Solved Audio issues

Well, I started to re-run Farbar Recovery Scan Tool and it appeared to begin to scan, then it stopped during "Scanning Devices" (orange bars stopped moving and I my cursor turns into an hourglass when I mouse-over the FRST window). It's been about 25 minutes since I started FRST so I'm going to have to Ctrl-Alt-Delete my way out of this, and take a break from the computer.

Thanks for trying to help me. I will check back later to see if you've posted anything new.

Can you give me any indication as to where we're at with all of this? Am I badly infected?

Randy

 

OK, restarting my computer was the ticket.
Here is FRST.txt :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Randy (administrator) on RANDY-821A2FC76 (05-09-2015 18:49:27)
Running from C:\Documents and Settings\Randy\My Documents\Downloads
Loaded Profiles: Randy (Available Profiles: Randy & UpdatusUser & Mary Kay & Sofia & Papa & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM Group Policy restriction on software: %localAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-10] (AVAST Software)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2015-04-15] (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60CF82EE-E530-49B9-87AF-DE2029CC503E}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{60CF82EE-E530-49B9-87AF-DE2029CC503E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-117609710-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-117609710-2000478354-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-117609710-2000478354-725345543-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-117609710-2000478354-725345543-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-10] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-117609710-2000478354-725345543-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311448594859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\Comcat.dll [1996-10-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLAUNCH.dll [2008-01-08] (PagePath Technologies, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Randy\Application Data\mozilla\plugins\ieatgpc.dll [2012-02-22] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Randy\Application Data\mozilla\plugins\npatgpc.dll [2012-02-22] (Cisco WebEx LLC)
FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2015-08-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-10]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ ", "https://webmail.earthlink.net/ "
CHR Profile: C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Video AdBlock for Chrome) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-08-25]
CHR Extension: (Dizziness Support Group of WNY - Prov...) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efpgfafnibbifjojlbdhplfkafmcocho [2015-07-23]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-10]
CHR HKU\S-1-5-21-117609710-2000478354-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-09-02] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-10] (AVAST Software)
R2 Freemake Improver; C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-06-18] (Freemake) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-08-01] (Malwarebytes Corporation)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-08-05] (Cisco Systems, Inc.) [File not signed]
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1197740 2003-09-23] (Agere Systems) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-10] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-10] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-10] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 JL2005C; C:\WINDOWS\System32\Drivers\jl2005c.sys [68762 2008-03-11] (Windows (R) 2000 DDK provider) [File not signed]
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
S3 m4301a; C:\WINDOWS\System32\DRIVERS\m4301A.sys [141990 2004-12-21] (ALinx Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-08-01] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RTL8192su; C:\WINDOWS\System32\DRIVERS\RTL8192su.sys [594048 2009-11-13] (Realtek Semiconductor Corporation ) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\System32\drivers\WsAudioDevice_383.sys [16640 2011-11-17] (Wondershare) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Randy\LOCALS~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-06-11] (Kaspersky Lab ZAO)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 15:57 - 2015-09-05 18:49 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\Sofia\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\Sofia.RANDY-821A2FC76\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\Papa\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\Mary Kay\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-09-05 15:57 - 2015-09-05 15:57 - 00000000 ____D C:\Documents and Settings\Administrator.RANDY-821A2FC76\Local Settings\temp
2015-09-05 15:56 - 2015-09-05 15:56 - 00026639 ____C C:\ComboFix.txt
2015-09-05 15:42 - 2015-09-05 15:42 - 00027481 ____C C:\ComboFix-1.txt
2015-09-05 15:21 - 2015-09-05 15:25 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-09-05 13:17 - 2015-09-05 13:17 - 00000000 RSHDC C:\cmdcons
2015-09-05 13:17 - 2015-08-26 14:56 - 00000211 ____C C:\Boot.bak
2015-09-05 13:17 - 2004-08-03 23:00 - 00260272 _RSHC C:\cmldr
2015-09-05 13:13 - 2015-09-05 15:57 - 00000000 ___DC C:\Qoobox
2015-09-05 13:13 - 2015-09-05 15:22 - 00000000 ____D C:\WINDOWS\erdnt
2015-09-05 13:13 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-09-05 13:13 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-09-05 13:13 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-09-05 13:13 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-09-05 13:13 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-09-05 13:13 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-09-05 13:13 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-09-05 13:13 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-09-05 13:13 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-09-05 13:11 - 2015-09-05 13:11 - 05635231 ____R (Swearware) C:\Documents and Settings\Randy\Desktop\ComboFix.exe
2015-09-04 21:05 - 2015-09-04 21:05 - 00000403 _____ C:\WINDOWS\wmsetup.log
2015-09-04 20:49 - 2015-09-04 20:49 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\Logs from Scans
2015-09-03 10:08 - 2015-09-03 10:08 - 00003518 _____ C:\Documents and Settings\Randy\Desktop\rk_1099.tmp
2015-09-02 23:30 - 2015-09-02 23:30 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-02 23:29 - 2015-09-03 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-09-02 22:13 - 2015-09-02 22:13 - 00000000 ____D C:\Program Files\ESET
2015-09-02 18:50 - 2015-09-02 18:50 - 00019617 _____ C:\WINDOWS\Wdf01009Inst.log
2015-09-02 18:49 - 2015-08-10 21:56 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-02 15:40 - 2015-09-02 15:40 - 00000232 _____ C:\Documents and Settings\Randy\Desktop\Shortcut to Realtek HD Sound Effect Manager.lnk
2015-09-02 15:38 - 2015-09-02 15:39 - 00006790 _____ C:\WINDOWS\FaxSetup.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00006334 _____ C:\WINDOWS\iis6.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00004716 _____ C:\WINDOWS\ocgen.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00004591 _____ C:\WINDOWS\tsoc.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00002492 _____ C:\WINDOWS\comsetup.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00001891 _____ C:\WINDOWS\imsins.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00001805 _____ C:\WINDOWS\ntdtcsetup.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00001592 _____ C:\WINDOWS\netfxocm.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00000719 _____ C:\WINDOWS\MedCtrOC.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00000430 _____ C:\WINDOWS\msgsocm.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00000425 _____ C:\WINDOWS\ocmsn.log
2015-09-02 15:38 - 2015-09-02 15:39 - 00000311 _____ C:\WINDOWS\tabletoc.log
2015-09-02 15:38 - 2015-09-02 15:38 - 00001864 _____ C:\WINDOWS\msmqinst.log
2015-09-02 15:38 - 2015-09-02 15:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-02 15:38 - 2015-09-02 15:38 - 00000000 _____ C:\WINDOWS\setupact.log
2015-09-02 15:09 - 2008-09-24 10:40 - 04122368 ____R (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\alcxwdm.sys
2015-09-02 15:09 - 2006-12-08 15:20 - 10528768 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTLCPL.exe
2015-09-02 15:09 - 2006-10-18 02:53 - 00147456 _____ () C:\WINDOWS\system32\RtlCPAPI.dll
2015-09-02 15:09 - 2002-02-05 13:54 - 00141016 _____ C:\WINDOWS\system32\alsndmgr.wav
2015-09-02 15:08 - 2015-09-02 15:08 - 00000000 ____D C:\Program Files\Realtek AC97
2015-09-02 15:07 - 2006-07-31 11:27 - 00217088 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\alcrmv.exe
2015-09-02 15:07 - 2006-07-31 11:19 - 00315392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\alcupd.exe
2015-09-02 13:30 - 2015-09-02 18:50 - 00013821 _____ C:\WINDOWS\setupapi.log
2015-09-01 23:21 - 2015-09-05 18:49 - 00000000 ___DC C:\FRST
2015-09-01 18:45 - 2015-09-01 18:46 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\Contents of Recycling Bin Sept 1 2015
2015-08-30 17:38 - 2015-08-30 17:38 - 00001685 _____ C:\Documents and Settings\Randy\Desktop\missing.reg
2015-08-29 16:37 - 2015-08-29 16:37 - 00000000 _____ C:\Documents and Settings\Randy\Desktop\New Text Document.txt
2015-08-28 22:14 - 2015-08-31 20:06 - 00000000 ____D C:\Program Files\File Download ActiveX
2015-08-28 22:09 - 2015-08-28 22:19 - 00001567 _____ C:\Documents and Settings\Randy\Desktop\missing.reg.reg
2015-08-28 09:56 - 2015-08-28 09:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-27 15:15 - 2015-08-27 15:15 - 00000730 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-08-27 15:15 - 2015-08-27 15:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-08-27 14:53 - 2015-08-27 14:53 - 00000000 _____ C:\Documents and Settings\Randy\dir
2015-08-27 14:38 - 2007-10-02 03:10 - 00000009 _____ C:\Documents and Settings\Randy\My Documents\run.bat
2015-08-27 14:09 - 2015-08-27 14:19 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\HUTIL for Samsung HDD
2015-08-26 23:30 - 2015-08-28 10:18 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2015-08-26 19:20 - 2015-08-26 19:20 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Macromedia
2015-08-26 18:30 - 2015-08-26 18:30 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2015-08-26 18:30 - 2015-08-26 18:30 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-08-26 15:28 - 2015-08-26 15:28 - 00000799 _____ C:\Documents and Settings\Randy\Start Menu\Programs\Windows Media Player.lnk
2015-08-25 22:37 - 2015-08-25 22:37 - 00000000 ____D C:\Documents and Settings\All Users\BackupNowEZ
2015-08-25 22:34 - 2015-08-25 22:34 - 00000933 _____ C:\Documents and Settings\Randy\Desktop\Should I Remove It.lnk
2015-08-25 22:34 - 2015-08-25 22:34 - 00000000 ____D C:\Program Files\Reason
2015-08-25 20:56 - 2015-08-25 20:56 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\MPC-HC
2015-08-25 19:31 - 2015-08-25 19:31 - 00000837 _____ C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
2015-08-25 19:31 - 2015-08-25 19:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2015-08-25 19:31 - 2015-08-24 14:00 - 00112128 _____ C:\WINDOWS\system32\ff_vfw.dll
2015-08-25 19:31 - 2015-06-22 09:25 - 00240128 _____ C:\WINDOWS\system32\xvidvfw.dll
2015-08-25 19:31 - 2015-06-22 09:24 - 00655872 _____ C:\WINDOWS\system32\xvidcore.dll
2015-08-25 19:31 - 2015-02-28 11:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2015-08-25 19:31 - 2012-07-21 06:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-08-25 19:31 - 2011-12-07 13:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-08-25 19:31 - 2011-06-22 10:14 - 00000714 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2015-08-25 19:18 - 2015-08-25 19:18 - 00000000 ___DC C:\K-Lite Codec Pack Mega 1140
2015-08-25 19:15 - 2015-08-25 19:16 - 00000000 ___DC C:\Codecs from MeGUI
2015-08-23 08:56 - 2015-08-23 09:22 - 00000000 ___DC C:\Mom
2015-08-22 23:07 - 2015-08-22 23:09 - 00000000 ___DC C:\i386
2015-08-22 09:01 - 2015-08-22 09:01 - 00000000 ____D C:\Documents and Settings\Sofia.RANDY-821A2FC76\Application Data\Canon
2015-08-22 09:01 - 2015-08-22 09:01 - 00000000 ____D C:\Documents and Settings\Sofia.RANDY-821A2FC76\Application Data\AVAST Software
2015-08-20 15:52 - 2015-08-20 15:52 - 00000905 _____ C:\Documents and Settings\All Users\Desktop\WinX DVD Author.lnk
2015-08-20 15:52 - 2015-08-20 15:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinX DVD Author
2015-08-19 23:22 - 2015-09-05 18:42 - 00344262 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
2015-08-19 18:07 - 2015-08-19 18:07 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\Application Data\FreemakeVideoConverter
2015-08-19 18:06 - 2015-08-19 18:08 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Freemake
2015-08-19 18:05 - 2015-08-19 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Freemake
2015-08-19 18:05 - 2015-08-19 18:05 - 00000000 ____D C:\Program Files\Common Files\Freemake Shared
2015-08-19 18:05 - 2015-08-19 18:05 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\Freemake
2015-08-19 18:05 - 2015-08-19 18:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
2015-08-19 18:04 - 2015-08-19 18:05 - 00000000 ____D C:\Program Files\Freemake
2015-08-19 10:02 - 2015-08-19 10:04 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\Videos d-loaded
2015-08-18 23:43 - 2015-08-19 10:10 - 00001119 _____ C:\Documents and Settings\Randy\Application Data\burnaware.ini
2015-08-18 23:12 - 2015-08-20 12:59 - 00014205 _____ C:\Documents and Settings\Randy\My Documents\starburn.txt
2015-08-18 23:12 - 2015-08-20 12:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952011$
2015-08-18 23:09 - 2015-08-20 12:59 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Wondershare DVD Creator
2015-08-18 11:14 - 2015-08-21 11:55 - 00049664 ___SH C:\Documents and Settings\Randy\My Documents\Thumbs.db
2015-08-17 23:04 - 2015-08-25 19:21 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4A8353F3.sys
2015-08-13 18:07 - 2015-08-18 11:14 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\FB stuff
2015-08-12 12:11 - 2015-08-12 12:18 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-08-11 12:50 - 2015-09-05 18:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-11 12:50 - 2015-08-26 19:24 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-11 12:50 - 2015-08-26 19:24 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-10 22:20 - 2015-08-10 22:20 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\Application Data\Privatefirewall
2015-08-10 22:18 - 2015-08-10 22:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Privacyware
2015-08-10 21:58 - 2015-08-10 21:58 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\AVAST Software
2015-08-10 21:57 - 2015-09-02 18:50 - 00001700 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-08-10 21:57 - 2015-08-10 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-08-10 21:56 - 2015-09-05 18:45 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-10 21:56 - 2015-08-10 21:56 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-10 21:56 - 2015-08-10 21:56 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-10 21:54 - 2015-08-10 21:54 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-10 18:22 - 2015-08-10 18:23 - 00000000 ___DC C:\b51b393cbb54452c6a539ada5b55
2015-08-10 14:07 - 2015-08-22 09:21 - 00688246 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-2000478354-725345543-1007-0.dat
2015-08-09 22:11 - 2015-08-20 15:52 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Digiarty
2015-08-09 22:10 - 2015-08-20 15:52 - 00000000 ____D C:\Program Files\Digiarty
2015-08-09 21:21 - 2015-08-10 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft
2015-08-09 21:20 - 2015-08-10 16:54 - 00000000 ____D C:\Program Files\Anvisoft
2015-08-09 19:28 - 2015-09-05 18:48 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 19:28 - 2015-09-05 18:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 19:28 - 2015-09-05 18:43 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-09 19:28 - 2015-09-05 18:33 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job
2015-08-09 19:28 - 2015-09-04 20:33 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job
2015-08-09 19:28 - 2015-08-09 19:28 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-08-08 17:02 - 2015-08-08 17:02 - 00000000 ___DC C:\SUPERDelete
2015-08-08 16:58 - 2015-08-08 16:58 - 00000000 ___DC C:\AdvancedTechSupport
2015-08-08 16:48 - 2015-08-09 20:16 - 00065536 _____ C:\WINDOWS\system32\config\Nano.evt
2015-08-08 16:48 - 2015-08-09 19:30 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Panda Security
2015-08-08 16:47 - 2015-08-09 19:33 - 00000000 ____D C:\Program Files\Panda Security
2015-08-08 16:46 - 2015-08-09 19:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security
2015-08-08 15:52 - 2015-09-03 12:03 - 00000000 ___DC C:\AdwCleaner
2015-08-08 15:18 - 2015-08-08 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\support.com
2015-08-08 15:17 - 2015-08-08 15:17 - 00000000 ___DC C:\temp
2015-08-08 12:05 - 2015-08-08 22:50 - 00000000 ____D C:\Program Files\Common Files\supportdotcom
2015-08-08 12:05 - 2015-08-08 12:46 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\supportdotcom
2015-08-07 23:35 - 2015-08-07 23:35 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\Dropbox
2015-08-07 15:47 - 2015-08-10 17:19 - 00000000 ____D C:\Program Files\Alternative Flash Player Auto-Updater
2015-08-07 00:02 - 2015-08-07 00:02 - 00000732 _____ C:\Documents and Settings\Randy\Desktop\Flash Movie Player.lnk
2015-08-07 00:02 - 2015-08-07 00:02 - 00000000 ____D C:\Program Files\Flash Movie Player
2015-08-07 00:02 - 2015-08-07 00:02 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\Flash Movie Player
2015-08-06 23:19 - 2015-08-08 11:40 - 00001689 ____H C:\WINDOWS\system32\BTImages.dat
2015-08-06 12:03 - 2015-08-06 12:12 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\Canon Easy-WebPrint EX
2015-08-06 00:10 - 2015-08-26 20:22 - 00001750 _____ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 18:44 - 2011-07-22 11:53 - 01223679 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-05 18:43 - 2011-07-22 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-05 18:43 - 2011-07-22 07:20 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-05 18:43 - 2011-07-22 07:20 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-05 18:43 - 2004-08-04 08:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-05 18:42 - 2015-07-22 20:40 - 00344262 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-09-05 18:42 - 2011-07-22 12:23 - 00000278 ___SH C:\Documents and Settings\Randy\ntuser.ini
2015-09-05 18:42 - 2011-07-22 12:21 - 00032634 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-05 17:16 - 2011-07-22 11:57 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-09-05 15:54 - 2004-08-04 08:00 - 00000227 ____C C:\WINDOWS\system.ini
2015-09-05 14:01 - 2011-10-01 12:06 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Troubleshooting-FF
2015-09-05 13:30 - 2011-07-22 12:22 - 00000000 ____D C:\Documents and Settings\Randy
2015-09-05 13:17 - 2011-07-22 07:16 - 00000327 _RSHC C:\boot.ini
2015-09-05 11:31 - 2011-09-16 08:48 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-09-04 16:10 - 2011-09-10 13:15 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\vlc
2015-09-03 17:19 - 2011-09-03 17:22 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\FOV
2015-09-03 11:18 - 2015-08-01 14:30 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 11:15 - 2013-03-22 01:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2015-09-02 22:32 - 2013-08-23 00:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-02 21:26 - 2011-07-24 16:29 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-09-02 18:56 - 2015-08-04 23:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint
2015-09-02 16:42 - 2011-09-10 13:15 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\dvdcss
2015-09-02 15:07 - 2011-07-23 13:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-02 15:02 - 2011-07-22 15:39 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-09-02 13:41 - 2011-08-12 10:43 - 00017685 ____C C:\Documents and Settings\Randy\Application Data\CleanUp!.log
2015-09-01 18:36 - 2012-07-21 18:54 - 00002193 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
2015-08-29 12:13 - 2011-07-25 09:38 - 00000278 ___SH C:\Documents and Settings\Mary Kay\ntuser.ini
2015-08-29 12:13 - 2011-07-25 09:38 - 00000000 ____D C:\Documents and Settings\Mary Kay
2015-08-29 11:43 - 2012-08-19 19:48 - 00000000 ____D C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Akamai
2015-08-29 11:42 - 2011-09-09 05:25 - 00096688 _____ C:\Documents and Settings\Mary Kay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-28 21:49 - 2015-06-07 16:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-27 15:15 - 2011-09-10 13:14 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-26 20:31 - 2013-12-11 11:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2015-08-26 20:02 - 2013-08-12 19:35 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2015-08-26 19:25 - 2011-07-23 17:02 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\Application Data\Adobe
2015-08-26 19:23 - 2011-10-01 11:42 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Adobe
2015-08-26 18:30 - 2011-07-22 12:21 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-26 15:28 - 2011-07-22 07:18 - 00607530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-26 14:56 - 2012-10-17 22:23 - 00000000 ____D C:\WINDOWS\pss
2015-08-26 14:56 - 2004-08-04 08:00 - 00000801 _____ C:\WINDOWS\win.ini
2015-08-26 14:48 - 2011-07-22 07:10 - 00000000 ____D C:\WINDOWS\security
2015-08-26 14:37 - 2011-07-22 11:50 - 00000000 ____D C:\Program Files\Windows NT
2015-08-26 14:37 - 2011-07-22 07:10 - 00000000 ____D C:\WINDOWS\Help
2015-08-25 22:38 - 2015-02-07 18:19 - 00000000 ____D C:\Program Files\NTI
2015-08-25 19:31 - 2012-05-04 02:29 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-08-25 19:06 - 2011-07-22 11:51 - 00000000 ____D C:\Program Files\Online Services
2015-08-25 18:55 - 2011-07-22 07:10 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-23 00:37 - 2011-10-01 11:42 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\CoreFTP
2015-08-22 17:54 - 2015-05-06 22:00 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\New Support Group
2015-08-22 09:21 - 2011-10-01 15:40 - 00000178 ___SH C:\Documents and Settings\Sofia.RANDY-821A2FC76\ntuser.ini
2015-08-22 09:01 - 2012-07-25 11:11 - 00096688 _____ C:\Documents and Settings\Sofia.RANDY-821A2FC76\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-20 12:13 - 2013-01-27 20:17 - 00000000 ____D C:\Program Files\Wondershare
2015-08-19 18:35 - 2011-07-23 17:12 - 00000376 ____C C:\WINDOWS\ODBC.INI
2015-08-19 16:52 - 2011-08-05 23:00 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Animal Advocates of WNY
2015-08-18 23:11 - 2011-09-09 23:32 - 00000000 ____D C:\Program Files\DVD Flick
2015-08-18 11:14 - 2015-08-04 22:54 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\My Car
2015-08-18 11:14 - 2015-06-16 20:34 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Yahoo Group
2015-08-18 11:14 - 2015-06-13 10:33 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Screen Captures
2015-08-18 11:14 - 2012-09-21 15:42 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Support Group
2015-08-17 23:20 - 2012-10-04 15:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-08-17 19:22 - 2011-07-22 07:10 - 00000000 ____D C:\WINDOWS\Cursors
2015-08-17 19:13 - 2011-07-30 23:54 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Unity
2015-08-15 23:05 - 2013-07-28 23:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-15 22:48 - 2011-07-23 16:11 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-15 20:00 - 2011-07-24 15:17 - 00000000 ____D C:\Unity-QB
2015-08-13 22:20 - 2015-03-24 13:34 - 00000000 ___RD C:\Documents and Settings\Randy\My Documents\Dropbox
2015-08-13 22:20 - 2015-03-24 13:29 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Dropbox
2015-08-13 21:41 - 2013-12-11 11:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2015-08-12 12:22 - 2011-07-26 21:52 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-12 12:18 - 2011-07-26 21:52 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-08-12 12:17 - 2011-07-26 21:52 - 00000000 ____D C:\Program Files\Java
2015-08-12 12:17 - 2011-07-24 21:59 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\WinRAR
2015-08-12 12:17 - 2011-07-24 21:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-08-12 12:15 - 2011-07-24 21:59 - 00000000 ____D C:\Program Files\WinRAR
2015-08-11 12:07 - 2015-07-27 17:41 - 00000735 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-11 12:07 - 2015-06-07 16:17 - 00000741 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-10 21:44 - 2014-04-10 08:37 - 00000178 ___SH C:\Documents and Settings\Papa\ntuser.ini
2015-08-10 20:40 - 2011-07-23 19:15 - 00096688 _____ C:\Documents and Settings\Randy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-10 19:40 - 2011-07-22 07:17 - 00345808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-10 18:29 - 2011-07-24 15:07 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-10 18:23 - 2015-03-01 21:33 - 00201200 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-08-10 18:23 - 2012-02-24 22:31 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-08-10 17:51 - 2011-07-24 02:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-08-10 17:22 - 2013-06-13 00:12 - 00000000 ____D C:\Program Files\Solveig Multimedia
2015-08-10 17:20 - 2015-02-25 18:06 - 00000000 ____D C:\Program Files\Glarysoft
2015-08-10 17:11 - 2013-01-23 09:58 - 00000000 ____D C:\Program Files\PDF-XChangePDFViewer
2015-08-10 17:10 - 2011-10-05 22:27 - 00000000 ____D C:\Documents and Settings\Mary Kay\My Documents\Musicnotes
2015-08-10 17:09 - 2011-10-09 22:34 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Musicnotes
2015-08-10 16:58 - 2011-07-27 01:07 - 00000000 ____D C:\Program Files\Ffmpeg For Audacity
2015-08-10 16:57 - 2014-01-04 22:30 - 00000000 ____D C:\Program Files\The Learning Company
2015-08-10 16:57 - 2011-07-22 11:51 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2015-08-10 16:51 - 2011-07-23 21:11 - 00000000 ____D C:\Program Files\Audacity 1.3 Beta (Unicode)
2015-08-10 14:07 - 2011-10-01 15:40 - 00000000 ____D C:\Documents and Settings\Sofia.RANDY-821A2FC76
2015-08-09 21:28 - 2011-07-23 17:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2015-08-09 19:54 - 2015-02-06 16:31 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\Old Firefox Data
2015-08-09 19:45 - 2013-08-02 00:29 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Verizon
2015-08-09 19:18 - 2015-07-27 16:46 - 00000000 ____D C:\Program Files\Comodo
2015-08-09 19:17 - 2011-10-26 00:05 - 00000000 ____D C:\WINDOWS\system32\Adobe
2015-08-09 19:17 - 2011-07-22 11:52 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-08-09 08:50 - 2011-07-24 15:28 - 00000000 ____D C:\UHC-QB
2015-08-08 17:58 - 2011-07-23 13:50 - 00000000 ____D C:\Program Files\Realtek
2015-08-08 17:00 - 2015-04-17 14:29 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\GlarySoft
2015-08-08 16:57 - 2015-03-23 16:08 - 00000000 ____D C:\Documents and Settings\Papa\Desktop\Unused Desktop Shortcuts
2015-08-08 16:57 - 2013-10-22 21:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Visual Business Cards 4
2015-08-08 16:57 - 2012-05-29 21:45 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\Color-Tech Imaging ROES
2015-08-06 12:03 - 2015-08-01 00:47 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Canon Easy-WebPrint EX

==================== Files in the root of some directories =======

2013-03-21 09:58 - 2006-03-30 14:18 - 0015184 _____ () C:\Program Files\alltests.rmb
2013-03-21 09:58 - 2005-08-01 21:30 - 0003664 _____ () C:\Program Files\cpudb_tests.rmb
2013-03-21 09:58 - 2005-03-12 10:00 - 0047247 _____ () C:\Program Files\Longhorn.sui
2013-03-21 09:58 - 2008-02-29 17:36 - 0704000 _____ (NGO Science Center "RightMark ") C:\Program Files\MemoryTest.dll
2013-03-21 09:58 - 2003-01-01 01:08 - 0001360 _____ () C:\Program Files\mobo_tests.rmb
2012-06-06 00:38 - 2011-08-04 13:31 - 0898560 _____ (Squared 5) C:\Program Files\MPEG_Streamclip.exe
2013-03-21 09:58 - 2006-03-31 11:35 - 0003664 _____ () C:\Program Files\ramdb_tests.rmb
2013-03-21 09:58 - 2008-02-29 17:34 - 0501968 _____ () C:\Program Files\rmma.cdb
2013-03-21 09:58 - 2008-02-29 17:03 - 2626560 _____ (NGO Science Center "RightMark ") C:\Program Files\rmma.exe
2013-03-21 09:58 - 2008-02-29 17:40 - 0000218 _____ () C:\Program Files\rmma.ini
2013-03-21 09:58 - 2006-03-30 14:11 - 0015376 _____ () C:\Program Files\rmma.rmp
2013-03-21 09:58 - 2008-02-29 17:05 - 1526272 _____ (NGO Science Center "RightMark ") C:\Program Files\rmms.exe
2013-03-21 09:58 - 2007-12-07 12:40 - 0218624 _____ (NGO Science Center "RightMark ") C:\Program Files\RMMT.exe
2013-03-21 09:58 - 2005-05-25 10:39 - 0004608 _____ () C:\Program Files\RTCore32.sys
2013-03-21 09:58 - 2005-05-25 10:39 - 0007168 _____ () C:\Program Files\RTCore64.sys
2012-09-30 21:52 - 2010-08-21 15:10 - 0429123 _____ (Sillysot Software ) C:\Program Files\setup-Iconoid-x86.exe
2013-03-21 09:58 - 2008-02-29 17:10 - 0260096 _____ (NGO Science Center "RightMark ") C:\Program Files\SysInfo.dll
2013-03-21 09:58 - 2006-07-25 19:49 - 0004095 _____ () C:\Program Files\timings.dat
2013-03-21 09:58 - 2008-02-29 16:57 - 0259584 _____ (NGO Science Center "RightMark ") C:\Program Files\timings.exe
2012-05-04 01:05 - 2012-05-04 01:07 - 22259528 _____ () C:\Program Files\vlc-2.0.1-win32.exe
2013-03-21 09:58 - 2005-05-31 18:00 - 0083415 _____ () C:\Program Files\XPGreen.sui
2015-08-18 23:43 - 2015-08-19 10:10 - 0001119 _____ () C:\Documents and Settings\Randy\Application Data\burnaware.ini
2011-08-12 10:43 - 2015-09-02 13:41 - 0017685 ____C () C:\Documents and Settings\Randy\Application Data\CleanUp!.log
2013-07-29 19:08 - 2013-07-29 19:08 - 1358424 _____ () C:\Documents and Settings\Randy\Application Data\VzInHomeAgent.exe
2011-07-27 20:50 - 2011-07-27 20:50 - 0000128 _____ () C:\Documents and Settings\Randy\Local Settings\Application Data\fusioncache.dat
2015-02-10 13:50 - 2015-02-10 13:50 - 0001254 _____ () C:\Documents and Settings\Randy\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Here is part 1 of Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Randy (2015-09-05 18:50:06)
Running from C:\Documents and Settings\Randy\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-117609710-2000478354-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.RANDY-821A2FC76
ASPNET (S-1-5-21-117609710-2000478354-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-117609710-2000478354-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-117609710-2000478354-725345543-1000 - Limited - Disabled)
Mary Kay (S-1-5-21-117609710-2000478354-725345543-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mary Kay
Papa (S-1-5-21-117609710-2000478354-725345543-1122 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Papa
Randy (S-1-5-21-117609710-2000478354-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Randy
Sofia (S-1-5-21-117609710-2000478354-725345543-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Sofia.RANDY-821A2FC76
SUPPORT_388945a0 (S-1-5-21-117609710-2000478354-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-117609710-2000478354-725345543-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Free Firewall Antivirus (Disabled - Up to date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
A-PDF Image Extractor (HKLM\...\A-PDF Image Extractor_is1) (Version: - A-PDF Solution)
A-PDF Merger (HKLM\...\A-PDF Merger_is1) (Version: - A-PDF.com)
A-PDF Split (HKLM\...\A-PDF Split_is1) (Version: - A-PDF.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asterisk Key 10.0 (HKLM\...\asterisk key) (Version: - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM\...\Canon MX920 series User Registration) (Version: - *Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CardRecovery 6.00 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)
Dropbox (HKU\S-1-5-21-117609710-2000478354-725345543-1003\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FastStone Image Viewer 5.3 (HKLM\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FastStone Photo Resizer 3.1 (HKLM\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
Free YouTube Download version 3.1.39.1015 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.39.1015 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
GPL Ghostscript 8.63 (HKLM\...\GPL Ghostscript 8.63) (Version: - )
GPL Ghostscript 9.01 (HKLM\...\GPL Ghostscript 9.01) (Version: - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
K-Lite Mega Codec Pack 11.4.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
LAUNCH! Web Helper (remove only) (HKLM\...\LAUNCH! Web Helper) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup Now EZ (HKLM\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (Version: 3.0.2.55 - NTI Corporation) Hidden
NVIDIA Graphics Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
PDF-XChange Viewer (HKLM\...\{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}) (Version: 2.5.312.0 - Tracker Software Products (Canada) Ltd.)
Platform (Version: 1.13 - VIA Technologies, Inc.) Hidden
QuickBooks Pro 2007 (HKLM\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version: - )
QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
RNX-N180UBE 11n USB Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - Rosewill Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Should I Remove It (HKU\S-1-5-21-117609710-2000478354-725345543-1003\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
SmartFTP Client (HKLM\...\{A5BA6B7D-197B-4CF8-92CC-FA9C3EAE38F3}) (Version: 5.0.1364.0 - SmartSoft Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.20 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1030 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Uninstall Dual Mode Camera (HKLM\...\Dual Mode Camera_is1) (Version: - )
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.13 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.71.0 - Verizon)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{28400E86-5FFC-453D-A534-EF455A115E74}\localserver32 -> C:\Program Files\Intuit\QuickBooks Product Listing Service\QBProductListingCOMServer.exe (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4877276C-A727-486D-B201-F096035CA4DF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{86AC2FAD-C987-4757-B591-02F9867A8BE5}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E763661E-E497-4D41-AFF4-6BBCB62B9E89}\InprocServer32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

08-06-2015 20:19:24 System Checkpoint
09-06-2015 21:36:29 System Checkpoint
10-06-2015 11:56:47 Software Distribution Service 3.0
11-06-2015 18:58:17 System Checkpoint
12-06-2015 21:40:06 System Checkpoint
14-06-2015 20:16:37 System Checkpoint
16-06-2015 19:10:33 System Checkpoint
18-06-2015 12:48:45 System Checkpoint
21-06-2015 20:11:22 System Checkpoint
24-06-2015 20:28:47 System Checkpoint
25-06-2015 20:42:00 System Checkpoint
27-06-2015 18:10:18 System Checkpoint
28-06-2015 18:42:41 System Checkpoint
30-06-2015 13:11:10 System Checkpoint
02-07-2015 16:19:46 System Checkpoint
02-07-2015 21:54:32 avast! antivirus system restore point
04-07-2015 11:50:45 System Checkpoint
05-07-2015 21:38:29 System Checkpoint
07-07-2015 21:03:37 System Checkpoint
08-07-2015 18:03:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-07-2015 18:03:48 Installed SmartFTP Client
09-07-2015 22:25:54 System Checkpoint
10-07-2015 22:37:50 System Checkpoint
13-07-2015 14:00:52 System Checkpoint
14-07-2015 15:35:23 System Checkpoint
17-07-2015 17:05:27 System Checkpoint
18-07-2015 22:00:19 System Checkpoint
19-07-2015 16:08:52 Software Distribution Service 3.0
19-07-2015 22:11:37 Software Distribution Service 3.0
20-07-2015 13:36:56 Software Distribution Service 3.0
20-07-2015 22:23:23 Software Distribution Service 3.0
21-07-2015 18:40:29 Software Distribution Service 3.0
21-07-2015 21:30:48 Installed RNX-N180UBE 11n USB Wireless LAN Driver and Utility
21-07-2015 22:51:37 Software Distribution Service 3.0
22-07-2015 16:24:58 Software Distribution Service 3.0
22-07-2015 20:39:47 Software Distribution Service 3.0
23-07-2015 10:44:26 Software Distribution Service 3.0
23-07-2015 16:42:21 Software Distribution Service 3.0
23-07-2015 23:16:48 Software Distribution Service 3.0
24-07-2015 13:09:58 Software Distribution Service 3.0
24-07-2015 17:47:37 Software Distribution Service 3.0
24-07-2015 22:31:49 Software Distribution Service 3.0
26-07-2015 17:07:41 Software Distribution Service 3.0
27-07-2015 16:04:08 avast! antivirus system restore point
27-07-2015 16:07:40 Installed Windows XP Wdf01009.
27-07-2015 16:23:48 avast! antivirus system restore point
27-07-2015 16:30:07 Removed avast! Ad Blocker
27-07-2015 16:53:21 Installing COMODO Antivirus
27-07-2015 18:21:44 Spybot-S&D Spyware removal
27-07-2015 22:22:53 Software Distribution Service 3.0
29-07-2015 18:53:24 System Checkpoint
30-07-2015 19:22:12 System Checkpoint
31-07-2015 20:13:42 System Checkpoint
31-07-2015 23:56:14 Restore Operation
01-08-2015 00:19:44 Restore Operation
01-08-2015 13:48:33 Installed REALTEK GbE & FE Ethernet PCI NIC Driver
03-08-2015 23:30:48 System Checkpoint
04-08-2015 21:39:58 Removed GeekBuddy.
04-08-2015 23:16:14 Removed COMODO Antivirus
04-08-2015 23:32:12 Installed Windows KB954550-v5.
04-08-2015 23:32:20 Printer Driver Microsoft XPS Document Writer Installed
04-08-2015 23:32:28 Printer Driver Microsoft XPS Document Writer Installed
05-08-2015 21:59:03 Installed Realtek High Definition Audio Driver
06-08-2015 12:24:09 Removed Java 8 Update 51
07-08-2015 12:56:33 System Checkpoint
08-08-2015 16:59:03 ATS Restore Point
08-08-2015 17:03:26 Advanced Tech Support Service Complete
09-08-2015 19:19:31 Removed Dora saves the Crystal Kingdom.
09-08-2015 19:42:18 Removed Java 8 Update 45
09-08-2015 19:45:32 Removed Wrapper.
09-08-2015 20:10:45 Installed Windows KB954550-v5.
09-08-2015 20:10:58 Printer Driver Microsoft XPS Document Writer Installed
09-08-2015 20:11:16 Printer Driver Microsoft XPS Document Writer Installed
09-08-2015 21:00:20 Software Distribution Service 3.0
09-08-2015 21:21:42 Anvi CSB 3.6
10-08-2015 17:13:37 Removed Perfect PDF Creator Essentials
10-08-2015 17:17:28 Removed Sibelius Scorch (Firefox, Opera, Netscape only)
10-08-2015 18:22:54 Installed Windows KB954550-v5.
10-08-2015 18:23:06 Printer Driver Microsoft XPS Document Writer Installed
10-08-2015 18:23:15 Printer Driver Microsoft XPS Document Writer Installed
10-08-2015 21:54:53 avast! antivirus system restore point
10-08-2015 21:57:36 Installed Windows XP Wdf01009.
10-08-2015 22:18:19 Installed Privatefirewall 7.0
11-08-2015 10:48:48 Spybot-S&D Spyware removal
13-08-2015 12:33:19 System Checkpoint
13-08-2015 23:05:05 Software Distribution Service 3.0
14-08-2015 19:59:04 Software Distribution Service 3.0
15-08-2015 20:45:22 System Checkpoint
15-08-2015 22:48:33 Software Distribution Service 3.0
17-08-2015 18:03:24 System Checkpoint
18-08-2015 23:12:56 Installed Windows XP -- Software Updates KB952011.
19-08-2015 18:35:15 Removed Privatefirewall 7.0
20-08-2015 12:15:38 Installed Windows XP -- Software Updates KB952011.
21-08-2015 20:10:43 System Checkpoint
23-08-2015 22:35:04 System Checkpoint
25-08-2015 22:24:22 Uniblue PC Mechanic installation
25-08-2015 22:33:54 Installed Should I Remove It
25-08-2015 22:36:59 Configured NTI Backup Now EZ
26-08-2015 14:55:36 Before making registry change 8-16-15
27-08-2015 13:53:52 before scanning Samsung HDD
28-08-2015 10:18:02 Software Distribution Service 3.0
28-08-2015 22:10:51 before trying registry fix
01-09-2015 11:00:51 System Checkpoint
01-09-2015 20:02:17 Spybot-S&D Spyware removal
02-09-2015 15:02:55 Installed Realtek High Definition Audio Driver
02-09-2015 15:07:57 Installed Realtek AC'97 Audio
02-09-2015 18:49:29 avast! antivirus system restore point
02-09-2015 18:50:38 Installed Windows XP Wdf01009.
04-09-2015 18:22:03 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-09-05 13:31 - 2015-09-05 15:25 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job => C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job => C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-10 21:56 - 2015-08-10 21:56 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-10 21:56 - 2015-08-10 21:56 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-05 13:15 - 2015-09-05 13:15 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090502\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-10 21:56 - 2015-08-10 21:56 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\CNCALBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLU.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNMLMBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7864 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117609710-2000478354-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Randy\Application Data\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 156.154.70.22 - 156.154.71.22
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RNX-N180UBE 11n USB Wireless LAN Utility.lnk => C:\WINDOWS\pss\RNX-N180UBE 11n USB Wireless LAN Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Randy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: 40FF3EFC13B27ECC4044F143B7F23BA9B0D7A12F._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
MSCONFIG\startupreg: AGRSMMSG => AGRSMMSG.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe "
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Core Temp => "C:\Program Files\Core Temp\Core Temp.exe "
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe "
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe] => Enabled:QuickBooks 2007 Data Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe] => Enabledaemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Client
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabledaemonu.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe] => Enabled:RtWlan
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe] => Enabledropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client\SmartFTP.exe] => Enabled:SmartFTP Client 5.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [4100:UDP] => Enabled:uPNP Router Control Port
StandardProfile\GloballyOpenPorts: [9051:UDP] => :LocalSubNet:Enabled:FiOS Tech Wizard
StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [135:TCP] => EnabledCOM(135)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2015 06:47:27 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 197454077.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (09/05/2015 06:47:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 31.8.2015.0, faulting module frst.exe, version 31.8.2015.0, fault address 0x0002105e.
Processing media-specific event for [frst.exe!ws!]

Error: (09/05/2015 03:43:12 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 180765357.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (09/05/2015 03:43:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/03/2015 11:18:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
at System.Security.Principal.SecurityIdentifier..ctor(System.String)
at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/03/2015 11:17:51 AM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 freemakeutilsservice.exe, P2 1.0.0.0, P3 55827ede, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 6141, P8 39, P9 clr20r30, P10 clr20r31.

Error: (09/03/2015 10:24:16 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 180765357.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (09/03/2015 10:24:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/29/2015 10:37:41 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 180765357.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/29/2015 10:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (09/05/2015 06:45:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/05/2015 06:43:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/05/2015 06:43:50 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/05/2015 05:16:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/05/2015 05:14:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/05/2015 05:14:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/05/2015 03:42:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2015 03:27:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/05/2015 03:25:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/05/2015 03:25:49 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

 

Here is part 1 of Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Randy (2015-09-05 18:50:06)
Running from C:\Documents and Settings\Randy\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-117609710-2000478354-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.RANDY-821A2FC76
ASPNET (S-1-5-21-117609710-2000478354-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-117609710-2000478354-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-117609710-2000478354-725345543-1000 - Limited - Disabled)
Mary Kay (S-1-5-21-117609710-2000478354-725345543-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mary Kay
Papa (S-1-5-21-117609710-2000478354-725345543-1122 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Papa
Randy (S-1-5-21-117609710-2000478354-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Randy
Sofia (S-1-5-21-117609710-2000478354-725345543-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Sofia.RANDY-821A2FC76
SUPPORT_388945a0 (S-1-5-21-117609710-2000478354-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-117609710-2000478354-725345543-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Free Firewall Antivirus (Disabled - Up to date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
A-PDF Image Extractor (HKLM\...\A-PDF Image Extractor_is1) (Version: - A-PDF Solution)
A-PDF Merger (HKLM\...\A-PDF Merger_is1) (Version: - A-PDF.com)
A-PDF Split (HKLM\...\A-PDF Split_is1) (Version: - A-PDF.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asterisk Key 10.0 (HKLM\...\asterisk key) (Version: - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM\...\Canon MX920 series User Registration) (Version: - *Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CardRecovery 6.00 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)
Dropbox (HKU\S-1-5-21-117609710-2000478354-725345543-1003\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FastStone Image Viewer 5.3 (HKLM\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FastStone Photo Resizer 3.1 (HKLM\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
Free YouTube Download version 3.1.39.1015 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.39.1015 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
GPL Ghostscript 8.63 (HKLM\...\GPL Ghostscript 8.63) (Version: - )
GPL Ghostscript 9.01 (HKLM\...\GPL Ghostscript 9.01) (Version: - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
K-Lite Mega Codec Pack 11.4.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
LAUNCH! Web Helper (remove only) (HKLM\...\LAUNCH! Web Helper) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup Now EZ (HKLM\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (Version: 3.0.2.55 - NTI Corporation) Hidden
NVIDIA Graphics Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
PDF-XChange Viewer (HKLM\...\{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}) (Version: 2.5.312.0 - Tracker Software Products (Canada) Ltd.)
Platform (Version: 1.13 - VIA Technologies, Inc.) Hidden
QuickBooks Pro 2007 (HKLM\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version: - )
QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
RNX-N180UBE 11n USB Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - Rosewill Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Should I Remove It (HKU\S-1-5-21-117609710-2000478354-725345543-1003\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
SmartFTP Client (HKLM\...\{A5BA6B7D-197B-4CF8-92CC-FA9C3EAE38F3}) (Version: 5.0.1364.0 - SmartSoft Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.20 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1030 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Uninstall Dual Mode Camera (HKLM\...\Dual Mode Camera_is1) (Version: - )
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.13 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.71.0 - Verizon)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{28400E86-5FFC-453D-A534-EF455A115E74}\localserver32 -> C:\Program Files\Intuit\QuickBooks Product Listing Service\QBProductListingCOMServer.exe (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4877276C-A727-486D-B201-F096035CA4DF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{86AC2FAD-C987-4757-B591-02F9867A8BE5}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E763661E-E497-4D41-AFF4-6BBCB62B9E89}\InprocServer32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

08-06-2015 20:19:24 System Checkpoint
09-06-2015 21:36:29 System Checkpoint
10-06-2015 11:56:47 Software Distribution Service 3.0
11-06-2015 18:58:17 System Checkpoint
12-06-2015 21:40:06 System Checkpoint
14-06-2015 20:16:37 System Checkpoint
16-06-2015 19:10:33 System Checkpoint
18-06-2015 12:48:45 System Checkpoint
21-06-2015 20:11:22 System Checkpoint
24-06-2015 20:28:47 System Checkpoint
25-06-2015 20:42:00 System Checkpoint
27-06-2015 18:10:18 System Checkpoint
28-06-2015 18:42:41 System Checkpoint
30-06-2015 13:11:10 System Checkpoint
02-07-2015 16:19:46 System Checkpoint
02-07-2015 21:54:32 avast! antivirus system restore point
04-07-2015 11:50:45 System Checkpoint
05-07-2015 21:38:29 System Checkpoint
07-07-2015 21:03:37 System Checkpoint
08-07-2015 18:03:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-07-2015 18:03:48 Installed SmartFTP Client
09-07-2015 22:25:54 System Checkpoint
10-07-2015 22:37:50 System Checkpoint
13-07-2015 14:00:52 System Checkpoint
14-07-2015 15:35:23 System Checkpoint
17-07-2015 17:05:27 System Checkpoint
18-07-2015 22:00:19 System Checkpoint
19-07-2015 16:08:52 Software Distribution Service 3.0
19-07-2015 22:11:37 Software Distribution Service 3.0
20-07-2015 13:36:56 Software Distribution Service 3.0
20-07-2015 22:23:23 Software Distribution Service 3.0
21-07-2015 18:40:29 Software Distribution Service 3.0
21-07-2015 21:30:48 Installed RNX-N180UBE 11n USB Wireless LAN Driver and Utility
21-07-2015 22:51:37 Software Distribution Service 3.0
22-07-2015 16:24:58 Software Distribution Service 3.0
22-07-2015 20:39:47 Software Distribution Service 3.0
23-07-2015 10:44:26 Software Distribution Service 3.0
23-07-2015 16:42:21 Software Distribution Service 3.0
23-07-2015 23:16:48 Software Distribution Service 3.0
24-07-2015 13:09:58 Software Distribution Service 3.0
24-07-2015 17:47:37 Software Distribution Service 3.0
24-07-2015 22:31:49 Software Distribution Service 3.0
26-07-2015 17:07:41 Software Distribution Service 3.0
27-07-2015 16:04:08 avast! antivirus system restore point
27-07-2015 16:07:40 Installed Windows XP Wdf01009.
27-07-2015 16:23:48 avast! antivirus system restore point
27-07-2015 16:30:07 Removed avast! Ad Blocker
27-07-2015 16:53:21 Installing COMODO Antivirus
27-07-2015 18:21:44 Spybot-S&D Spyware removal
27-07-2015 22:22:53 Software Distribution Service 3.0
29-07-2015 18:53:24 System Checkpoint
30-07-2015 19:22:12 System Checkpoint
31-07-2015 20:13:42 System Checkpoint
31-07-2015 23:56:14 Restore Operation
01-08-2015 00:19:44 Restore Operation
01-08-2015 13:48:33 Installed REALTEK GbE & FE Ethernet PCI NIC Driver
03-08-2015 23:30:48 System Checkpoint
04-08-2015 21:39:58 Removed GeekBuddy.
04-08-2015 23:16:14 Removed COMODO Antivirus
04-08-2015 23:32:12 Installed Windows KB954550-v5.
04-08-2015 23:32:20 Printer Driver Microsoft XPS Document Writer Installed
04-08-2015 23:32:28 Printer Driver Microsoft XPS Document Writer Installed
05-08-2015 21:59:03 Installed Realtek High Definition Audio Driver
06-08-2015 12:24:09 Removed Java 8 Update 51
07-08-2015 12:56:33 System Checkpoint
08-08-2015 16:59:03 ATS Restore Point
08-08-2015 17:03:26 Advanced Tech Support Service Complete
09-08-2015 19:19:31 Removed Dora saves the Crystal Kingdom.
09-08-2015 19:42:18 Removed Java 8 Update 45
09-08-2015 19:45:32 Removed Wrapper.
09-08-2015 20:10:45 Installed Windows KB954550-v5.
09-08-2015 20:10:58 Printer Driver Microsoft XPS Document Writer Installed
09-08-2015 20:11:16 Printer Driver Microsoft XPS Document Writer Installed
09-08-2015 21:00:20 Software Distribution Service 3.0
09-08-2015 21:21:42 Anvi CSB 3.6
10-08-2015 17:13:37 Removed Perfect PDF Creator Essentials
10-08-2015 17:17:28 Removed Sibelius Scorch (Firefox, Opera, Netscape only)
10-08-2015 18:22:54 Installed Windows KB954550-v5.
10-08-2015 18:23:06 Printer Driver Microsoft XPS Document Writer Installed
10-08-2015 18:23:15 Printer Driver Microsoft XPS Document Writer Installed
10-08-2015 21:54:53 avast! antivirus system restore point
10-08-2015 21:57:36 Installed Windows XP Wdf01009.
10-08-2015 22:18:19 Installed Privatefirewall 7.0
11-08-2015 10:48:48 Spybot-S&D Spyware removal
13-08-2015 12:33:19 System Checkpoint
13-08-2015 23:05:05 Software Distribution Service 3.0
14-08-2015 19:59:04 Software Distribution Service 3.0
15-08-2015 20:45:22 System Checkpoint
15-08-2015 22:48:33 Software Distribution Service 3.0
17-08-2015 18:03:24 System Checkpoint
18-08-2015 23:12:56 Installed Windows XP -- Software Updates KB952011.
19-08-2015 18:35:15 Removed Privatefirewall 7.0
20-08-2015 12:15:38 Installed Windows XP -- Software Updates KB952011.
21-08-2015 20:10:43 System Checkpoint
23-08-2015 22:35:04 System Checkpoint
25-08-2015 22:24:22 Uniblue PC Mechanic installation
25-08-2015 22:33:54 Installed Should I Remove It
25-08-2015 22:36:59 Configured NTI Backup Now EZ
26-08-2015 14:55:36 Before making registry change 8-16-15
27-08-2015 13:53:52 before scanning Samsung HDD
28-08-2015 10:18:02 Software Distribution Service 3.0
28-08-2015 22:10:51 before trying registry fix
01-09-2015 11:00:51 System Checkpoint
01-09-2015 20:02:17 Spybot-S&D Spyware removal
02-09-2015 15:02:55 Installed Realtek High Definition Audio Driver
02-09-2015 15:07:57 Installed Realtek AC'97 Audio
02-09-2015 18:49:29 avast! antivirus system restore point
02-09-2015 18:50:38 Installed Windows XP Wdf01009.
04-09-2015 18:22:03 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-09-05 13:31 - 2015-09-05 15:25 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job => C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job => C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-10 21:56 - 2015-08-10 21:56 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-10 21:56 - 2015-08-10 21:56 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-05 13:15 - 2015-09-05 13:15 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090502\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-10 21:56 - 2015-08-10 21:56 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\CNCALBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLU.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNMLMBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7864 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117609710-2000478354-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Randy\Application Data\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 156.154.70.22 - 156.154.71.22
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RNX-N180UBE 11n USB Wireless LAN Utility.lnk => C:\WINDOWS\pss\RNX-N180UBE 11n USB Wireless LAN Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Randy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: 40FF3EFC13B27ECC4044F143B7F23BA9B0D7A12F._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
MSCONFIG\startupreg: AGRSMMSG => AGRSMMSG.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe "
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Core Temp => "C:\Program Files\Core Temp\Core Temp.exe "
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe "
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe] => Enabled:QuickBooks 2007 Data Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe] => Enabledaemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Client
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabledaemonu.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe] => Enabled:RtWlan
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe] => Enabledropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client\SmartFTP.exe] => Enabled:SmartFTP Client 5.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [4100:UDP] => Enabled:uPNP Router Control Port
StandardProfile\GloballyOpenPorts: [9051:UDP] => :LocalSubNet:Enabled:FiOS Tech Wizard
StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [135:TCP] => EnabledCOM(135)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2015 06:47:27 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 197454077.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (09/05/2015 06:47:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 31.8.2015.0, faulting module frst.exe, version 31.8.2015.0, fault address 0x0002105e.
Processing media-specific event for [frst.exe!ws!]

Error: (09/05/2015 03:43:12 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 180765357.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (09/05/2015 03:43:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/03/2015 11:18:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
at System.Security.Principal.SecurityIdentifier..ctor(System.String)
at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/03/2015 11:17:51 AM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 freemakeutilsservice.exe, P2 1.0.0.0, P3 55827ede, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 6141, P8 39, P9 clr20r30, P10 clr20r31.

Error: (09/03/2015 10:24:16 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 180765357.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (09/03/2015 10:24:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/29/2015 10:37:41 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 180765357.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/29/2015 10:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (09/05/2015 06:45:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/05/2015 06:43:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/05/2015 06:43:50 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/05/2015 05:16:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/05/2015 05:14:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/05/2015 05:14:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/05/2015 03:42:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2015 03:27:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/05/2015 03:25:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/05/2015 03:25:49 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

 

And part 2 of Addition.txt :


Microsoft Office:
=========================
Error: (10/19/2013 11:17:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/19/2013 11:17:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 1231 seconds with 360 seconds of active time. This session ended with a crash.

Error: (10/19/2013 01:53:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/19/2013 01:46:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 9366 seconds with 7260 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 2495.23 MB
Available physical RAM: 1970.4 MB
Total Virtual: 4388.98 MB
Available Virtual: 4048.79 MB

==================== Drives ================================

Drive c: (Samsung HD ) (Fixed) (Total:465.75 GB) (Free:393.52 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

fixlist.txt was created, instead of Fixlog.txt. So here is fixlist.txt:


HKLM Group Policy restriction on software: %localAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-117609710-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Randy\LOCALS~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-06-11] (Kaspersky Lab ZAO)
2013-03-21 09:58 - 2006-03-30 14:18 - 0015184 _____ () C:\Program Files\alltests.rmb
2013-03-21 09:58 - 2005-08-01 21:30 - 0003664 _____ () C:\Program Files\cpudb_tests.rmb
2013-03-21 09:58 - 2005-03-12 10:00 - 0047247 _____ () C:\Program Files\Longhorn.sui
2013-03-21 09:58 - 2008-02-29 17:36 - 0704000 _____ (NGO Science Center "RightMark ") C:\Program Files\MemoryTest.dll
2013-03-21 09:58 - 2003-01-01 01:08 - 0001360 _____ () C:\Program Files\mobo_tests.rmb
2012-06-06 00:38 - 2011-08-04 13:31 - 0898560 _____ (Squared 5) C:\Program Files\MPEG_Streamclip.exe
2013-03-21 09:58 - 2006-03-31 11:35 - 0003664 _____ () C:\Program Files\ramdb_tests.rmb
2013-03-21 09:58 - 2008-02-29 17:34 - 0501968 _____ () C:\Program Files\rmma.cdb
2013-03-21 09:58 - 2008-02-29 17:03 - 2626560 _____ (NGO Science Center "RightMark ") C:\Program Files\rmma.exe
2013-03-21 09:58 - 2008-02-29 17:40 - 0000218 _____ () C:\Program Files\rmma.ini
2013-03-21 09:58 - 2006-03-30 14:11 - 0015376 _____ () C:\Program Files\rmma.rmp
2013-03-21 09:58 - 2008-02-29 17:05 - 1526272 _____ (NGO Science Center "RightMark ") C:\Program Files\rmms.exe
2013-03-21 09:58 - 2007-12-07 12:40 - 0218624 _____ (NGO Science Center "RightMark ") C:\Program Files\RMMT.exe
2013-03-21 09:58 - 2005-05-25 10:39 - 0004608 _____ () C:\Program Files\RTCore32.sys
2013-03-21 09:58 - 2005-05-25 10:39 - 0007168 _____ () C:\Program Files\RTCore64.sys
2012-09-30 21:52 - 2010-08-21 15:10 - 0429123 _____ (Sillysot Software ) C:\Program Files\setup-Iconoid-x86.exe
2013-03-21 09:58 - 2008-02-29 17:10 - 0260096 _____ (NGO Science Center "RightMark ") C:\Program Files\SysInfo.dll
2013-03-21 09:58 - 2006-07-25 19:49 - 0004095 _____ () C:\Program Files\timings.dat
2013-03-21 09:58 - 2008-02-29 16:57 - 0259584 _____ (NGO Science Center "RightMark ") C:\Program Files\timings.exe
2012-05-04 01:05 - 2012-05-04 01:07 - 22259528 _____ () C:\Program Files\vlc-2.0.1-win32.exe
2013-03-21 09:58 - 2005-05-31 18:00 - 0083415 _____ () C:\Program Files\XPGreen.sui
2015-08-18 23:43 - 2015-08-19 10:10 - 0001119 _____ () C:\Documents and Settings\Randy\Application Data\burnaware.ini
2011-08-12 10:43 - 2015-09-02 13:41 - 0017685 ____C () C:\Documents and Settings\Randy\Application Data\CleanUp!.log
2013-07-29 19:08 - 2013-07-29 19:08 - 1358424 _____ () C:\Documents and Settings\Randy\Application Data\VzInHomeAgent.exe
2011-07-27 20:50 - 2011-07-27 20:50 - 0000128 _____ () C:\Documents and Settings\Randy\Local Settings\Application Data\fusioncache.dat
2015-02-10 13:50 - 2015-02-10 13:50 - 0001254 _____ () C:\Documents and Settings\Randy\Local Settings\Application Data\recently-used.xbel
AlternateDataStreams: C:\WINDOWS\system32\CNCALBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLU.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNMLMBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID

 

OK, sorry about that... will try again

 

OK, I figured out what I did the 1st time... dang.
Here is the content of Fixlog.txt :

Fix result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Randy (2015-09-05 22:09:32) Run:1
Running from C:\Documents and Settings\Randy\Desktop
Loaded Profiles: Randy (Available Profiles: Randy & UpdatusUser & Mary Kay & Sofia & Papa & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM Group Policy restriction on software: %localAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-117609710-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Randy\LOCALS~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-06-11] (Kaspersky Lab ZAO)
2013-03-21 09:58 - 2006-03-30 14:18 - 0015184 _____ () C:\Program Files\alltests.rmb
2013-03-21 09:58 - 2005-08-01 21:30 - 0003664 _____ () C:\Program Files\cpudb_tests.rmb
2013-03-21 09:58 - 2005-03-12 10:00 - 0047247 _____ () C:\Program Files\Longhorn.sui
2013-03-21 09:58 - 2008-02-29 17:36 - 0704000 _____ (NGO Science Center "RightMark ") C:\Program Files\MemoryTest.dll
2013-03-21 09:58 - 2003-01-01 01:08 - 0001360 _____ () C:\Program Files\mobo_tests.rmb
2012-06-06 00:38 - 2011-08-04 13:31 - 0898560 _____ (Squared 5) C:\Program Files\MPEG_Streamclip.exe
2013-03-21 09:58 - 2006-03-31 11:35 - 0003664 _____ () C:\Program Files\ramdb_tests.rmb
2013-03-21 09:58 - 2008-02-29 17:34 - 0501968 _____ () C:\Program Files\rmma.cdb
2013-03-21 09:58 - 2008-02-29 17:03 - 2626560 _____ (NGO Science Center "RightMark ") C:\Program Files\rmma.exe
2013-03-21 09:58 - 2008-02-29 17:40 - 0000218 _____ () C:\Program Files\rmma.ini
2013-03-21 09:58 - 2006-03-30 14:11 - 0015376 _____ () C:\Program Files\rmma.rmp
2013-03-21 09:58 - 2008-02-29 17:05 - 1526272 _____ (NGO Science Center "RightMark ") C:\Program Files\rmms.exe
2013-03-21 09:58 - 2007-12-07 12:40 - 0218624 _____ (NGO Science Center "RightMark ") C:\Program Files\RMMT.exe
2013-03-21 09:58 - 2005-05-25 10:39 - 0004608 _____ () C:\Program Files\RTCore32.sys
2013-03-21 09:58 - 2005-05-25 10:39 - 0007168 _____ () C:\Program Files\RTCore64.sys
2012-09-30 21:52 - 2010-08-21 15:10 - 0429123 _____ (Sillysot Software ) C:\Program Files\setup-Iconoid-x86.exe
2013-03-21 09:58 - 2008-02-29 17:10 - 0260096 _____ (NGO Science Center "RightMark ") C:\Program Files\SysInfo.dll
2013-03-21 09:58 - 2006-07-25 19:49 - 0004095 _____ () C:\Program Files\timings.dat
2013-03-21 09:58 - 2008-02-29 16:57 - 0259584 _____ (NGO Science Center "RightMark ") C:\Program Files\timings.exe
2012-05-04 01:05 - 2012-05-04 01:07 - 22259528 _____ () C:\Program Files\vlc-2.0.1-win32.exe
2013-03-21 09:58 - 2005-05-31 18:00 - 0083415 _____ () C:\Program Files\XPGreen.sui
2015-08-18 23:43 - 2015-08-19 10:10 - 0001119 _____ () C:\Documents and Settings\Randy\Application Data\burnaware.ini
2011-08-12 10:43 - 2015-09-02 13:41 - 0017685 ____C () C:\Documents and Settings\Randy\Application Data\CleanUp!.log
2013-07-29 19:08 - 2013-07-29 19:08 - 1358424 _____ () C:\Documents and Settings\Randy\Application Data\VzInHomeAgent.exe
2011-07-27 20:50 - 2011-07-27 20:50 - 0000128 _____ () C:\Documents and Settings\Randy\Local Settings\Application Data\fusioncache.dat
2015-02-10 13:50 - 2015-02-10 13:50 - 0001254 _____ () C:\Documents and Settings\Randy\Local Settings\Application Data\recently-used.xbel
AlternateDataStreams: C:\WINDOWS\system32\CNCALBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLU.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNMLMBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID

*****************

HKLM Group Policy restriction on software: %localAppData%\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-117609710-2000478354-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
catchme => service removed successfully.
eapihdrv => service removed successfully.
IntelIde => service removed successfully.
klflt => service removed successfully.
C:\Program Files\alltests.rmb => moved successfully
C:\Program Files\cpudb_tests.rmb => moved successfully
C:\Program Files\Longhorn.sui => moved successfully
C:\Program Files\MemoryTest.dll => moved successfully
C:\Program Files\mobo_tests.rmb => moved successfully
C:\Program Files\MPEG_Streamclip.exe => moved successfully
C:\Program Files\ramdb_tests.rmb => moved successfully
C:\Program Files\rmma.cdb => moved successfully
C:\Program Files\rmma.exe => moved successfully
C:\Program Files\rmma.ini => moved successfully
C:\Program Files\rmma.rmp => moved successfully
C:\Program Files\rmms.exe => moved successfully
C:\Program Files\RMMT.exe => moved successfully
C:\Program Files\RTCore32.sys => moved successfully
C:\Program Files\RTCore64.sys => moved successfully
C:\Program Files\setup-Iconoid-x86.exe => moved successfully
C:\Program Files\SysInfo.dll => moved successfully
C:\Program Files\timings.dat => moved successfully
C:\Program Files\timings.exe => moved successfully
C:\Program Files\vlc-2.0.1-win32.exe => moved successfully
C:\Program Files\XPGreen.sui => moved successfully
C:\Documents and Settings\Randy\Application Data\burnaware.ini => moved successfully
C:\Documents and Settings\Randy\Application Data\CleanUp!.log => moved successfully
C:\Documents and Settings\Randy\Application Data\VzInHomeAgent.exe => moved successfully
C:\Documents and Settings\Randy\Local Settings\Application Data\fusioncache.dat => moved successfully
C:\Documents and Settings\Randy\Local Settings\Application Data\recently-used.xbel => moved successfully
C:\WINDOWS\system32\CNCALBL.DLL => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\CNC_BLL.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\CNC_BLU.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\CNHMCA.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\CNMLMBL.DLL => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\mbam.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\mbamchameleon.sys => ":$CmdTcID" ADS removed successfully..

==== End of Fixlog 22:09:36 ====

 

checkup.txt contents:

Results of screen317's Security Check version 1.008
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ZoneAlarm Free Firewall Antivirus
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
JavaFX 2.1.0
Java 7 Update 80
Java 8 Update 40
Java 8 Update 51
Java(TM) SE Runtime Environment 6
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.232
Adobe Reader XI
Mozilla Firefox (Firefox,. Firefox out of Date!
Google Chrome (44.0.2403.157)
Google Chrome (45.0.2454.85)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

Fss.txt contents:

Farbar Service Scanner Version: 26-07-2015
Ran by Randy (administrator) on 06-09-2015 at 14:28:43
Running from "C:\Documents and Settings\Randy\Desktop "
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
AegisP(12) aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0D0000000500000001000000020000000300000004000000090000000800000006000000070000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

 

Hey broni -

Sophus Virus Removal Tool found no errors! Zero!
I don't have a log to prove this... is there supposed to be one? If not, then where do we go from here?

Thanks for all your help,
Randy

 

Thanks for all of this information and instructions. Everything is much appreciated. Before I get started with this list, I wanted to ask you a few questions:

About Java.... I have tried to update it on several occasions, but Firefox gives me this warning: "Firefox has determined that the following add-ons are known to cause stability or security problems" (one of which is Java). Is there a work-around for this?

What do you recommend for an antivirus program and firewall? (maybe it's in your post above, I just read it quickly for now)

I've been using Avast for years and I've had no problems up til now. For the firewall, I've been trusting that Windows Firewall is working... but who knows. Like I mentioned in an earlier post, I switched over to Zone Alarm because at that point (when I lost some of my sound) I thought I needed a different firewall. I also tried yet another firewall after removing Zone Alarm but I didn't like it so I deleted that too.

Is Zone Alarm completely removed from my computer now?

I still have the audio problems. I checked just now, and still no Windows sounds, and still no audio when video is associated with it. Should I go back to the original forum that I was posting in, and see if they can help me to resolve those issues? We tried just about everything over there... Neil, in particular, had a lot of ideas but unfortunately none of them did the trick.

I know this is a lot to ask of you but I want to make sure I'm doing everything right here.

Again, I appreciate your help. I am going to make a donation to WindowsBBS based on your help.

 

Thank you once again!!