Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdChoices Removal


  • This topic is locked This topic is locked
3 replies to this topic

#1 TheSmokingMan

TheSmokingMan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 13 September 2015 - 06:59 PM

I have gone through a laborious process of removing a host of virus weirdness on this computer (much thanks to your website and others) and I am down to being stumped by AdChoices.
 
I have successfully (hopefully) gotten rid of "DNS Unlocker" as well as some weird programs: "InDepthSystem", "imagXpress", "Vivid Awareness" and "Nero." -Nero was huge, literally hundreds of registry keys and most of them looked appropriate with just a few having paths to "AdvrtCntr" files that were red flags.
 
But I'm stumped by AdChoices. Chrome has been uninstalled/reinstalled and all extensions/plugins have been removed. Firefox is completely uninstalled for now. IE doesn't have any obvious adware extensions but I disabled every extension anyway because I never use it.
 
I fricken LOVE Farbar's FRST! I almost bricked my computer too and I had to restore and start all over but that software rocks!
 
Anyway, any insight to how AdChoices is getting me would be much appreciated. I'm suspicious of the "Policies\Google" keys that have the ATTENTION flags on them in the log below but when I messed with them with a fixlist my computer was weird after restart: Couldn't load programs and I couldn't even get "Command Prompt" to load so I freaked out and restored. I might have f'd up the syntax in fixlist.
 
Another thing that bothers me is the, "ATTENTION: ==> Could not access BCD." at the end of the log below. Am I going to have to rebuild that?
 
Thank you in advance for any help.
 
 
Current FRST log results*****************************************************************************
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-09-2015 01
Ran by Second (administrator) on SECOND-PC (13-09-2015 16:27:04)
Running from C:\Users\Second\Desktop\ferbar
Loaded Profiles: Second & UpdatusUser (Available Profiles: Second & QBDataServiceUser19 & UpdatusUser & Tony Hurst)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(M-Audio) C:\Program Files\M-Audio\USB MIDI Series\AudioDevMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [SoundMan] => SOUNDMAN.EXE
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3929073943-2651328921-349090659-1002\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3929073943-2651328921-349090659-1002\...\Run: [Google Update] => "C:\Users\Second\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3929073943-2651328921-349090659-1002\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3929073943-2651328921-349090659-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3929073943-2651328921-349090659-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5C3E0C86-05A9-4D89-96ED-DBB3A44661E0}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3929073943-2651328921-349090659-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-3929073943-2651328921-349090659-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3929073943-2651328921-349090659-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.derex.com/
HKU\S-1-5-21-3929073943-2651328921-349090659-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-3929073943-2651328921-349090659-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3929073943-2651328921-349090659-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.derex.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3929073943-2651328921-349090659-1000 -> {E21D77B7-D886-49B6-8EDC-ADF4B6705723} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3929073943-2651328921-349090659-1002 -> {E21D77B7-D886-49B6-8EDC-ADF4B6705723} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
Toolbar: HKU\S-1-5-21-3929073943-2651328921-349090659-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3929073943-2651328921-349090659-1002 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3929073943-2651328921-349090659-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
 
FireFox:
========
FF ProfilePath: C:\Users\Second\AppData\Roaming\Mozilla\Firefox\Profiles\x55vv5ke.default
FF Homepage: hxxp://www.derex.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=685749&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-31]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Second\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Second\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-14]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Second\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-08-30]
CHR Extension: (Google Search) - C:\Users\Second\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Second\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Second\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Gmail) - C:\Users\Second\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1930608 2015-04-05] (Electronic Arts)
R2 USBMIDIAudioDevMon; C:\Program Files\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
S3 WinHttpAutoProxySvc; winhttp.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetn62.sys [53872 2011-04-08] (VIA Technologies, Inc.              )
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [170248 2010-04-13] (M-Audio)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 RTCore32; C:\Program Files\MSI Afterburner\RTCore32.sys [5632 2013-03-10] () [File not signed]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-13 12:06 - 2015-09-13 12:06 - 00985600 _____ C:\Users\Second\Downloads\MicrosoftFixit50123 (1).msi
2015-09-13 12:04 - 2015-09-13 12:04 - 00985600 _____ C:\Users\Second\Downloads\MicrosoftFixit50123.msi
2015-09-13 11:20 - 2015-09-13 11:25 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-09-13 11:00 - 2015-09-13 11:00 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-13 11:00 - 2015-09-13 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-13 10:15 - 2015-09-13 10:15 - 00000000 ____D C:\Users\Second\Desktop\farbarBU
2015-09-13 09:37 - 2015-09-13 09:37 - 00000000 ____D C:\ProgramData\382a8fda00000e59
2015-09-13 07:45 - 2015-09-13 07:45 - 00002749 _____ C:\Users\Second\AppData\Local\recently-used.xbel
2015-09-12 23:42 - 2015-09-12 23:42 - 00000000 ____D C:\ProgramData\Nero
2015-09-12 21:37 - 2015-09-12 21:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-12 21:19 - 2015-09-12 21:19 - 00000000 ____D C:\Users\Second\Desktop\Old Firefox Data
2015-09-12 21:16 - 2015-09-12 23:39 - 00000000 ____D C:\Users\Second\Desktop\mal
2015-09-12 13:54 - 2015-09-13 15:42 - 00000000 ____D C:\Users\Second\Desktop\ferbar
2015-09-12 13:53 - 2015-09-13 16:27 - 00000000 ____D C:\FRST
2015-09-12 13:27 - 2015-09-12 13:27 - 00000000 ____D C:\Program Files\ESET
2015-09-11 23:56 - 2015-09-12 16:55 - 00000000 ____D C:\Users\Second\Desktop\ProcessExplorer
2015-09-11 23:55 - 2015-09-11 23:55 - 01186640 _____ C:\Users\Second\Downloads\ProcessExplorer.zip
2015-09-11 22:59 - 2015-09-12 16:55 - 00000000 ____D C:\Users\Second\Desktop\lastactivityview
2015-09-11 22:59 - 2015-09-11 22:59 - 00071823 _____ C:\Users\Second\Downloads\lastactivityview.zip
2015-09-09 01:37 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 01:36 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 01:36 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 01:36 - 2015-09-01 19:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 01:36 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 01:36 - 2015-09-01 18:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 01:36 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 01:36 - 2015-08-27 10:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 01:36 - 2015-08-27 10:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 01:36 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 01:36 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 01:36 - 2015-08-05 10:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 01:36 - 2015-08-04 10:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 01:36 - 2015-08-04 10:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 01:36 - 2015-08-04 10:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 01:36 - 2015-08-04 10:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 01:36 - 2015-08-04 10:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 01:36 - 2015-08-04 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 01:35 - 2015-07-22 10:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 01:35 - 2015-07-22 10:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 01:35 - 2015-07-22 10:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 01:35 - 2015-07-22 10:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 01:35 - 2015-07-22 10:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 01:35 - 2015-07-22 10:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 01:35 - 2015-07-22 10:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 01:35 - 2015-07-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 01:35 - 2015-07-22 10:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 01:35 - 2015-07-22 10:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 01:35 - 2015-07-22 10:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 01:35 - 2015-07-22 10:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 01:35 - 2015-07-22 10:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 01:35 - 2015-07-22 10:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 01:35 - 2015-07-22 09:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 01:35 - 2015-07-22 09:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 01:35 - 2015-07-22 09:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 01:35 - 2015-07-22 09:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 01:34 - 2015-08-17 18:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 01:34 - 2015-08-14 23:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 01:34 - 2015-08-14 22:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 01:34 - 2015-08-14 22:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 01:34 - 2015-08-14 22:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 01:34 - 2015-08-14 22:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 01:34 - 2015-08-14 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 01:34 - 2015-08-14 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 01:34 - 2015-08-14 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 01:34 - 2015-08-14 22:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 01:34 - 2015-08-14 22:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 01:34 - 2015-08-14 22:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 01:34 - 2015-08-14 22:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 01:34 - 2015-08-14 22:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 01:34 - 2015-08-14 22:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 01:34 - 2015-08-14 22:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 01:34 - 2015-08-14 22:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 01:34 - 2015-08-14 22:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 01:34 - 2015-08-14 22:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 01:34 - 2015-08-14 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 01:34 - 2015-08-14 22:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 01:34 - 2015-08-14 22:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 01:34 - 2015-08-14 22:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 01:34 - 2015-08-14 22:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 01:34 - 2015-08-14 22:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 01:34 - 2015-08-14 22:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 01:34 - 2015-08-14 22:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 01:34 - 2015-08-14 22:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 01:34 - 2015-08-14 22:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 01:34 - 2015-08-14 21:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 01:34 - 2015-08-14 21:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 01:34 - 2015-08-14 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 01:34 - 2015-07-09 10:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 01:34 - 2015-07-09 10:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 01:32 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 01:32 - 2015-06-25 02:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 01:32 - 2015-06-25 02:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 01:32 - 2015-06-25 02:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 01:25 - 2015-08-26 10:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 01:25 - 2015-08-26 10:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 01:25 - 2015-08-26 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 01:25 - 2015-08-26 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 01:25 - 2015-08-26 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 01:25 - 2015-08-26 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 01:25 - 2015-08-26 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 01:25 - 2015-08-26 10:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 01:25 - 2015-08-26 10:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 01:25 - 2015-08-26 10:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 01:25 - 2015-08-26 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 12:45 - 2015-09-08 12:45 - 00000000 ____D C:\Users\Second\AppData\Roaming\Wargaming.net
2015-09-07 13:52 - 2015-09-12 23:49 - 00000000 ____D C:\Games
2015-09-07 13:50 - 2015-09-07 13:51 - 06075880 _____ (Wargaming.net ) C:\Users\Second\Downloads\WoT_internet_install_na.exe
2015-09-05 14:45 - 2015-09-05 16:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-05 14:43 - 2015-09-13 11:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\Users\Second\Desktop\gab2.band
2015-09-01 17:42 - 2015-09-13 11:42 - 00000342 _____ C:\Windows\Tasks\Superclean.job
2015-09-01 17:42 - 2015-09-13 05:42 - 00000000 ____D C:\ProgramData\{033f4a0c-ce7d-751b-033f-f4a0cce72833}
2015-08-31 03:04 - 2015-08-31 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2015-08-31 03:03 - 2010-04-24 05:00 - 00272384 _____ (CANON INC.) C:\Windows\system32\CNMLMA0.DLL
2015-08-31 03:01 - 2009-04-03 16:00 - 01310720 _____ (CANON INC.) C:\Windows\system32\CNC560C.dll
2015-08-31 03:01 - 2009-04-03 15:59 - 00110592 _____ (CANON INC.) C:\Windows\system32\CNC560I.dll
2015-08-31 03:01 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC560U.dll
2015-08-31 03:01 - 2009-03-19 14:38 - 00303104 _____ (CANON INC.) C:\Windows\system32\CNC560L.dll
2015-08-31 03:01 - 2009-02-16 12:19 - 00012800 _____ C:\Windows\system32\CNC173ED.TBL
2015-08-26 17:47 - 2015-08-26 17:48 - 00000000 ____D C:\Program Files\QuickTime
2015-08-26 17:47 - 2015-08-26 17:47 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-26 17:47 - 2015-08-26 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-26 17:43 - 2015-08-26 17:43 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-26 17:43 - 2015-08-26 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-26 17:42 - 2015-08-26 17:42 - 00000000 ____D C:\Program Files\iPod
2015-08-23 01:07 - 2015-09-13 16:18 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-23 01:07 - 2015-09-13 15:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 17:23 - 2015-08-16 18:26 - 00011561 _____ C:\Users\Second\Downloads\Rental SS.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-13 16:19 - 2014-10-07 16:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-13 16:02 - 2009-07-13 21:34 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-13 16:02 - 2009-07-13 21:34 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-13 15:54 - 2010-11-22 15:17 - 00000378 _____ C:\Windows\Tasks\AWC AutoSweep.job
2015-09-13 15:53 - 2012-06-19 16:21 - 00039185 _____ C:\Windows\setupact.log
2015-09-13 15:53 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-13 15:52 - 2009-11-27 10:37 - 01620927 _____ C:\Windows\WindowsUpdate.log
2015-09-13 14:31 - 2012-09-25 14:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-13 13:54 - 2014-11-02 20:14 - 00168960 ___SH C:\Users\Second\Desktop\Thumbs.db
2015-09-13 13:53 - 2009-11-27 11:08 - 00081432 _____ C:\Users\Second\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-13 13:51 - 2012-07-23 15:20 - 00059892 _____ C:\Windows\PFRO.log
2015-09-13 13:47 - 2009-07-13 21:33 - 00330824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-13 13:43 - 2009-11-27 12:30 - 00000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2015-09-13 13:42 - 2009-11-27 12:33 - 00000000 ____D C:\Program Files\Common Files\Intuit
2015-09-13 13:31 - 2009-11-27 12:55 - 00000000 ____D C:\ProgramData\ScanSoft
2015-09-13 13:16 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-09-13 12:25 - 2009-07-13 19:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-13 11:40 - 2009-11-27 10:54 - 00786514 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-13 11:25 - 2012-06-21 17:03 - 00001945 _____ C:\Windows\epplauncher.mif
2015-09-13 11:19 - 2013-04-15 17:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-13 11:17 - 2013-04-15 16:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-09-13 10:59 - 2015-04-22 19:18 - 00000000 ____D C:\Program Files\Google
2015-09-13 10:58 - 2009-11-27 11:46 - 00000000 ____D C:\Users\Second\AppData\Local\Deployment
2015-09-13 10:52 - 2009-11-27 11:47 - 00000000 ____D C:\Users\Second\AppData\Local\Google
2015-09-13 09:11 - 2014-11-03 09:36 - 00000000 ____D C:\Users\Second\.gimp-2.8
2015-09-13 07:45 - 2014-11-03 09:53 - 00000000 ____D C:\Users\Second\AppData\Local\gtk-2.0
2015-09-13 02:28 - 2009-11-27 11:12 - 00000354 _____ C:\Windows\Tasks\Driver Robot.job
2015-09-12 23:59 - 2009-11-27 10:48 - 00000000 ____D C:\Users\Second
2015-09-12 23:57 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-12 23:55 - 2015-08-11 19:20 - 00000000 ____D C:\ProgramData\coklppedjgpgjmnademmehggkjgcdgfe
2015-09-12 23:55 - 2015-07-26 08:38 - 00000000 ____D C:\ProgramData\jpimedpeebkgfpbbpidmkoillhidflej
2015-09-12 23:55 - 2015-04-05 03:05 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-12 23:55 - 2015-03-26 07:18 - 00000000 ____D C:\ProgramData\5423373218231298308
2015-09-12 23:55 - 2015-03-05 20:23 - 00000000 ____D C:\ProgramData\{c68ce42a-1cac-34f9-c68c-ce42a1ca90a8}
2015-09-12 23:55 - 2015-02-19 00:31 - 00000000 ____D C:\Multimedia Files
2015-09-12 23:55 - 2014-11-02 18:31 - 00000000 ____D C:\WINGROOV
2015-09-12 23:55 - 2014-10-25 14:04 - 00000000 ____D C:\Users\Tony Hurst
2015-09-12 23:55 - 2011-11-21 15:31 - 00000000 ____D C:\ProgramData\IObit
2015-09-12 23:55 - 2010-01-07 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-09-12 23:55 - 2010-01-07 14:49 - 00000000 ____D C:\Program Files\Common Files\Nero
2015-09-12 23:55 - 2009-11-27 12:46 - 00000000 ____D C:\ProgramData\PC Tools
2015-09-12 23:55 - 2009-11-27 12:33 - 00000000 ____D C:\ProgramData\Intuit
2015-09-12 23:55 - 2009-11-27 12:30 - 00000000 ____D C:\ProgramData\SQL Anywhere 10
2015-09-12 23:55 - 2009-11-27 11:51 - 00000000 ____D C:\ProgramData\FLEXnet
2015-09-12 23:55 - 2009-11-27 11:34 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-12 23:55 - 2009-07-13 21:52 - 00000000 ____D C:\Windows\Performance
2015-09-12 23:55 - 2009-07-13 19:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-12 23:54 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\registration
2015-09-12 23:52 - 2014-11-02 12:39 - 00000000 ___RD C:\Users\Second\Documents\555
2015-09-12 23:52 - 2009-11-27 11:10 - 00000000 ____D C:\Users\Second\AppData\Roaming\Adobe
2015-09-12 23:52 - 2009-11-27 11:09 - 00000000 ____D C:\Users\Second\AppData\Local\Mozilla
2015-09-12 23:51 - 2009-11-27 11:38 - 00000000 ____D C:\ProgramData\Adobe
2015-09-12 23:50 - 2009-11-27 11:37 - 00000000 ____D C:\Program Files\Adobe
2015-09-12 23:49 - 2015-03-08 17:56 - 00000000 ____D C:\NVIDIA
2015-09-12 23:04 - 2011-12-13 16:50 - 00007607 _____ C:\Users\Second\AppData\Local\Resmon.ResmonCfg
2015-09-12 17:56 - 2015-02-02 19:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-09 17:57 - 2014-12-27 23:17 - 00000000 ____D C:\Program Files\Origin Games
2015-09-09 03:30 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 03:25 - 2009-11-27 11:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 03:19 - 2013-08-28 17:07 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 20:23 - 2010-11-22 15:17 - 00000390 _____ C:\Windows\Tasks\AWC Update.job
2015-08-31 03:04 - 2009-11-27 12:52 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-08-31 03:02 - 2009-07-13 21:52 - 00000000 ____D C:\Windows\twain_32
2015-08-26 18:36 - 2009-12-01 10:23 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-26 17:43 - 2015-03-01 21:22 - 00000000 ____D C:\Program Files\iTunes
2015-08-26 17:42 - 2015-03-01 21:19 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-23 00:46 - 2015-03-09 17:37 - 00000000 ____D C:\mywork
2015-08-23 00:36 - 2015-07-26 18:03 - 00000024 _____ C:\Users\Second\AppData\Roaming\appdataFr25.bin
2015-08-22 20:05 - 2014-10-28 17:53 - 00000000 ____D C:\Users\Second\Documents\VitalRecords
2015-08-19 03:21 - 2009-07-13 21:53 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-14 21:44 - 2014-12-28 22:12 - 00000000 __SHD C:\Users\Second\AppData\Local\EmieBrowserModeList
2015-08-14 21:44 - 2014-06-02 16:09 - 00000000 __SHD C:\Users\Second\AppData\Local\EmieUserList
2015-08-14 21:44 - 2014-06-02 16:09 - 00000000 __SHD C:\Users\Second\AppData\Local\EmieSiteList
 
==================== Files in the root of some directories =======
 
2013-03-01 17:10 - 2013-03-01 17:10 - 0037607 _____ () C:\Program Files\Common Files\license.rtf
2003-10-19 08:32 - 2003-10-19 08:32 - 0041042 _____ (4N Systems) C:\Program Files\Common Files\ModBus.dll
2009-06-01 08:03 - 2009-06-01 08:03 - 0106496 _____ (4N Systems) C:\Program Files\Common Files\Serial.dll
2003-10-19 08:33 - 2003-10-19 08:33 - 0057426 _____ (4N Systems) C:\Program Files\Common Files\SerMon.dll
2013-03-01 17:10 - 2013-03-01 17:10 - 0008046 _____ () C:\Program Files\Common Files\setupBanner.jpg
2015-07-26 18:03 - 2015-08-23 00:36 - 0000024 _____ () C:\Users\Second\AppData\Roaming\appdataFr25.bin
2015-03-25 23:00 - 2015-04-20 21:49 - 0000020 _____ () C:\Users\Second\AppData\Roaming\appdataFr3.bin
2014-11-03 09:01 - 2015-08-04 21:44 - 0012800 _____ () C:\Users\Second\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-13 07:45 - 2015-09-13 07:45 - 0002749 _____ () C:\Users\Second\AppData\Local\recently-used.xbel
2011-12-13 16:50 - 2015-09-12 23:04 - 0007607 _____ () C:\Users\Second\AppData\Local\Resmon.ResmonCfg
2015-04-20 17:38 - 2015-04-20 17:38 - 0004706 _____ () C:\Users\Second\AppData\Local\Temp-log.txt
2015-02-02 19:51 - 2015-02-02 20:08 - 0000112 _____ () C:\ProgramData\8yp8ccC.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2015-09-11 06:24
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-09-2015
Ran by Second (2015-09-12 13:57:28)
Running from C:\Users\Second\Desktop\ferbar
Windows 7 Home Premium Service Pack 1 (X86) (2009-11-27 17:48:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3929073943-2651328921-349090659-500 - Administrator - Disabled)
Guest (S-1-5-21-3929073943-2651328921-349090659-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3929073943-2651328921-349090659-1004 - Limited - Enabled)
QBDataServiceUser19 (S-1-5-21-3929073943-2651328921-349090659-1001 - Limited - Enabled) => C:\Users\QBDataServiceUser19
Second (S-1-5-21-3929073943-2651328921-349090659-1000 - Administrator - Enabled) => C:\Users\Second
Tony Hurst (S-1-5-21-3929073943-2651328921-349090659-1005 - Administrator - Enabled) => C:\Users\Tony Hurst
UpdatusUser (S-1-5-21-3929073943-2651328921-349090659-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Anvil Studio 2012 (HKLM\...\{DFB917CC-9845-4100-BF48-FB7AB80650F7}) (Version: 13.03.01 - Willow Software)
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
BASSMIDI System Synth (HKLM\...\BASSMIDI System Synth) (Version: - )
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Bitser (HKLM\...\{0DB00492-6CE7-4523-B987-B92245B26D20}) (Version: 1.3.0 - Bitser)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - )
Canon MX700 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series) (Version: - )
Canon MX700 series User Registration (HKLM\...\Canon MX700 series User Registration) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DarkWave Studio 4.5.0 (HKLM\...\DarkWave Studio) (Version: 4.5.0 - ExperimentalScene)
DNS Unlocker version 1.4 (HKLM\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3929073943-2651328921-349090659-1002\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
IndepthSystem (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{b28905ee}) (Version: - Software Publisher) <==== ATTENTION
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
J2SE Development Kit 5.0 Update 9 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0150090}) (Version: 1.5.0.90 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 9 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150090}) (Version: 1.5.0.90 - Sun Microsystems, Inc.)
M-Audio USB MIDI Series Driver 5.0.1 (x86) (HKLM\...\{9CEB8FDB-3F03-4B5F-A14C-33F8924CEE7E}) (Version: 5.0.1 - M-Audio)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft GIF Animator (HKLM\...\GIF Animator) (Version: - )
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOK) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.1.5 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Performance (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
QuickBooks (Version: 19.0.4014.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.2.1 - Reimage) <==== ATTENTION
ScanSoft OmniPage SE 4 (HKLM\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SimCity 2000 Special Edition (HKLM\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Sims 3 - Fem Micro Bikini 1 (HKLM\...\xSIMS_TS3_Fem_Micro_Bikini_01) (Version: - )
Sims 3 - Fem Nude Skins (HKLM\...\xSIMS_Fem_Nude_Skins) (Version: - )
Sims 3 - Fem Suspenders Set 1 (HKLM\...\xSIMS_TS3_Fem_Suspenders_Set_1) (Version: - )
Sims 3 - Fem Swimsuit 1 (HKLM\...\xSIMS_TS3_Fem_Swimsuit_1) (Version: - )
Sims 3 - G-String Swaro 1 (HKLM\...\xSIMS_TS3_G-String_Swaro_01) (Version: - )
Sims 3 - Nude Censor Remover (HKLM\...\xSIMS_Censor_Remover_TS3) (Version: - )
Sims 3 - Nude Clothes Females (HKLM\...\xSIMS_Nude_Clothes_Females) (Version: - )
Subtextual for Microsoft Office Outlook (HKLM\...\{617B6FC1-A70A-4D64-B6BB-438FEB060578}) (Version: 1.0.3 - Subtextual)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
UltraLink (Revision M) (HKLM\...\{9E007389-42F5-4206-9A97-0BC41BFFE842}) (Version: 2.15.9294 - Racine Federated Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Vortex Flow Meter Sizing Utility (HKLM\...\{9145915A-4DE8-4D49-A972-DFD4E6DDE494}) (Version: 4.03.0000 - Racine Federated Inc)
WebM Project Directshow Filters (HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {085B948E-8B3F-48FB-A29D-3F6B402DBC7D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {151A2A27-1435-4FCB-9B4A-89E1D2CCCC5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {408CD245-288B-4748-80A5-CD625C25F444} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {610AF85A-33AE-485D-9221-9429C7E96AB2} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {7CDE05C8-66DB-4788-98AF-18EF7C675409} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {AD7CB4A7-97E7-478B-9960-9D082A1EAF39} - System32\Tasks\{C5E5F37F-0423-4CBE-9634-D021DF47E19C} => pcalua.exe -a "C:\Users\Second\Downloads\ASIO4ALL_2_12_English (1).exe" -d C:\Users\Second\Downloads
Task: {AEB9E3A6-76C3-4553-9602-9F65E5AC5DDA} - System32\Tasks\Driver Robot => C:\Program Files\Driver Robot\1.2.0.1\DriverRobot.exe
Task: {BF2BC4DD-C6FC-4970-A4D1-C7E62AD7DB98} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {FE5FC1F4-77C8-43BB-89C0-27740B148AD1} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.2.0.1\DriverRobot.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-15 17:00 - 2013-01-31 02:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-09 19:25 - 2015-09-09 19:25 - 02365952 _____ () c:\Program Files\IndepthSystem\IndepthSystem.dll
2015-09-02 15:21 - 2015-08-27 17:17 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-02 15:21 - 2015-08-27 17:17 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3929073943-2651328921-349090659-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3929073943-2651328921-349090659-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Second\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.203.131.145 - 82.163.143.167
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Google Update => "C:\Users\Second\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{74DC084E-7E9D-4626-B957-5BFEA4B804CF}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe
FirewallRules: [UDP Query User{DAF16DDF-9E2B-46B4-AD0A-B04FFBE7DC9F}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe
FirewallRules: [{A1B2DECD-E669-4DC3-91F3-3D2AE60AC9E9}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{FCA9D698-AD20-43DE-AC66-C5EEE4D17A0F}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [TCP Query User{00FE0586-6C92-40D1-929C-FFA04DD73A6D}C:\users\second\appdata\local\crossloop\crossloopconnect.exe] => (Block) C:\users\second\appdata\local\crossloop\crossloopconnect.exe
FirewallRules: [UDP Query User{2A32D466-3004-47A9-A2C3-BA84E98BA318}C:\users\second\appdata\local\crossloop\crossloopconnect.exe] => (Block) C:\users\second\appdata\local\crossloop\crossloopconnect.exe
FirewallRules: [{E2DD015D-2C2F-43D9-8460-2FB65ED6609C}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8534A842-E501-422A-8A08-1060E735CA19}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6BBC6BBA-1656-484E-8823-95AB92E87E43}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C00909EB-3777-49BF-BEB4-DB4D983AECA6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{2756FD73-75B6-44AA-8098-688878B9A8BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{AAD8CED5-7BAA-4B90-94A1-B9A046018E3B}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{272C945A-AE3B-405F-95D5-0D8E91739717}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{6BD85DC8-E1EF-44F5-BFAE-766CDF1F83A9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C9D8798B-A883-4A9B-9484-111C8F81FB60}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{DF9AEA82-69E4-4381-8994-FF318717C33E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{F4164B3E-4F26-4996-9ECA-45DE6443E36D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{18C67F79-C21D-4B52-968E-EAF0560C0611}] => (Allow) C:\Program Files\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{A12DB02B-C654-45D3-A252-72ADE2F21FAC}] => (Allow) C:\Program Files\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{7704AFD7-BACC-40CC-9005-AAD7934459F1}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FCD05169-3DD3-4908-AF1C-EE07C8C291BA}] => (Allow) LPort=2869
FirewallRules: [{9AAC8249-0470-4EA2-9CD1-E98B4D8B9859}] => (Allow) LPort=1900
FirewallRules: [{2BE6ACC6-3047-4727-BBDD-E0EB4C8814AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C053715-E740-4478-933A-6F5B4F7DC176}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{D8F452C5-E8F5-49D6-9CD8-E728B94E3956}C:\program files\processing-2.2.1\java\bin\java.exe] => (Allow) C:\program files\processing-2.2.1\java\bin\java.exe
FirewallRules: [UDP Query User{1C5D453F-8720-41FB-8523-86C518E32445}C:\program files\processing-2.2.1\java\bin\java.exe] => (Allow) C:\program files\processing-2.2.1\java\bin\java.exe
FirewallRules: [TCP Query User{D164FB74-D628-49AB-B95E-9331F8A52DBC}C:\program files\processing-2.2.1\java\bin\javaw.exe] => (Allow) C:\program files\processing-2.2.1\java\bin\javaw.exe
FirewallRules: [UDP Query User{DD1D68E2-E4AC-4B27-AD91-D34229DF8B22}C:\program files\processing-2.2.1\java\bin\javaw.exe] => (Allow) C:\program files\processing-2.2.1\java\bin\javaw.exe
FirewallRules: [{90BFDE83-B2A1-4A8D-A645-39B6E6ADC0F4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2F7B8246-B6F9-40E3-A937-709CBBDDA971}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{30D444F3-A867-4317-AC61-9F3F1C7C513C}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AE0139AA-66DC-4A84-BFF6-96B3AC2471B2}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2015 09:18:01 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)

Error: (09/11/2015 07:58:53 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)

Error: (09/06/2015 11:23:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945712
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a69d9f
Exception code: 0xc0000005
Fault offset: 0x00032228
Faulting process id: 0x488
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (09/06/2015 08:04:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945712
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a69d9f
Exception code: 0xc0000005
Fault offset: 0x00032228
Faulting process id: 0xe9c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (09/01/2015 09:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.2.2.25, time stamp: 0x55cc527e
Faulting module name: ole32.dll, version: 6.1.7601.18915, time stamp: 0x55981b9e
Exception code: 0xc0000005
Fault offset: 0x0003bd41
Faulting process id: 0xdc8
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

Error: (08/26/2015 10:22:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.2.2.25, time stamp: 0x55cc527e
Faulting module name: iTunesCore.dll, version: 12.2.2.25, time stamp: 0x55cc526a
Exception code: 0xc0000005
Fault offset: 0x0099d13f
Faulting process id: 0xd1c
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

Error: (08/26/2015 10:22:34 PM) (Source: NVIDIA OpenGL Driver) (EventID: 1) (User: )
Description: The NVIDIA OpenGL driver detected a problem with the display
driver and is unable to continue. The application must close.


Error code: 3
Visit http://www.nvidia.com/page/support.html for more information.

Error: (08/23/2015 01:00:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "44.0.2403.157,language="*",type="win32",version="44.0.2403.157"1".
Dependent Assembly 44.0.2403.157,language="*",type="win32",version="44.0.2403.157" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2015 12:59:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "44.0.2403.157,language="*",type="win32",version="44.0.2403.157"1".
Dependent Assembly 44.0.2403.157,language="*",type="win32",version="44.0.2403.157" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2015 12:59:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "44.0.2403.157,language="*",type="win32",version="44.0.2403.157"1".
Dependent Assembly 44.0.2403.157,language="*",type="win32",version="44.0.2403.157" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/12/2015 05:23:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Winmgmt service which failed to start because of the following error:
%%126

Error: (09/12/2015 05:23:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Winmgmt service terminated with the following error:
%%126

Error: (09/12/2015 05:21:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/12/2015 05:21:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon

Error: (09/12/2015 05:21:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Winmgmt service terminated with the following error:
%%126

Error: (09/12/2015 05:21:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Vivid Awareness service failed to start due to the following error:
%%2

Error: (09/12/2015 05:21:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Active File Monitor V6 service failed to start due to the following error:
%%1053

Error: (09/12/2015 05:21:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V6 service to connect.

Error: (09/12/2015 05:20:27 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/12/2015 05:20:21 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


Microsoft Office:
=========================
Error: (04/15/2015 05:48:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/26/2015 06:49:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/01/2015 12:40:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3152 seconds with 2700 seconds of active time. This session ended with a crash.

Error: (01/24/2015 12:26:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2138 seconds with 840 seconds of active time. This session ended with a crash.

Error: (12/22/2014 10:45:57 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23435 seconds with 4560 seconds of active time. This session ended with a crash.

Error: (11/03/2014 01:57:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11375 seconds with 4200 seconds of active time. This session ended with a crash.

Error: (09/17/2013 03:46:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 267 seconds with 180 seconds of active time. This session ended with a crash.

Error: (01/19/2010 12:36:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6669 seconds with 660 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3400+
Percentage of memory in use: 61%
Total physical RAM: 2046.55 MB
Available physical RAM: 796.75 MB
Total Virtual: 4093.11 MB
Available Virtual: 2177.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.64 GB) (Free:10.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 222.6 GB) (Disk ID: ABACC689)
Partition 1: (Active) - (Size=222.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 13 September 2015 - 09:04 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 AM

Posted 13 September 2015 - 09:19 PM

Greetings TheSmokingMan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Are you in Israel?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-3929073943-2651328921-349090659-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3929073943-2651328921-349090659-1002 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-3929073943-2651328921-349090659-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Second\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Second\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3929073943-2651328921-349090659-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Folder: C:\ProgramData\{033f4a0c-ce7d-751b-033f-f4a0cce72833}
Folder: C:\ProgramData\jpimedpeebkgfpbbpidmkoillhidflej
Folder: C:\ProgramData\coklppedjgpgjmnademmehggkjgcdgfe
cmd: ipconfig /flushdns
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

IndepthSystem

  • Reboot your computer
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you in Israel?
  • Fixlog
  • Did the program uninstall?
  • FSS log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 AM

Posted 16 September 2015 - 10:07 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:26 AM

Posted 18 September 2015 - 08:15 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users