1469.14 MB
Total Pagefile: 5981.85 MB
Available Pagefile: 4568.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:24.93 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:1765.3 GB) (Free:1582.65 GB) NTFS
Drive f: () (Network) (Total:367.95 GB) (Free:157.81 GB)
Drive t: (MOOSICK) (Network) (Total:63.99 GB) (Free:30.11 GB)
Drive u: (WINDOWS98) (Network) (Total:3.3 GB) (Free:1.08 GB)
Drive v: (MUSIC) (Network) (Total:19.52 GB) (Free:8.18 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1CF51CF4)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1765.3 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 04 June 2015 - 06:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/577879 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 June 2015 - 08:14 PM

yes, I still need help.

 

winxp sp3.  32bit, of course.

Time is of the essence, as I'm still betting bouncebacks of spam from me, daily, although they're not originating in my email client (eudora), they are still occuring even though I changed the passwords for my email.

Also, it's hard for me to my work without flash. Cannot install it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by rob (administrator) on DELLXPS400 on 04-06-2015 21:07:47
Running from C:\Documents and Settings\rob\Desktop
Loaded Profiles: rob &  (Available Profiles: rob & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
(QUALCOMM Incorporated) C:\Program Files\Qualcomm\Eudora\Eudora.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\uwdf.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1260616 2014-12-14] (r2 Studios)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [OpenDNS Updater] => C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-12-17] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [MusicManager] => C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-20] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-05] (Avast Software s.r.o.)
BootExecute: autocheck autochk * defrag_native

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1482476501-1770027372-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1770027372-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://69.130.177.237/DvrOcx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kasperskylab.webex.com/client/WBXclient-T27L10NSP25-10481/event/ieatgpc.cab
Handler: AutorunsDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-04] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-05] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.111.254
Tcpip\..\Interfaces\{70D1DBB6-1346-4AFF-9036-3BB60C39216D}: [NameServer] 192.168.111.254
Tcpip\..\Interfaces\{7D569FDC-B73D-4676-9EA5-56961BDFAE55}: [NameServer] 192.168.111.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-01-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-01-07] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\DOCUME~1\rob\APPLIC~1\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-01-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-01-07] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375\Extensions\adblockpopups@jessehakanen.net.xpi [2014-11-16]
FF Extension: Shareaholic - C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375\Extensions\firefox-extension@shareaholic.com.xpi [2015-01-20]
FF Extension: Adblock Plus - C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2015-06-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-08-15]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]

Chrome:
=======
CHR Profile: C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Google Search) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-30]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-30]
CHR Extension: (RealDownloader) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [135032 2013-03-12] (Bayer Healthcare LLC)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-27] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-05] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-05] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-05-05] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-05] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-05-01] (FTDI Ltd.)
R3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Nbf; C:\WINDOWS\System32\DRIVERS\nbf.sys [98176 2001-08-23] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 ROOTUSB; C:\WINDOWS\System32\Drivers\ROOTUSB.sys [66944 2006-06-14] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 stdriver; C:\WINDOWS\System32\DRIVERS\stdriverx86.sys [43344 2014-01-03] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [254720 2010-04-29] (Vimicro Corporation)
R3 vusbbus; C:\WINDOWS\System32\DRIVERS\vusbbus.sys [47488 2006-06-14] () [File not signed]
R3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
S3 ZD1211BU(SMC); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 07:04 - 2015-06-04 13:14 - 00000080 _____ () C:\Documents and Settings\rob\Desktop\egg sales.txt
2015-06-02 11:20 - 2015-06-03 09:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-30 19:40 - 2015-05-30 19:41 - 00066114 _____ () C:\Documents and Settings\rob\Desktop\Addition.txt
2015-05-30 19:39 - 2015-06-04 21:08 - 00024434 _____ () C:\Documents and Settings\rob\Desktop\FRST.txt
2015-05-30 19:38 - 2015-06-04 21:08 - 00000000 ____D () C:\FRST
2015-05-30 19:38 - 2015-05-30 19:38 - 01147392 _____ (Farbar) C:\Documents and Settings\rob\Desktop\FRST.exe
2015-05-30 14:28 - 2015-05-30 14:29 - 00004132 _____ () C:\Documents and Settings\rob\Desktop\Rkill.txt
2015-05-30 14:27 - 2015-05-30 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\rob\Desktop\rkill.exe
2015-05-30 13:48 - 2015-05-30 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-05-30 13:45 - 2015-05-30 14:18 - 00000000 ____D () C:\Documents and Settings\rob\Desktop\mbar
2015-05-30 13:41 - 2015-05-30 13:45 - 16502728 _____ (Malwarebytes Corp.) C:\Documents and Settings\rob\Desktop\mbar-1.09.1.1004.exe
2015-05-30 07:58 - 2015-05-30 07:58 - 00001920 _____ () C:\Documents and Settings\rob\Desktop\mb.txt
2015-05-30 07:29 - 2015-05-30 07:30 - 00044441 _____ () C:\Documents and Settings\rob\Desktop\Result.txt
2015-05-30 07:25 - 2015-05-30 07:25 - 00002352 _____ () C:\Documents and Settings\rob\Desktop\FSS.txt
2015-05-30 07:24 - 2015-05-30 07:24 - 00415232 _____ (Farbar) C:\Documents and Settings\rob\Desktop\FSS.exe
2015-05-30 07:21 - 2015-05-30 07:22 - 00852639 _____ () C:\Documents and Settings\rob\Desktop\SecurityCheck.exe
2015-05-29 12:46 - 2015-05-29 12:46 - 00927920 _____ (Adobe Systems Incorporated) C:\Documents and Settings\rob\Desktop\uninstall_flash_player.exe
2015-05-29 12:33 - 2015-05-29 12:34 - 00008747 _____ () C:\WINDOWS\KB2909921-IE8.log
2015-05-29 08:24 - 2015-05-29 08:24 - 00000922 _____ () C:\Documents and Settings\rob\Desktop\Should I Remove It.lnk
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D () C:\Program Files\Reason
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D () C:\Documents and Settings\rob\Start Menu\Programs\Should I Remove It
2015-05-29 07:50 - 2015-05-29 07:50 - 00000128 _____ () C:\Documents and Settings\rob\Desktop\chlorinator.txt
2015-05-28 21:55 - 2015-05-28 21:55 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-05-26 04:04 - 2015-05-26 04:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-05-07 08:02 - 2015-05-07 08:03 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-05-07 08:02 - 2015-05-07 08:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2015-05-06 19:54 - 2015-05-06 19:54 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-06 19:54 - 2015-05-06 19:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-05-06 19:54 - 2015-05-06 19:53 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-06 19:54 - 2015-05-06 19:53 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-05 11:50 - 2015-05-05 11:50 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-05 11:50 - 2015-05-05 11:50 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 21:08 - 2015-01-21 11:01 - 00000000 ____D () C:\Documents and Settings\rob\Local Settings\temp
2015-06-04 21:00 - 2014-12-17 18:44 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003UA.job
2015-06-04 21:00 - 2012-01-15 21:28 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 20:59 - 2011-08-14 19:30 - 00001818 _____ () C:\WINDOWS\wiadebug.log
2015-06-04 15:00 - 2012-01-15 21:28 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 13:00 - 2011-08-14 23:42 - 00032426 _____ () C:\WINDOWS\SchedLgU.Txt
2015-06-04 11:51 - 2012-07-28 14:48 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-04 10:00 - 2014-12-17 18:44 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003Core.job
2015-06-04 05:18 - 2011-08-14 23:37 - 01456210 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-03 12:07 - 2011-09-26 09:14 - 00002465 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
2015-06-03 09:56 - 2011-08-21 13:27 - 00000000 ____D () C:\Program Files\TeamViewer
2015-06-03 09:44 - 2013-03-05 11:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-06-02 09:55 - 2014-03-04 19:25 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-05-31 16:43 - 2014-08-16 18:59 - 00000000 ____D () C:\Documents and Settings\rob\Local Settings\Application Data\Adobe
2015-05-30 14:24 - 2014-03-05 22:26 - 00437901 _____ () C:\WINDOWS\setupapi.log
2015-05-30 14:23 - 2011-08-14 23:35 - 00000000 ____D () C:\WINDOWS\Registration
2015-05-30 14:22 - 2014-03-16 13:41 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-30 14:22 - 2011-08-14 19:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-30 14:21 - 2011-08-14 23:43 - 00000178 ___SH () C:\Documents and Settings\rob\ntuser.ini
2015-05-30 14:21 - 2011-08-14 23:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-30 14:18 - 2011-11-16 10:03 - 00000000 __SHD () C:\Documents and Settings\rob\Local Settings\Application Data\3cedbbe2
2015-05-30 13:48 - 2014-09-03 09:22 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 13:45 - 2014-09-03 09:21 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-30 09:45 - 2014-09-03 09:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-30 08:01 - 2011-08-15 00:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2015-05-30 07:33 - 2014-09-04 08:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 07:33 - 2012-12-18 20:00 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-29 12:40 - 2015-01-04 16:20 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-29 08:06 - 2011-08-14 23:43 - 00000000 ____D () C:\Documents and Settings\rob
2015-05-28 00:03 - 2011-08-22 20:19 - 00000000 ____D () C:\Documents and Settings\rob\Application Data\Skype
2015-05-27 13:58 - 2004-08-10 07:00 - 00000932 _____ () C:\WINDOWS\win.ini
2015-05-27 13:24 - 2012-02-28 20:07 - 00000000 ____D () C:\Documents and Settings\rob\Application Data\Nova Development
2015-05-26 04:04 - 2015-04-05 01:26 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-05-22 07:20 - 2012-02-15 22:55 - 00000306 _____ () C:\WINDOWS\QTW.INI
2015-05-16 20:49 - 2011-09-23 13:30 - 00123904 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-15 03:10 - 2013-08-14 03:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-15 03:10 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-15 03:00 - 2011-08-15 00:30 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:12 - 2011-09-13 22:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-05-12 22:07 - 2015-03-13 19:07 - 00002276 _____ () C:\Documents and Settings\rob\Desktop\joomla notes.txt
2015-05-11 12:59 - 2011-11-14 11:04 - 00000089 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
2015-05-10 03:03 - 2011-08-14 23:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-08 15:00 - 2014-03-16 13:41 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-05-07 08:37 - 2013-11-14 13:19 - 00000000 ____D () C:\Documents and Settings\rob\GLUCOFACTS Deluxe
2015-05-07 08:02 - 2011-08-14 23:42 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-07 07:58 - 2013-11-14 13:20 - 00296713 _____ () C:\Documents and Settings\rob\logSequencer.log
2015-05-07 07:57 - 2014-05-02 03:00 - 00014062 _____ () C:\WINDOWS\KB2964358-IE8.log
2015-05-06 19:54 - 2015-02-02 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-05-06 19:53 - 2011-09-19 09:21 - 00000000 ____D () C:\Program Files\Java
2015-05-05 11:50 - 2014-05-03 11:50 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-05 11:50 - 2013-03-21 04:14 - 00209048 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-05 11:50 - 2013-03-21 04:14 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-05 11:50 - 2013-03-21 04:14 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-05 11:50 - 2011-08-15 00:23 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-05 11:50 - 2011-08-15 00:22 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-05 11:50 - 2011-08-15 00:22 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-05-05 11:50 - 2011-08-15 00:22 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys

==================== Files in the root of some directories =======

2015-02-04 03:48 - 2015-02-04 03:48 - 6103040 _____ () C:\Program Files\GUTFF54.tmp
2011-12-02 12:16 - 2015-04-27 15:56 - 0000184 _____ () C:\Documents and Settings\rob\Application Data\default.rss
2014-03-04 22:17 - 2014-03-04 22:17 - 0000047 _____ () C:\Documents and Settings\rob\Application Data\WB.CFG
2015-03-14 13:34 - 2015-03-14 13:34 - 0893239 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\a.zip
2015-03-14 13:34 - 2015-03-14 13:34 - 2162416 _____ (Catalina Marketing Corp) C:\Documents and Settings\rob\Local Settings\Application Data\BcsKtYcHW.dll
2011-09-23 13:30 - 2015-05-16 20:49 - 0123904 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-14 23:46 - 2011-08-14 23:46 - 0000126 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\fusioncache.dat
2013-02-28 20:03 - 2013-02-28 20:03 - 0002146 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\recently-used.xbel

Some files in TEMP:
====================
C:\Documents and Settings\rob\Local Settings\temp\jre-8u45-windows-au.exe
C:\Documents and Settings\rob\Local Settings\temp\npp.6.7.4.Installer.exe
C:\Documents and Settings\rob\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\rob\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\rob\Local Settings\temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================


Edited by bluffwood, 04 June 2015 - 08:27 PM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,889 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:05 AM

Posted 05 June 2015 - 01:12 PM

Good day,

 

ZeroAccess

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal system, financial & personal information.
 
If your computer has been used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for Email, eBay, Paypal, online forums, etc).
 
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, the decision is personal, and what you're most comfortable with. Once you've read the articles linked above, let me know if you have any questions, and how you wish to proceed.

 

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )

 

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall. Follow the prompts.

If you choose not to, please refrain from using the programme(s) during this process.

 

Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

 

Using zANS9oB.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

If you choose to keep Java installed, it is paramount you keep the software updated with the latest version.
You can verify/test your Java software installation & version here.

 

 

 

STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller.
  • Double-Click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Catalina Savings Printer
  • Double-Click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above. 
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKU\S-1-5-21-1482476501-1770027372-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1482476501-1770027372-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S4 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    C:\Documents and Settings\rob\Local Settings\temp\jre-8u45-windows-au.exe
    C:\Documents and Settings\rob\Local Settings\temp\npp.6.7.4.Installer.exe
    C:\Documents and Settings\rob\Local Settings\temp\Quarantine.exe
    C:\Documents and Settings\rob\Local Settings\temp\sqlite3.dll
    C:\Documents and Settings\rob\Local Settings\temp\xmlUpdater.exe
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 

 

STEP 4
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W8) | link (W7) | link (Vista).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 5
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programme uninstall successfully?
  • Fixlog.txt
  • MBAM log
  • JRT.txt
  • AdwCleaner[S0].txt

Edited by Machiavelli, 05 June 2015 - 01:17 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 June 2015 - 07:12 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by rob at 2015-06-05 19:55:56 Run:2
Running from C:\Documents and Settings\rob\Desktop
Loaded Profiles: rob &  (Available Profiles: rob & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
<======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1770027372-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Documents and Settings\rob\Local Settings\temp\jre-8u45-windows-au.exe
C:\Documents and Settings\rob\Local Settings\temp\npp.6.7.4.Installer.exe
C:\Documents and Settings\rob\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\rob\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\rob\Local Settings\temp\xmlUpdater.exe
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
<======= ATTENTION => Error: No automatic fix found for this entry.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
esgiguard => Service not found.
"C:\Documents and Settings\rob\Local Settings\temp\jre-8u45-windows-au.exe" => File/Folder not found.
"C:\Documents and Settings\rob\Local Settings\temp\npp.6.7.4.Installer.exe" => File/Folder not found.
"C:\Documents and Settings\rob\Local Settings\temp\Quarantine.exe" => File/Folder not found.
"C:\Documents and Settings\rob\Local Settings\temp\sqlite3.dll" => File/Folder not found.
"C:\Documents and Settings\rob\Local Settings\temp\xmlUpdater.exe" => File/Folder not found.
EmptyTemp: => Removed 595 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:57:27 ====

 

 

 

after the reboot:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/5/2015
Scan Time: 8:12:23 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.05.06
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: rob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 443636
Time Elapsed: 25 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Spigot.A, C:\Documents and Settings\rob\Application Data\Mozilla\Firefox\Profiles\43htojm9.default-1414667486375\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=");), Replaced,[a9717d3a7f0b7db9e9975c1923e3ab55]

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by bluffwood, 05 June 2015 - 07:39 PM.


#6 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 June 2015 - 07:50 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Fri 06/05/2015 at 20:43:06.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1482476501-1770027372-839522115-500\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\WINDOWS\System32\ai_recyclebin



~~~ Chrome


[C:\Documents and Settings\Administrator\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Administrator\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Administrator\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Administrator\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/05/2015 at 20:48:55.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 June 2015 - 08:03 PM

adw cleaner came up with nothing. No log.



#8 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 June 2015 - 08:25 PM

This is all I have. I lost the mbam log when the computer rebooted... hadn't hit POST



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,889 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:05 AM

Posted 06 June 2015 - 06:05 AM

You can find the Adwarecleaner Log also here: C:\AdwCleaner\AdwCleaner[Sx].txt

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

================================================

 

pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt

Edited by Machiavelli, 06 June 2015 - 06:05 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 June 2015 - 06:56 AM

I am still not able to download and install adobe flash

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015 (ATTENTION: ====> FRSTversion is 8 days old and could be outdated)
Ran by Administrator (administrator) on DELLXPS400 on 06-06-2015 07:50:44
Running from C:\Documents and Settings\rob\Desktop
Loaded Profiles: rob & Administrator (Available Profiles: rob & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(SONIX) C:\WINDOWS\tsnpstd3.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(Google Inc.) C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(QUALCOMM Incorporated) C:\Program Files\Qualcomm\Eudora\Eudora.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1260616 2014-12-14] (r2 Studios)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [OpenDNS Updater] => C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-12-17] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [MusicManager] => C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.)
HKU\S-1-5-21-1482476501-1770027372-839522115-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S4].txt [1269 2015-06-05] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-20] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-05] (Avast Software s.r.o.)
BootExecute: autocheck autochk * defrag_native

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1482476501-1770027372-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1770027372-839522115-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://69.130.177.237/DvrOcx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kasperskylab.webex.com/client/WBXclient-T27L10NSP25-10481/event/ieatgpc.cab
Handler: AutorunsDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-04] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-05] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.111.254
Tcpip\..\Interfaces\{70D1DBB6-1346-4AFF-9036-3BB60C39216D}: [NameServer] 192.168.111.254
Tcpip\..\Interfaces\{7D569FDC-B73D-4676-9EA5-56961BDFAE55}: [NameServer] 192.168.111.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-01-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-01-07] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-01-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-01-07] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2015-06-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-08-15]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [135032 2013-03-12] (Bayer Healthcare LLC)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-27] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-05] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-05] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-05-05] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-05] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-05-01] (FTDI Ltd.)
R3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Nbf; C:\WINDOWS\System32\DRIVERS\nbf.sys [98176 2001-08-23] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 ROOTUSB; C:\WINDOWS\System32\Drivers\ROOTUSB.sys [66944 2006-06-14] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 stdriver; C:\WINDOWS\System32\DRIVERS\stdriverx86.sys [43344 2014-01-03] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [254720 2010-04-29] (Vimicro Corporation)
R3 vusbbus; C:\WINDOWS\System32\DRIVERS\vusbbus.sys [47488 2006-06-14] () [File not signed]
R3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
S3 ZD1211BU(SMC); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 21:23 - 2015-06-05 21:23 - 00356032 _____ () C:\Documents and Settings\rob\Desktop\Rob Green-AutoOwners 2015 Billing Inf.one
2015-06-05 20:52 - 2015-06-05 20:52 - 02231296 _____ () C:\Documents and Settings\rob\Desktop\AdwCleaner(1).exe
2015-06-05 20:48 - 2015-06-05 20:48 - 00002278 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2015-06-05 20:43 - 2015-06-05 20:43 - 00000000 ____D () C:\RegBackup
2015-06-05 20:41 - 2015-06-05 20:41 - 02942610 _____ (Thisisu) C:\Documents and Settings\rob\Desktop\JRT.exe
2015-06-05 19:45 - 2015-06-05 19:45 - 00000917 _____ () C:\Documents and Settings\rob\Desktop\Revo Uninstaller.lnk
2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-06-05 19:44 - 2015-06-05 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Documents and Settings\rob\Desktop\revosetup.exe
2015-06-04 22:16 - 2015-06-04 22:27 - 09527548 _____ () C:\Documents and Settings\rob\Desktop\backup-dynamitewelding.com-6-4-2015.tar.gz.part
2015-06-04 07:04 - 2015-06-04 13:14 - 00000080 _____ () C:\Documents and Settings\rob\Desktop\egg sales.txt
2015-06-02 11:20 - 2015-06-03 09:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-30 19:40 - 2015-05-30 19:41 - 00066114 _____ () C:\Documents and Settings\rob\Desktop\Addition.txt
2015-05-30 19:39 - 2015-06-06 07:51 - 00021000 _____ () C:\Documents and Settings\rob\Desktop\FRST.txt
2015-05-30 19:38 - 2015-06-06 07:50 - 00000000 ____D () C:\FRST
2015-05-30 19:38 - 2015-05-30 19:38 - 01147392 _____ (Farbar) C:\Documents and Settings\rob\Desktop\FRST.exe
2015-05-30 14:28 - 2015-05-30 14:29 - 00004132 _____ () C:\Documents and Settings\rob\Desktop\Rkill.txt
2015-05-30 14:27 - 2015-05-30 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\rob\Desktop\rkill.exe
2015-05-30 13:48 - 2015-05-30 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-05-30 13:45 - 2015-05-30 14:18 - 00000000 ____D () C:\Documents and Settings\rob\Desktop\mbar
2015-05-30 13:41 - 2015-05-30 13:45 - 16502728 _____ (Malwarebytes Corp.) C:\Documents and Settings\rob\Desktop\mbar-1.09.1.1004.exe
2015-05-30 07:58 - 2015-05-30 07:58 - 00001920 _____ () C:\Documents and Settings\rob\Desktop\mb.txt
2015-05-30 07:29 - 2015-05-30 07:30 - 00044441 _____ () C:\Documents and Settings\rob\Desktop\Result.txt
2015-05-30 07:25 - 2015-05-30 07:25 - 00002352 _____ () C:\Documents and Settings\rob\Desktop\FSS.txt
2015-05-30 07:24 - 2015-05-30 07:24 - 00415232 _____ (Farbar) C:\Documents and Settings\rob\Desktop\FSS.exe
2015-05-30 07:21 - 2015-05-30 07:22 - 00852639 _____ () C:\Documents and Settings\rob\Desktop\SecurityCheck.exe
2015-05-29 12:46 - 2015-05-29 12:46 - 00927920 _____ (Adobe Systems Incorporated) C:\Documents and Settings\rob\Desktop\uninstall_flash_player.exe
2015-05-29 12:33 - 2015-05-29 12:34 - 00008747 _____ () C:\WINDOWS\KB2909921-IE8.log
2015-05-29 08:24 - 2015-05-29 08:24 - 00000922 _____ () C:\Documents and Settings\rob\Desktop\Should I Remove It.lnk
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D () C:\Program Files\Reason
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D () C:\Documents and Settings\rob\Start Menu\Programs\Should I Remove It
2015-05-29 07:50 - 2015-05-29 07:50 - 00000128 _____ () C:\Documents and Settings\rob\Desktop\chlorinator.txt
2015-05-28 21:55 - 2015-05-28 21:55 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-05-26 04:04 - 2015-05-26 04:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-05-07 08:02 - 2015-05-07 08:03 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-05-07 08:02 - 2015-05-07 08:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 07:51 - 2015-01-21 15:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-06-06 07:49 - 2015-01-21 11:01 - 00000000 ____D () C:\Documents and Settings\rob\Local Settings\temp
2015-06-06 07:00 - 2014-12-17 18:44 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003UA.job
2015-06-06 07:00 - 2012-01-15 21:28 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 23:51 - 2012-07-28 14:48 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-05 23:39 - 2014-08-16 18:59 - 00000000 ____D () C:\Documents and Settings\rob\Local Settings\Application Data\Adobe
2015-06-05 21:00 - 2014-03-05 22:26 - 00448425 _____ () C:\WINDOWS\setupapi.log
2015-06-05 21:00 - 2011-08-14 23:37 - 01488445 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-05 20:59 - 2011-08-14 23:35 - 00000000 ____D () C:\WINDOWS\Registration
2015-06-05 20:59 - 2011-08-14 19:30 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-06-05 20:59 - 2011-08-14 19:30 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-06-05 20:58 - 2014-03-16 13:41 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-05 20:58 - 2012-01-15 21:28 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 20:58 - 2011-08-14 23:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-05 20:57 - 2011-08-22 18:20 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-06-05 20:57 - 2011-08-14 23:43 - 00000178 ___SH () C:\Documents and Settings\rob\ntuser.ini
2015-06-05 20:57 - 2011-08-14 23:42 - 00032314 _____ () C:\WINDOWS\SchedLgU.Txt
2015-06-05 20:56 - 2014-01-30 12:17 - 00000000 ____D () C:\AdwCleaner
2015-06-05 20:12 - 2014-09-03 09:22 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 20:05 - 2013-03-05 11:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-06-05 10:00 - 2014-12-17 18:44 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003Core.job
2015-06-03 12:07 - 2011-09-26 09:14 - 00002465 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
2015-06-03 09:56 - 2011-08-21 13:27 - 00000000 ____D () C:\Program Files\TeamViewer
2015-06-02 09:55 - 2014-03-04 19:25 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-05-30 14:18 - 2011-11-16 10:03 - 00000000 __SHD () C:\Documents and Settings\rob\Local Settings\Application Data\3cedbbe2
2015-05-30 13:45 - 2014-09-03 09:21 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-30 09:45 - 2014-09-03 09:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-30 08:01 - 2011-08-15 00:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2015-05-30 07:33 - 2014-09-04 08:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 07:33 - 2012-12-18 20:00 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-29 12:40 - 2015-01-04 16:20 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-05-29 08:06 - 2011-08-14 23:43 - 00000000 ____D () C:\Documents and Settings\rob
2015-05-28 00:03 - 2011-08-22 20:19 - 00000000 ____D () C:\Documents and Settings\rob\Application Data\Skype
2015-05-27 13:58 - 2004-08-10 07:00 - 00000932 _____ () C:\WINDOWS\win.ini
2015-05-27 13:24 - 2012-02-28 20:07 - 00000000 ____D () C:\Documents and Settings\rob\Application Data\Nova Development
2015-05-26 04:04 - 2015-04-05 01:26 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-05-22 07:20 - 2012-02-15 22:55 - 00000306 _____ () C:\WINDOWS\QTW.INI
2015-05-16 20:49 - 2011-09-23 13:30 - 00123904 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-15 03:10 - 2013-08-14 03:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-15 03:10 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-15 03:00 - 2011-08-15 00:30 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:12 - 2011-09-13 22:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-05-12 22:07 - 2015-03-13 19:07 - 00002276 _____ () C:\Documents and Settings\rob\Desktop\joomla notes.txt
2015-05-11 12:59 - 2011-11-14 11:04 - 00000089 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
2015-05-10 03:03 - 2011-08-14 23:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-08 15:00 - 2014-03-16 13:41 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-05-07 08:37 - 2013-11-14 13:19 - 00000000 ____D () C:\Documents and Settings\rob\GLUCOFACTS Deluxe
2015-05-07 08:02 - 2011-08-14 23:42 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-07 07:58 - 2013-11-14 13:20 - 00296713 _____ () C:\Documents and Settings\rob\logSequencer.log
2015-05-07 07:57 - 2014-05-02 03:00 - 00014062 _____ () C:\WINDOWS\KB2964358-IE8.log

==================== Files in the root of some directories =======

2015-02-04 03:48 - 2015-02-04 03:48 - 6103040 _____ () C:\Program Files\GUTFF54.tmp

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Administrator at 2015-06-06 07:52:06
Running from C:\Documents and Settings\rob\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1482476501-1770027372-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1482476501-1770027372-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-1482476501-1770027372-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1482476501-1770027372-839522115-1000 - Limited - Disabled)
rob (S-1-5-21-1482476501-1770027372-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\rob
SUPPORT_388945a0 (S-1-5-21-1482476501-1770027372-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (Version: 4.0.15.0 - Nero AG) Hidden
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Connect Add-in (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Adobe Acrobat Connect Add-in) (Version:  - )
Adobe Connect Add-in (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Adobe Connect Add-in) (Version:  - )
Adobe Photoshop 7.0.1 (HKLM\...\Adobe Photoshop 7.0.1) (Version: 7.0.1 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Airlink101 MFP PS Utility (HKLM\...\{ECE9D6C8-2DE8-4505-920E-103FAF0AC9CF}) (Version:  - )
Allway Sync version 12.2.3 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Explosion Publisher Pro (HKLM\...\{C62D7344-8709-4443-9C95-F90659CBC27F}) (Version: 1.00.0013 - Nova Development)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5183 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.23-060209a1-030546C-Dell - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
Avery Wizard 4.0 (HKLM\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eudora (HKLM\...\{35F4CFB8-6366-4337-B192-E8296375CE92}) (Version: 7.0 - )
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Free AIFF To MP3 Converter (HKLM\...\{A3E98E9F-0627-4955-AB16-9F329B9E3194}) (Version: 1.0.0 - Convert Audio free)
Free M4A WAV to MP3 Audio Converter (HKLM\...\{FA17CBFC-5DB9-4901-9AB5-C27937E8DB3D}_is1) (Version:  - )
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GLUCOFACTS™ Deluxe (HKLM\...\{9F4EC465-8411-48C1-BD8F-B606BE4B6112}) (Version: 3.06.10 - Bayer HealthCare)
GLUCOFACTS™ Deluxe Smart Launch (HKLM\...\{D557DF24-61F6-4731-A3B9-626CA9387D42}) (Version: 1.22.01 - Bayer HealthCare)
Google Chrome (HKLM\...\{6438EBAC-5305-39A5-A93E-88CDFA6CE947}) (Version: 65.61.49249 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 5.2.0.952 (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\GoToMeeting) (Version: 5.2.0.952 - CitrixOnline)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
IEEE 802.11g USB Wireless LAN Adapter (HKLM\...\{581CE7EA-A30D-0000-1211-088635773309}) (Version:  - )
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
iWisoft Flash SWF to Video Converter 3.5 (HKLM\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.5.0 - www.flash-swf-converter.com)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KompoZer 0.8b3 (HKLM\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version:  - KompoZer)
Macromedia FlashPaper 2 (HKLM\...\Macromedia FlashPaper 2_is1) (Version: 2.0.0 - Macromedia)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{C3FFB7B4-F56A-4C85-8FB1-FAEC9D557732}) (Version: 6.10.1072.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\MusicManager) (Version:  - Google, Inc.)
Musicmatch® Jukebox (HKLM\...\{85D3CC30-8859-481A-9654-FD9B74310BEF}) (Version: 10.00.4033 - )
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nero 9 (HKLM\...\{f7433ee6-14ef-43fe-badd-50e7fb1d1dfa}) (Version:  - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Pidgin (HKLM\...\Pidgin) (Version: 2.10.1 - )
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
QuickBooks (Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2011 (HKLM\...\{11E0AC7D-6824-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTime for Windows (32-bit) (HKLM\...\QuickTime32) (Version:  - )
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Should I Remove It (HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4493.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Solid Mp4 to DVD Converter and Burner 1.2.7 (HKLM\...\{E82FBDF4-8C05-5611-B8D8-2331145ECA11}_is1) (Version:  - TopviewSoft, Inc.)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
SoundTrax (Version: 4.0.18.0 - Nero AG) Hidden
Startup Delayer v3.0 (build 363) (HKLM\...\Startup Delayer) (Version: 3.0 (build 363) - r2 Studios)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ultra Defragmenter (HKLM\...\UltraDefrag) (Version: 6.0.2 - UltraDefrag Development Team)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
USB PC Camera Plus (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.21.1.000 - Sonix)
Video Download Capture V4.8.2 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.2 - Apowersoft)
Vimicro USB2.0 UVC PC Camera (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2010.03.02 - Vimicro Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VSDC Free Video Editor version 3.1.0.354 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.1.0.354 - Flash-Integro LLC)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 1.0.0.0 - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B02 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\952\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-1770027372-839522115-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\rob\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

26-04-2015 23:14:28 System Checkpoint
27-04-2015 23:15:24 System Checkpoint
29-04-2015 00:13:45 System Checkpoint
30-04-2015 01:13:46 System Checkpoint
01-05-2015 02:13:45 System Checkpoint
02-05-2015 03:13:17 System Checkpoint
03-05-2015 04:13:17 System Checkpoint
04-05-2015 05:10:07 System Checkpoint
05-05-2015 06:07:40 System Checkpoint
05-05-2015 11:50:01 avast! antivirus system restore point
06-05-2015 12:08:36 System Checkpoint
06-05-2015 19:52:09 Removed Java 8 Update 45
07-05-2015 07:55:47 Software Distribution Service 3.0
08-05-2015 09:29:31 System Checkpoint
09-05-2015 09:46:08 System Checkpoint
10-05-2015 03:00:19 Software Distribution Service 3.0
11-05-2015 03:45:30 System Checkpoint
12-05-2015 04:45:35 System Checkpoint
12-05-2015 22:10:08 Software Distribution Service 3.0
12-05-2015 23:19:05 Software Distribution Service 3.0
13-05-2015 03:00:17 Software Distribution Service 3.0
14-05-2015 03:00:19 Software Distribution Service 3.0
15-05-2015 03:00:18 Software Distribution Service 3.0
16-05-2015 03:25:51 System Checkpoint
17-05-2015 04:25:53 System Checkpoint
18-05-2015 05:25:40 System Checkpoint
19-05-2015 06:25:41 System Checkpoint
20-05-2015 07:26:44 System Checkpoint
21-05-2015 08:25:38 System Checkpoint
22-05-2015 09:43:52 System Checkpoint
23-05-2015 10:52:19 System Checkpoint
24-05-2015 12:28:40 System Checkpoint
25-05-2015 12:39:34 System Checkpoint
26-05-2015 17:03:08 System Checkpoint
27-05-2015 17:38:28 System Checkpoint
28-05-2015 18:37:23 System Checkpoint
29-05-2015 08:24:10 Installed Should I Remove It
29-05-2015 12:33:19 Software Distribution Service 3.0
30-05-2015 12:49:53 System Checkpoint
30-05-2015 14:18:22 Malwarebytes Anti-Rootkit Restore Point
31-05-2015 14:19:37 System Checkpoint
01-06-2015 15:35:03 System Checkpoint
03-06-2015 17:29:28 System Checkpoint
04-06-2015 18:15:48 System Checkpoint
05-06-2015 18:16:40 System Checkpoint
05-06-2015 19:47:05 Revo Uninstaller's restore point - Catalina Savings Printer
05-06-2015 19:47:25 Removed Catalina Savings Printer.
05-06-2015 19:55:11 Restore Point Created by FRST
05-06-2015 19:56:02 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-03-04 22:50 - 2015-01-21 15:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003Core.job => C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003UA.job => C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-1770027372-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-1770027372-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_rob.job => C:\Documents and Settings\rob\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_rob.job => C:\Documents and Settings\rob\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_rob.job => C:\Documents and Settings\rob\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-27 18:14 - 2015-05-05 11:50 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-27 18:13 - 2015-05-05 11:50 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-05 14:56 - 2015-06-05 14:56 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060501\algo.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-10 07:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-07-04 17:32 - 2010-07-04 17:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-12-17 00:52 - 2011-05-28 23:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2013-11-26 06:22 - 2015-03-27 18:14 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-06-16 17:42 - 2010-06-16 17:42 - 00839680 _____ () C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
2014-09-03 15:15 - 2014-09-03 15:15 - 10683392 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 07741952 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 02248192 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\QtCore4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 01681408 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\QtNetwork4.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00117248 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\libaacdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00231936 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\libmpgdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00253440 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\libid3tag.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00344064 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 00026624 _____ () C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-10-03 08:04 - 2014-10-03 08:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 08:04 - 2014-10-03 08:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 08:04 - 2014-10-03 08:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2011-09-04 21:41 - 2006-10-03 12:15 - 00007680 _____ () C:\Program Files\Qualcomm\Eudora\EuLang.dll
2011-09-04 21:41 - 2005-08-09 12:21 - 00151552 _____ () C:\Program Files\Qualcomm\Eudora\LIBEXPAT.dll
2011-09-04 21:41 - 2006-10-04 10:04 - 00065536 ____R () C:\Program Files\Qualcomm\Eudora\plstclnt.dll
2011-09-04 21:41 - 2005-08-09 16:09 - 00011264 _____ () C:\Program Files\Qualcomm\Eudora\Plugins\Unwrap32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\no-ip.biz -> bluffwoodcreekorganics.no-ip.biz
IE trusted site: HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\samsungsetup.com -> hxxp://www.samsungsetup.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1482476501-1770027372-839522115-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.111.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IEEE 802.11g USB Wireless LAN Utility.lnk => C:\WINDOWS\pss\IEEE 802.11g USB Wireless LAN Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\WINDOWS\pss\Intuit Data Protect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aim => "C:\Program Files\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: KONICA MINOLTA magicolor 2400W STD => C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MimBoot => C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
MSCONFIG\startupreg: MMTray => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
MSCONFIG\startupreg: NBCore => "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Remote Virtual USB => C:\Program Files\Airlink101\MFP PS Utility\RMVUSB.exe /b
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VMonitorVMUVC => "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\WS_FTP\WS_FTP95.exe] => Enabled:WS_FTP 95
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\rob\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe] => Enabled:Octoshape add-in for Adobe Flash Player
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe] => Enabled:QuickBooks 2011 Data Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\AVAST Software\Avast\AvastUI.exe] => Enabled:avast! Antivirus
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Update\GoogleUpdate.exe] => Enabled:Google Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Qualcomm\Eudora\Eudora.exe] => Enabled:EUDORA
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\plugin-container.exe] => Enabled:Plugin Container for Firefox
StandardProfile\AuthorizedApplications: [C:\Program Files\AIM\aim.exe] => Enabled:AIM
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeCam.exe] => Enabled:LifeCam.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeEnC2.exe] => Enabled:LifeEnC2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeExp.exe] => Enabled:LifeExp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeTray.exe] => Enabled:LifeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Airlink101\MFP PS Utility\RMVUSB.exe] => Enabled:Airlink101 MFP PS Utility
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\Video Download Capture.exe] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftSrv.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDump.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftAC.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftPlayer.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll] => Enabled:Video Download Capture
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe] => Enabled:Free Torrent Download (ANY)
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\rob\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath_target_1039312859\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe] => Enabled:VSDC Free Video Editor
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Updater.exe] => Enabled:VSDC Free Video Editor Updater
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath_target_829015\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007

==================== Faulty Device Manager Devices =============

Name: RADEON X300 SE 128MB HyperMemory Secondary
Description: RADEON X300 SE 128MB HyperMemory Secondary
Class Guid:  TI Technologies Inc.
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2015 07:55:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 29.5.2015.0, faulting module frst.exe, version 29.5.2015.0, fault address 0x0001f3f6.
Processing media-specific event for [frst.exe!ws!]

Error: (05/29/2015 00:39:20 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Root element is missing.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlTextReaderImpl.Throw(Exception e)
   at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res)
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlTextReaderImpl.Read()
   at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
   at System.Xml.XmlDocument.Load(XmlReader reader)
   at System.Xml.XmlDocument.Load(Stream inStream)
   at eSupport.Common.Client.Service.Core.ConfigurationInformation.SynchronizeOSInfoConfig()]]></StackTrace><SysInfo STag="5NLV091" SMBIOSMajVer="2" SMBIOSMinVer="3" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20051028000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Dell DXP051" Ident_Num="DELLXPS400" TimeZone="(GMT-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows XP Professional"/><Method>Synchronize OS INFO failed</Method></Exception>

Error: (05/29/2015 00:27:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (05/29/2015 00:27:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application flashutil32_17_0_0_169_activex.exe, version 17.0.0.169, faulting module unknown, version 0.0.0.0, fault address 0x10015c07.
Processing media-specific event for [flashutil32_17_0_0_169_activex.exe!ws!]

Error: (05/29/2015 07:50:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/28/2015 09:50:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/27/2015 01:24:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application pubpro.exe, version 1.0.0.13, faulting module story.dll, version 9.0.4.0, fault address 0x00025bee.
Processing media-specific event for [pubpro.exe!ws!]

Error: (05/26/2015 04:46:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/26/2015 08:10:21 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (05/26/2015 08:10:21 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (06/05/2015 08:56:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Media Center Extender Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/05/2015 08:56:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/05/2015 08:56:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/05/2015 08:56:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Nero BackItUp Scheduler 4.0 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 500 milliseconds: Restart the service.

Error: (06/05/2015 08:56:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/05/2015 08:56:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2015 08:56:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/05/2015 08:43:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2015 08:43:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/05/2015 08:43:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberGhost 5 Client Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (12/07/2014 08:15:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 164693 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (11/26/2014 00:16:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 48759 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (04/06/2014 07:48:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1093816 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (01/17/2014 10:39:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 389 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (05/24/2013 09:09:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 531275 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/10/2013 08:58:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 225024 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (03/05/2013 11:45:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 56851 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/23/2012 10:26:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 406 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (04/04/2012 05:52:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71528 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (01/11/2012 10:39:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13678 seconds with 660 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor:  Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 3070.09 MB
Available physical RAM: 1506.84 MB
Total Pagefile: 5981.85 MB
Available Pagefile: 4174.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:28.51 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:1765.3 GB) (Free:1586.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1CF51CF4)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1765.3 GB) - (Type=07 NTFS)

==================== End of log ============================



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,889 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:05 AM

Posted 06 June 2015 - 08:22 AM

I am still not able to download and install adobe flash

And I don't think you are following my instructions.

 

I've said: You can find the Adwarecleaner Log also here: C:\AdwCleaner\AdwCleaner[Sx].txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015 (ATTENTION: ====> FRSTversion is 8 days old and could be outdated)

Please redownload FRST and do the scan again.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 June 2015 - 08:43 AM

Thank you

# AdwCleaner v4.206 - Logfile created 05/06/2015 at 20:56:51
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - DELLXPS400
# Running from : C:\Documents and Settings\rob\Desktop\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [4810 bytes] - [30/01/2014 12:17:58]
AdwCleaner[R1].txt - [8456 bytes] - [05/03/2014 19:18:51]
AdwCleaner[R2].txt - [6267 bytes] - [03/09/2014 08:57:17]
AdwCleaner[R3].txt - [1529 bytes] - [21/01/2015 16:00:52]
AdwCleaner[R4].txt - [1204 bytes] - [05/06/2015 20:53:52]
AdwCleaner[S0].txt - [4664 bytes] - [30/01/2014 12:19:40]
AdwCleaner[S1].txt - [8679 bytes] - [05/03/2014 19:21:26]
AdwCleaner[S2].txt - [5870 bytes] - [03/09/2014 09:09:48]
AdwCleaner[S3].txt - [1520 bytes] - [21/01/2015 16:04:57]
AdwCleaner[S4].txt - [1132 bytes] - [05/06/2015 20:56:51]

########## EOF - \AdwCleaner\AdwCleaner[S4].txt - [1191  bytes] ##########
 



#13 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 June 2015 - 08:57 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-06-2015
Ran by Administrator (administrator) on DELLXPS400 on 06-06-2015 09:51:09
Running from C:\Documents and Settings\rob\Desktop
Loaded Profiles: rob & Administrator (Available Profiles: rob & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(SONIX) C:\WINDOWS\tsnpstd3.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
(Google Inc.) C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(QUALCOMM Incorporated) C:\Program Files\Qualcomm\Eudora\Eudora.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Farbar) C:\Documents and Settings\rob\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1260616 2014-12-14] (r2 Studios)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [OpenDNS Updater] => C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-12-17] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [MusicManager] => C:\Documents and Settings\rob\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.)
HKU\S-1-5-21-1482476501-1770027372-839522115-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S4].txt [1269 2015-06-05] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-20] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-05] (Avast Software s.r.o.)
BootExecute: autocheck autochk * defrag_native

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1482476501-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1482476501-1770027372-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1770027372-839522115-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle Corporation)
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://69.130.177.237/DvrOcx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kasperskylab.webex.com/client/WBXclient-T27L10NSP25-10481/event/ieatgpc.cab
Handler: AutorunsDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-04] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-05] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.111.254
Tcpip\..\Interfaces\{70D1DBB6-1346-4AFF-9036-3BB60C39216D}: [NameServer] 192.168.111.254
Tcpip\..\Interfaces\{7D569FDC-B73D-4676-9EA5-56961BDFAE55}: [NameServer] 192.168.111.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-01-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-01-07] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-1770027372-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\rob\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-01-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2014-06-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-01-07] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2015-06-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-08-15]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1482476501-1770027372-839522115-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [135032 2013-03-12] (Bayer Healthcare LLC)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-27] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-05] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-05] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-05-05] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-05] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-05-01] (FTDI Ltd.)
R3 KMWDFILTER; C:\WINDOWS\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Nbf; C:\WINDOWS\System32\DRIVERS\nbf.sys [98176 2001-08-23] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 ROOTUSB; C:\WINDOWS\System32\Drivers\ROOTUSB.sys [66944 2006-06-14] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 stdriver; C:\WINDOWS\System32\DRIVERS\stdriverx86.sys [43344 2014-01-03] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [254720 2010-04-29] (Vimicro Corporation)
R3 vusbbus; C:\WINDOWS\System32\DRIVERS\vusbbus.sys [47488 2006-06-14] () [File not signed]
R3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
S3 ZD1211BU(SMC); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 09:48 - 2015-06-06 09:48 - 01147392 _____ (Farbar) C:\Documents and Settings\rob\Desktop\FRST(1).exe
2015-06-05 21:23 - 2015-06-05 21:23 - 00356032 _____ C:\Documents and Settings\rob\Desktop\Rob Green-AutoOwners 2015 Billing Inf.one
2015-06-05 20:52 - 2015-06-05 20:52 - 02231296 _____ C:\Documents and Settings\rob\Desktop\AdwCleaner(1).exe
2015-06-05 20:48 - 2015-06-05 20:48 - 00002278 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2015-06-05 20:43 - 2015-06-05 20:43 - 00000000 ____D C:\RegBackup
2015-06-05 20:41 - 2015-06-05 20:41 - 02942610 _____ (Thisisu) C:\Documents and Settings\rob\Desktop\JRT.exe
2015-06-05 19:45 - 2015-06-05 19:45 - 00000917 _____ C:\Documents and Settings\rob\Desktop\Revo Uninstaller.lnk
2015-06-05 19:45 - 2015-06-05 19:45 - 00000000 ____D C:\Program Files\VS Revo Group
2015-06-05 19:44 - 2015-06-05 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Documents and Settings\rob\Desktop\revosetup.exe
2015-06-04 22:16 - 2015-06-04 22:27 - 09527548 _____ C:\Documents and Settings\rob\Desktop\backup-dynamitewelding.com-6-4-2015.tar.gz.part
2015-06-04 07:04 - 2015-06-04 13:14 - 00000080 _____ C:\Documents and Settings\rob\Desktop\egg sales.txt
2015-06-02 11:20 - 2015-06-03 09:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-30 19:40 - 2015-06-06 07:52 - 00068324 _____ C:\Documents and Settings\rob\Desktop\Addition.txt
2015-05-30 19:39 - 2015-06-06 09:51 - 00021044 _____ C:\Documents and Settings\rob\Desktop\FRST.txt
2015-05-30 19:38 - 2015-06-06 09:51 - 00000000 ____D C:\FRST
2015-05-30 14:28 - 2015-05-30 14:29 - 00004132 _____ C:\Documents and Settings\rob\Desktop\Rkill.txt
2015-05-30 14:27 - 2015-05-30 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\rob\Desktop\rkill.exe
2015-05-30 13:48 - 2015-05-30 14:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-05-30 13:45 - 2015-05-30 14:18 - 00000000 ____D C:\Documents and Settings\rob\Desktop\mbar
2015-05-30 13:41 - 2015-05-30 13:45 - 16502728 _____ (Malwarebytes Corp.) C:\Documents and Settings\rob\Desktop\mbar-1.09.1.1004.exe
2015-05-30 07:58 - 2015-05-30 07:58 - 00001920 _____ C:\Documents and Settings\rob\Desktop\mb.txt
2015-05-30 07:29 - 2015-05-30 07:30 - 00044441 _____ C:\Documents and Settings\rob\Desktop\Result.txt
2015-05-30 07:25 - 2015-05-30 07:25 - 00002352 _____ C:\Documents and Settings\rob\Desktop\FSS.txt
2015-05-30 07:24 - 2015-05-30 07:24 - 00415232 _____ (Farbar) C:\Documents and Settings\rob\Desktop\FSS.exe
2015-05-30 07:21 - 2015-05-30 07:22 - 00852639 _____ C:\Documents and Settings\rob\Desktop\SecurityCheck.exe
2015-05-29 12:46 - 2015-05-29 12:46 - 00927920 _____ (Adobe Systems Incorporated) C:\Documents and Settings\rob\Desktop\uninstall_flash_player.exe
2015-05-29 12:33 - 2015-05-29 12:34 - 00008747 _____ C:\WINDOWS\KB2909921-IE8.log
2015-05-29 08:24 - 2015-05-29 08:24 - 00000922 _____ C:\Documents and Settings\rob\Desktop\Should I Remove It.lnk
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D C:\Program Files\Reason
2015-05-29 08:24 - 2015-05-29 08:24 - 00000000 ____D C:\Documents and Settings\rob\Start Menu\Programs\Should I Remove It
2015-05-29 07:50 - 2015-05-29 07:50 - 00000128 _____ C:\Documents and Settings\rob\Desktop\chlorinator.txt
2015-05-28 21:55 - 2015-05-28 21:55 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-05-26 04:04 - 2015-05-26 04:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-05-07 08:02 - 2015-05-07 08:03 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-05-07 08:02 - 2015-05-07 08:02 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 09:51 - 2015-01-21 15:21 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-06-06 09:49 - 2015-01-21 11:01 - 00000000 ____D C:\Documents and Settings\rob\Local Settings\temp
2015-06-06 09:00 - 2014-12-17 18:44 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003UA.job
2015-06-06 09:00 - 2012-01-15 21:28 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 23:51 - 2012-07-28 14:48 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-05 23:39 - 2014-08-16 18:59 - 00000000 ____D C:\Documents and Settings\rob\Local Settings\Application Data\Adobe
2015-06-05 21:00 - 2014-03-05 22:26 - 00448425 _____ C:\WINDOWS\setupapi.log
2015-06-05 21:00 - 2011-08-14 23:37 - 01488445 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-05 20:59 - 2011-08-14 23:35 - 00000000 ____D C:\WINDOWS\Registration
2015-06-05 20:59 - 2011-08-14 19:30 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-06-05 20:59 - 2011-08-14 19:30 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-06-05 20:58 - 2014-03-16 13:41 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-05 20:58 - 2012-01-15 21:28 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 20:58 - 2011-08-14 23:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-05 20:57 - 2011-08-22 18:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-06-05 20:57 - 2011-08-14 23:43 - 00000178 ___SH C:\Documents and Settings\rob\ntuser.ini
2015-06-05 20:57 - 2011-08-14 23:42 - 00032314 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-05 20:56 - 2014-01-30 12:17 - 00000000 ____D C:\AdwCleaner
2015-06-05 20:12 - 2014-09-03 09:22 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 20:05 - 2013-03-05 11:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-05 10:00 - 2014-12-17 18:44 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1770027372-839522115-1003Core.job
2015-06-03 12:07 - 2011-09-26 09:14 - 00002465 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
2015-06-03 09:56 - 2011-08-21 13:27 - 00000000 ____D C:\Program Files\TeamViewer
2015-06-02 09:55 - 2014-03-04 19:25 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-05-30 14:18 - 2011-11-16 10:03 - 00000000 __SHD C:\Documents and Settings\rob\Local Settings\Application Data\3cedbbe2
2015-05-30 13:45 - 2014-09-03 09:21 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-30 09:45 - 2014-09-03 09:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-05-30 08:01 - 2011-08-15 00:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB958869$
2015-05-30 07:33 - 2014-09-04 08:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 07:33 - 2012-12-18 20:00 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-29 12:40 - 2015-01-04 16:20 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-05-29 08:06 - 2011-08-14 23:43 - 00000000 ____D C:\Documents and Settings\rob
2015-05-28 00:03 - 2011-08-22 20:19 - 00000000 ____D C:\Documents and Settings\rob\Application Data\Skype
2015-05-27 13:58 - 2004-08-10 07:00 - 00000932 _____ C:\WINDOWS\win.ini
2015-05-27 13:24 - 2012-02-28 20:07 - 00000000 ____D C:\Documents and Settings\rob\Application Data\Nova Development
2015-05-26 04:04 - 2015-04-05 01:26 - 00000706 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-05-22 07:20 - 2012-02-15 22:55 - 00000306 _____ C:\WINDOWS\QTW.INI
2015-05-16 20:49 - 2011-09-23 13:30 - 00123904 _____ C:\Documents and Settings\rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-15 03:10 - 2013-08-14 03:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-15 03:10 - 2004-08-10 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-05-15 03:00 - 2011-08-15 00:30 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:12 - 2011-09-13 22:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-05-12 22:07 - 2015-03-13 19:07 - 00002276 _____ C:\Documents and Settings\rob\Desktop\joomla notes.txt
2015-05-11 12:59 - 2011-11-14 11:04 - 00000089 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2015-05-10 03:03 - 2011-08-14 23:34 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-05-08 15:00 - 2014-03-16 13:41 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-05-07 08:37 - 2013-11-14 13:19 - 00000000 ____D C:\Documents and Settings\rob\GLUCOFACTS Deluxe
2015-05-07 08:02 - 2011-08-14 23:42 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-05-07 07:58 - 2013-11-14 13:20 - 00296713 _____ C:\Documents and Settings\rob\logSequencer.log
2015-05-07 07:57 - 2014-05-02 03:00 - 00014062 _____ C:\WINDOWS\KB2964358-IE8.log

==================== Files in the root of some directories =======

2015-02-04 03:48 - 2015-02-04 03:48 - 6103040 _____ () C:\Program Files\GUTFF54.tmp

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================



#14 bluffwood

bluffwood
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 June 2015 - 09:04 AM

Doing the best I can. It's certainly not my intent not to follow your instructions. Let me know if I'm missing anything.



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,889 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:05 AM

Posted 06 June 2015 - 04:01 PM

It's certainly not my intent not to follow your instructions. Let me know if I'm missing anything.

I know, don't worry about it. Just mentioning when something is missing. ;)

 

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

On April 8th 2014, Microsoft officially declared Windows XP as unsupported, and consequently ceased the production and release of Windows XP Updates and Security Patches. Please refer to the following articles for more information.

Without Windows Updates, your computer will be continuously susceptible to malware infection. In the past, vulnerabilities found in the Windows XP software were patched shortly after by Microsoft issuing an Update. Now that XP is no long supported with Updates, once a vulnerability is discovered, it will not be patched; allowing malware authors to freely distribute their exploit in the knowledge the vulnerability will not be patched. Keeping an Internet-connected Windows XP machine free of malware is unpractical. The only solution is to upgrade to a supported Operating System (Windows Vista/7/8). 
 
Please let me know if you have any questions.

 

======================================================================

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    URLSearchHook: [S-1-5-21-1482476501-1770027372-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1482476501-1770027372-839522115-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Folder:C:\Documents and Settings\rob\Local Settings\Application Data\3cedbbe2
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST FixLog
  • ESET Online Scan log

 


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users