1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Browser Hijack in IE

Discussion in 'Virus & Other Malware Removal' started by susb8383, Mar 25, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    I noticed a few days ago that my IE was acting weird, like when I clicked a button on a page, it didn't do anything. Even my cursor did not change when I hovered over it. And everything was very, very slow.

    On another browser (Opera), everything seemed to work fine.

    I ran McAfee full scan. It told me 2 infected files found and that it was fixing the 2 issues. But then McAfee hung when it was 99% done, which seems to be a known bug.

    Then today back on IE, my browser was hijacked to PowerWeb without me clicking anything.

    I've noticed I have multiple instances of a process called plugin.exe that I don't remember seeing before.

    Here is my TSG Sysinfo:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
    Processor Count: 4
    RAM: 3037 Mb
    Graphics Card: Intel(R) G41 Express Chipset, 128 Mb
    Hard Drives: C: Total - 473300 MB, Free - 158534 MB;
    Motherboard: LENOVO, To be filled by O.E.M.
    Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled

    And here is my HijackThis log:
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 9:26:11 PM, on 3/25/2015
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    FIREFOX: 32.0.3 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\McAfee\MSC\McAPExe.exe
    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Citrix\GoToMyPC\G2ProcessFactory.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
    C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\DPMTray.exe
    C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    C:\Program Files\ControlCenter4\BrCtrlCntr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    C:\Program Files\ControlCenter4\BrCcUxSys.exe
    C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe
    C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe
    C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\2\plugin.exe
    C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\4\plugin.exe
    C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe
    C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5\plugin.exe
    C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\Program Files\Opera\28.0.1750.48\opera.exe
    C:\Program Files\Opera\28.0.1750.48\opera_crashreporter.exe
    C:\Program Files\Opera\28.0.1750.48\opera.exe
    C:\Program Files\Opera\28.0.1750.48\opera.exe
    C:\Program Files\Opera\28.0.1750.48\opera.exe
    C:\Program Files\Opera\28.0.1750.48\opera.exe
    C:\Program Files\Opera\28.0.1750.48\opera.exe
    C:\Program Files\Opera\28.0.1750.48\opera.exe
    C:\Program Files\Opera\28.0.1750.48\opera.exe
    C:\Documents and Settings\Susie\Desktop\HijackThis (1).exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Susie/My%20Documents/myhomepage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Strong Signal - {c723a437-2eaf-466d-a95b-3fa0966bf88c} - C:\Program Files\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
    O4 - HKLM\..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-21-4010547908-1741489271-1736194522-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'John')
    O4 - HKUS\S-1-5-21-4010547908-1741489271-1736194522-1008\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'John')
    O4 - HKUS\S-1-5-21-4010547908-1741489271-1736194522-1008\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'John')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
    O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272292042328
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272292038406
    O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} (DVM_IPCam2 Control) - http://71.184.192.210/codebase/DVM_IPCam2.ocx
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
    O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Service Mgr StrongSignal - Unknown owner - C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: Update Mgr StrongSignal - Unknown owner - C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe

    --
    End of file - 18492 bytes

    Thanks so much.
     
  2. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    Anybody? I think someone should update the message that shows which says it will take 1 - 2 days for a response.

    Here's more info: definitely have a virus because when I visit a webpage that I know has nothing bad on it (it's our own site), I see all kinds of flashing messages now about Click Here to Scan your Computer, etc.
     
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi susb8383,
    Working on an XP machine at this date is nearly a waste of time.
    Whether your problem can be "fixed" or not is an open question.
    I'll see if I can help patch it up while you consider your options.
    -------------------------------------------------------------
    An article on the subject of XP, and options on what to do, is here:
    http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=62384#.UsLF3bRs_TI
    The entire thread is also available as a PDF document here: http://downloads.malwareremoval.com/XP-The Elephant.pdf

    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  4. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    Hi,

    True. We do have plans to get a new machine, which it sounds like we should do sooner rather than later. But in the meantime, we use this one for work and have to continue functioning. Also I want to make sure I don't transfer any infected files over to a new computer.

    Anything you can do for us would be greatly appreciated.

    Thanks.
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Run the scans when you can and post the logs.
     
  6. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    Hi,

    I know there used to be a sticky saying exactly what scans to run, but it looks like it was removed.

    Can you tell me which scans I should run, with links on where to get the programs?

    Thanks, Susie
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    susb8383,
    This isn't tricky. FRST will run a "double" scan and save two logs.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  8. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    Thanks so much!

    Here is FRST:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
    Ran by Susie (administrator) on LENOVO on 04-04-2015 11:58:49
    Running from C:\tempcandelete
    Loaded Profiles: John & Susie (Available profiles: John & Susie & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (HP) C:\WINDOWS\system32\HPZipm12.exe
    (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    () C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
    (Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    () C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE
    () C:\PROGRA~1\ThinkPad\UTILIT~1\DPMTray.EXE
    (Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
    (Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
    (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
    () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    () C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
    (Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    (Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
    (Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
    () C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE
    () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\PROGRA~1\ThinkPad\UTILIT~1\DPMTray.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
    () C:\Program Files\Opera\28.0.1750.48\opera_crashreporter.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
    () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe
    () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5\Plugin.exe
    () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\4\Plugin.exe
    () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\Plugin.exe
    () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\Plugin.exe
    (FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
    () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\Plugin.exe
    () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\2\Plugin.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
    () C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe
    (Don HO [email protected]) C:\Program Files\Notepad++\notepad++.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LenovoFSC] => C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [40960 2008-09-26] ()
    HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [98304 2009-11-06] (Primax Electronics Ltd.)
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851968 2008-09-09] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    HKLM\...\Run: [PWRAGD] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-04-03] ()
    HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-24] (Lenovo Group Limited)
    HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited)
    HKLM\...\Run: [LPMailChecker] => C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited)
    HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [988584 2007-08-31] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)
    HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
    HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
    HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
    HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
    Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-05] (Siber Systems)
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Run: [AmazonMP3DownloaderHelper] => C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] ()
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-05] (Siber Systems)
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe [961200 2015-03-18] (Adobe Systems Incorporated)
    HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://artucker.powweb.com//atticworxdirect.htm
    URLSearchHook: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    URLSearchHook: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> DefaultScope {B97994BE-0D47-44AA-81C9-E7B72C1D2817} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140109&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF7&pc=MALC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> {89C04934-372C-4BA8-8147-58939264F1E8} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> {B97994BE-0D47-44AA-81C9-E7B72C1D2817} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140109&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://search.yahoo.com/yhs/search?hspart=mcafee&hsimp=yhs-logo002&fr=mcafee&type=B011US91002D20140109&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> {28AB671A-06F7-4AEF-BC7B-0758CC88BBC9} URL = http://us.yhs4.search.yahoo.com/yhs...yCtCtA&cr=365930667&a=wny_ir_15_12&os=Windows XP&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://lf.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110730&user_guid=667804CC4492410C96E3334AE104CBFF&machine_id=03e46290ac526e56f351011b707a5b71&browser=IE&os=win&os_version=5.1-x86-SP3&iesrc={referrer:source}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://search.yahoo.com/yhs/search?hspart=mcafee&hsimp=yhs-logo002&fr=mcafee&type=B011US91002D20140109&p={SearchTerms}
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-10-05] (Siber Systems Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-11] (Oracle Corporation)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-05] (McAfee, Inc.)
    BHO: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll [2015-03-22] ()
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-11] (Oracle Corporation)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-05] (McAfee, Inc.)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-10-05] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-10-05] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-10-05] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272292042328
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272292038406
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://71.184.192.210/codebase/DVM_IPCam2.ocx
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-05] (McAfee, Inc.)
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-05] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-05] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default
    FF DefaultSearchEngine: Secure Search
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCtD0AyBtCyCtDyEtBtDzztN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E0D0CtC0FyB0BtG0ByE0DzztG0AyDtCzytGtAyB0BtCtGtD0ByCzz0BtAyEtB0CyBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0C0AtD0CyBzytG0FyCyDtAtGyE0CtCzztGzytByCzytGyByCtDzy0Bzy0ByCyByEyC0C2QtN1B2Z1V1T1S1NzuyCtCtA%26cr%3D365930667%26a%3Dwny_ir_15_12%26os%3DWindows XP
    FF Keyword.URL: https://search.yahoo.com/yhs/search...ogo002&fr=mcafee&type=B111US91002D20140109&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-10-11] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-11] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2014-10-05] (Siber Systems Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4010547908-1741489271-1736194522-1009: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Susie\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-11-20] (Citrix Online)
    FF user.js: detected! => C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\user.js [2015-03-22]
    FF user.js: detected! => C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\3fv0jnjf.Default User\user.js [2015-03-22]
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-01] (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-05] (Apple Inc.)
    FF SearchPlugin: C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\searchplugins\bing-zugo.xml [2011-07-29]
    FF SearchPlugin: C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\searchplugins\Search Provided by Yahoo.xml [2015-03-26]
    FF SearchPlugin: C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\3fv0jnjf.Default User\searchplugins\Search Provided by Yahoo.xml [2015-03-22]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-03-26]
    FF Extension: Garmin Communicator - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27]
    FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-04]
    FF Extension: Strong Signal - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{32b2bf24-d7e1-4457-ae7d-61b5c4686a26}.xpi [2015-03-22]
    FF Extension: Strong Signal - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\3fv0jnjf.Default User\Extensions\{32b2bf24-d7e1-4457-ae7d-61b5c4686a26}.xpi [2015-03-22]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-26]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-05-19]
    FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011-06-09]
    FF HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    FF HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCtD0AyBtCyCtDyEtBtDzztN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E0D0CtC0FyB0BtG0ByE0DzztG0AyDtCzytGtAyB0BtCtGtD0ByCzz0BtAyEtB0CyBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0C0AtD0CyBzytG0FyCyDtAtGyE0CtCzztGzytByCzytGyByCtDzy0Bzy0ByCyByEyC0C2QtN1B2Z1V1T1S1NzuyCtCtA%26cr%3D365930667%26a%3Dwny_ir_15_12%26os%3DWindows XP
    CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCtD0AyBtCyCtDyEtBtDzztN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E0D0CtC0FyB0BtG0ByE0DzztG0AyDtCzytGtAyB0BtCtGtD0ByCzz0BtAyEtB0CyBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0C0AtD0CyBzytG0FyCyDtAtGyE0CtCzztGzytByCzytGyByCtDzy0Bzy0ByCyByEyC0C2QtN1B2Z1V1T1S1NzuyCtCtA%26cr%3D365930667%26a%3Dwny_ir_15_12%26os%3DWindows XP",
    "hxxp://www.google.com/"
    CHR DefaultSearchKeyword: Default -> Search Provided by Yahoo.com
    CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs...yCtCtA&cr=365930667&a=wny_ir_15_12&os=Windows XP&p={searchTerms}
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR Profile: C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-18]
    CHR Extension: (Google Docs) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-10]
    CHR Extension: (YouTube) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18]
    CHR Extension: (Google Search) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18]
    CHR Extension: (Strong Signal) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\egdjbcindpnjlpbkehkccpcmdebmbgoa [2015-03-22]
    CHR Extension: (Google Sheets) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-18]
    CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-18]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18]
    CHR Extension: (Gmail) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - http://clients2.google.com/service/update2/crx

    Opera:
    =======
    OPR StartupUrls: "file:///C:/Documents%20and%20Settings/Susie/My%20Documents/myhomepage.html"
    OPR Extension: (PDF Viewer) - C:\Documents and Settings\Susie\Application Data\Opera Software\Opera Stable\Extensions\encfpfilknmenlmjemepncnlbbjlabkc [2015-02-07]
    OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2011-05-10]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-05-02] () [File not signed]
    S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
    R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1495384 2015-02-10] (Citrix Online, a division of Citrix Systems, Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-10-11] (Oracle Corporation)
    S3 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S3 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
    U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
    S3 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
    R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
    R2 Service Mgr StrongSignal; C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe [639224 2015-04-04] ()
    R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2009-07-10] (Lenovo Group Limited) [File not signed]
    R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-11-24] () [File not signed]
    R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-11-24] (Lenovo Group Limited) [File not signed]
    R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-11-24] (Lenovo Group Limited) [File not signed]
    R2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed]
    R2 Update Mgr StrongSignal; C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [559864 2015-04-04] ()
    S3 Dmomnetkmp; No ImagePath
    S3 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
    S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-14] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-14] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP)
    U3 Httitmntuwce; No ImagePath
    R3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE1200xp.sys [1034240 2011-03-28] (Broadcom Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
    S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
    S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
    R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [29432 2015-02-10] (Citrix Systems)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    S3 pelmouse; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [19456 2009-11-02] (TPMX Electronics Ltd.)
    S3 pelusblf; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [24064 2009-12-14] (TPMX Electronics Ltd.)
    R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2010-04-01] (Microsoft Corporation) [File not signed]
    S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
    R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [File not signed]
    R3 SuperIO; C:\WINDOWS\System32\DRIVERS\spio.sys [5760 2008-03-06] ()
    S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2010-01-21] (LG Electronics Inc.)
    S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-21] (LG Electronics Inc.)
    S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-21] (LG Electronics Inc.)
    S3 WUSB54GCv3; C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys [627072 2008-12-04] (Ralink Technology, Corp.)
    R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell)
    S3 catchme; \??\C:\DOCUME~1\Susie\LOCALS~1\Temp\catchme.sys [X]
    S3 JL2005C; System32\Drivers\jl2005c.sys [X]
    U0 mfewfpk; No ImagePath
    U1 WS2IFSL; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-04 11:58 - 2015-04-04 11:59 - 00000000 ____D () C:\FRST
    2015-04-03 15:08 - 2015-04-03 15:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    2015-04-01 19:50 - 2015-04-04 11:43 - 00090480 _____ () C:\WINDOWS\system32\ICAutoUpdate.log
    2015-03-31 17:12 - 2015-03-31 17:14 - 00000000 ____D () C:\Documents and Settings\Susie\Desktop\new camera
    2015-03-27 19:25 - 2015-03-27 19:25 - 00001898 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2014.lnk
    2015-03-27 19:25 - 2015-03-27 19:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2014
    2015-03-26 22:25 - 2015-03-26 22:25 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\WooCommerce
    2015-03-25 23:49 - 2015-03-25 23:49 - 00000134 _____ () C:\Documents and Settings\Susie\Desktop\AmazonFBAidenticalproducts.txt
    2015-03-25 21:25 - 2015-03-25 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Susie\Desktop\HijackThis (1).exe
    2015-03-24 00:04 - 2015-03-24 00:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
    2015-03-24 00:03 - 2015-03-24 00:04 - 00006161 _____ () C:\WINDOWS\KB2868038.log
    2015-03-23 05:22 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
    2015-03-23 05:22 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
    2015-03-22 22:37 - 2015-03-22 22:37 - 00000464 __RSH () C:\Documents and Settings\All Users\ntuser.pol
    2015-03-22 22:37 - 2015-03-22 22:37 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
    2015-03-22 14:49 - 2015-03-22 14:49 - 00004535 _____ () C:\Documents and Settings\Susie\Application Data\CamStudio.cfg
    2015-03-22 14:49 - 2015-03-22 14:49 - 00000408 _____ () C:\Documents and Settings\Susie\Application Data\CamShapes.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 00000408 _____ () C:\Documents and Settings\Susie\Application Data\CamLayout.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 00000095 _____ () C:\Documents and Settings\Susie\Application Data\Camdata.ini
    2015-03-22 14:33 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
    2015-03-22 14:33 - 2013-07-16 20:58 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio.sys
    2015-03-22 14:17 - 2015-03-22 14:18 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\My CamStudio Temp Files
    2015-03-22 14:04 - 2015-04-04 11:15 - 00000000 ____D () C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
    2015-03-22 14:04 - 2015-04-04 10:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce
    2015-03-22 14:04 - 2015-03-22 14:06 - 00000000 ____D () C:\Documents and Settings\Susie\Local Settings\Application Data\cano
    2015-03-22 14:04 - 2015-03-22 14:04 - 00000096 _____ () C:\Documents and Settings\Susie\Application Data\version2.xml
    2015-03-22 14:04 - 2015-03-22 14:04 - 00000000 ____D () C:\Program Files\Strong Signal
    2015-03-22 14:04 - 2015-03-22 14:04 - 00000000 ____D () C:\Program Files\CamStudio 2.7
    2015-03-22 14:04 - 2015-03-22 14:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio 2.7
    2015-03-18 19:51 - 2015-04-04 11:54 - 00000892 _____ () C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2015-03-18 07:51 - 2015-03-18 07:54 - 00366344 _____ () C:\Documents and Settings\Susie\Desktop\lessontest.html
    2015-03-15 00:12 - 2015-03-29 22:58 - 01184120 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2015-03-10 06:53 - 2015-03-10 06:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Citrix

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-04 12:00 - 2011-04-30 09:37 - 00000000 ____D () C:\Documents and Settings\Susie\Local Settings\temp
    2015-04-04 12:00 - 2010-05-01 14:59 - 00000000 ____D () C:\Documents and Settings\Susie\Application Data\FileZilla
    2015-04-04 11:58 - 2010-04-27 22:54 - 00000000 ____D () C:\tempcandelete
    2015-04-04 11:51 - 2015-02-01 07:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-04-04 11:43 - 2011-08-21 08:55 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-04 11:43 - 2011-08-21 08:55 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-04 11:28 - 2014-11-20 20:03 - 00000514 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4010547908-1741489271-1736194522-1009.job
    2015-04-04 07:51 - 2008-07-21 18:05 - 00032476 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-04-04 07:36 - 2011-04-30 09:37 - 00000000 ____D () C:\Documents and Settings\John\Local Settings\temp
    2015-04-04 05:10 - 2008-07-21 18:01 - 01324415 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-04-04 00:44 - 2014-12-18 06:32 - 00001820 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-04-03 19:13 - 2013-12-08 18:18 - 00000000 ____D () C:\Documents and Settings\Susie\Local Settings\Application Data\CutePDF Writer
    2015-04-03 17:25 - 2014-10-05 09:25 - 00000390 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1412515523.job
    2015-04-03 15:52 - 2011-06-08 22:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-04-02 18:28 - 2010-04-26 20:57 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\recipies
    2015-04-01 21:56 - 2010-04-26 21:07 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\TurboTax
    2015-04-01 21:45 - 2010-04-26 20:57 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\taxes
    2015-03-31 19:09 - 2010-04-26 22:57 - 00013047 _____ () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (Windows).CAL
    2015-03-31 17:28 - 2014-11-15 19:50 - 00000000 ____D () C:\Documents and Settings\John\Desktop\New Camera
    2015-03-31 17:18 - 2008-07-21 18:50 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-03-31 16:20 - 2014-03-27 06:04 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-03-31 16:20 - 2011-04-30 09:37 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2015-03-31 16:20 - 2010-04-26 10:22 - 00001560 _____ () C:\WINDOWS\system32\ICAutoUpdate.log.bak
    2015-03-31 16:20 - 2008-07-21 18:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-03-31 16:20 - 2008-07-21 10:58 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-03-31 16:20 - 2008-07-21 10:58 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-03-31 06:12 - 2010-04-26 10:21 - 00000000 ____D () C:\Documents and Settings\John\Application Data\Adobe
    2015-03-30 23:58 - 2010-04-26 19:28 - 00000000 ____D () C:\Documents and Settings\Susie\Application Data\Adobe
    2015-03-30 22:58 - 2010-04-26 19:28 - 00000278 ___SH () C:\Documents and Settings\Susie\ntuser.ini
    2015-03-30 22:58 - 2010-04-26 19:28 - 00000000 ____D () C:\Documents and Settings\Susie
    2015-03-30 21:23 - 2010-04-01 03:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
    2015-03-29 22:58 - 2011-06-26 16:25 - 04722394 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4010547908-1741489271-1736194522-1009-0.dat
    2015-03-29 22:58 - 2011-06-26 16:25 - 00326842 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2015-03-29 15:42 - 2011-04-29 16:36 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2015-03-29 08:27 - 2010-04-26 16:26 - 00000089 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
    2015-03-29 05:50 - 2010-04-01 03:40 - 20605926 _____ () C:\sysiclog.txt.bak
    2015-03-29 00:14 - 2010-04-26 20:56 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\Reference
    2015-03-27 19:29 - 2008-07-21 18:06 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
    2015-03-27 19:28 - 2012-03-23 19:19 - 00001331 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    2015-03-27 19:24 - 2012-03-23 18:54 - 00000000 ____D () C:\Program Files\TurboTax
    2015-03-25 21:26 - 2014-07-06 16:32 - 00018494 _____ () C:\Documents and Settings\Susie\Desktop\hijackthis.log
    2015-03-24 23:58 - 2010-04-26 16:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
    2015-03-24 23:49 - 2008-07-21 18:05 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
    2015-03-24 00:04 - 2014-02-19 10:57 - 00453161 _____ () C:\WINDOWS\setupapi.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 01910834 _____ () C:\WINDOWS\iis6.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 01736587 _____ () C:\WINDOWS\FaxSetup.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00839496 _____ () C:\WINDOWS\ocgen.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00802550 _____ () C:\WINDOWS\tsoc.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00591578 _____ () C:\WINDOWS\comsetup.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00535706 _____ () C:\WINDOWS\msmqinst.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00356687 _____ () C:\WINDOWS\ntdtcsetup.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00304947 _____ () C:\WINDOWS\netfxocm.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00120073 _____ () C:\WINDOWS\MedCtrOC.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00096303 _____ () C:\WINDOWS\ocmsn.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00088063 _____ () C:\WINDOWS\tabletoc.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00087082 _____ () C:\WINDOWS\msgsocm.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00001374 _____ () C:\WINDOWS\imsins.log
    2015-03-23 16:53 - 2010-05-16 17:28 - 00000000 ____D () C:\Documents and Settings\Susie\Local Settings\Application Data\Paint.NET
    2015-03-22 21:42 - 2014-11-22 15:41 - 00000000 ____D () C:\Documents and Settings\Susie\Application Data\vlc
    2015-03-22 21:28 - 2010-05-19 18:12 - 00165888 _____ () C:\Documents and Settings\Susie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-03-22 15:29 - 2013-05-27 23:15 - 00000000 ____D () C:\Documents and Settings\Susie\Application Data\Audacity
    2015-03-22 13:22 - 2010-04-27 23:01 - 00009919 _____ () C:\Documents and Settings\Susie\My Documents\myhomepage.html
    2015-03-21 20:17 - 2010-04-26 20:58 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\web pages
    2015-03-19 23:52 - 2010-04-26 10:21 - 00000278 ___SH () C:\Documents and Settings\John\ntuser.ini
    2015-03-19 23:52 - 2010-04-26 10:21 - 00000000 ____D () C:\Documents and Settings\John
    2015-03-18 19:51 - 2012-03-29 15:22 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-03-18 19:51 - 2011-05-15 07:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-03-18 17:25 - 2014-10-05 09:25 - 00000000 ____D () C:\Program Files\Opera
    2015-03-15 06:02 - 2008-07-21 10:55 - 00677972 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-03-15 00:12 - 2010-04-01 03:36 - 00065536 _____ () C:\WINDOWS\system32\config\Lenovo-M.evt
    2015-03-11 03:07 - 2013-08-14 08:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-03-11 03:00 - 2010-04-26 10:58 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-03-08 15:00 - 2014-03-27 06:04 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

    ==================== Files in the root of some directories =======

    2015-03-22 14:49 - 2015-03-22 14:49 - 0000095 _____ () C:\Documents and Settings\Susie\Application Data\Camdata.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 0000408 _____ () C:\Documents and Settings\Susie\Application Data\CamLayout.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 0000408 _____ () C:\Documents and Settings\Susie\Application Data\CamShapes.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 0004535 _____ () C:\Documents and Settings\Susie\Application Data\CamStudio.cfg
    2011-07-01 20:31 - 2011-07-01 20:31 - 0013046 _____ () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (DOS).CAL
    2010-04-27 22:25 - 2010-04-27 22:38 - 0038455 ____N () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (Windows).ADR
    2010-04-26 22:57 - 2015-03-31 19:09 - 0013047 _____ () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (Windows).CAL
    2010-04-26 22:08 - 2010-04-27 22:48 - 0009333 ____N () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (Windows).EML
    2015-03-22 14:04 - 2015-03-22 14:04 - 0000096 _____ () C:\Documents and Settings\Susie\Application Data\version2.xml
    2010-05-19 18:12 - 2015-03-22 21:28 - 0165888 _____ () C:\Documents and Settings\Susie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-06-26 14:41 - 2011-06-26 14:41 - 0000275 _____ () C:\Documents and Settings\Susie\Local Settings\Application Data\HamsterVideoConverterSettings.cfg

    Files to move or delete:
    ====================
    C:\Documents and Settings\Susie\gosetup.exe


    Some content of TEMP:
    ====================
    C:\Documents and Settings\Susie\Local Settings\temp\hpzmsi01.exe
    C:\Documents and Settings\Susie\Local Settings\temp\hpzscr01.exe
    C:\Documents and Settings\Susie\Local Settings\temp\ICReinstall_CamStudioSetup_v2.0.5.a0.1_37346_894_stub_Astro_Delivery__Fried_Cookie_Ltd._.exe
    C:\Documents and Settings\Susie\Local Settings\temp\Quarantine.exe
    C:\Documents and Settings\Susie\Local Settings\temp\RoboForm-Setup.exe
    C:\Documents and Settings\Susie\Local Settings\temp\swt-win32-3452.dll
    C:\Documents and Settings\Susie\Local Settings\temp\xuninst.exe
    C:\Documents and Settings\Susie\Local Settings\temp\_is1B9.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================
     
  9. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    Here is Addition:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
    Ran by Susie at 2015-04-04 12:00:23
    Running from C:\tempcandelete
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    01 Transaction Pro Importer 4.0 (HKLM\...\01 Transaction Pro Importer 4.0) (Version: 4.0.10 - Baystate Consulting (781) 932-1133)
    Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - )
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.310 - Adobe Systems Incorporated)
    Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoImpression 5 (HKLM\...\{CDEE9830-92A2-4A65-8ED7-6804C865BA2F}) (Version: - ArcSoft)
    Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    AudibleManager (HKLM\...\AudibleManager) (Version: 1309592.1378168.1310188.2089871648 - Audible, Inc.)
    AutoIt v3.3.8.1 (HKLM\...\AutoItv3) (Version: - AutoIt Team)
    AVS Audio Editor 7.1 (HKLM\...\AVS Audio Editor_is1) (Version: 7.1.6.484 - Online Media Technologies Ltd.)
    AVS Screen Capture version 2.0.1 (HKLM\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
    AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
    AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.3.535 - Online Media Technologies Ltd.)
    AVS Video Editor 6 (HKLM\...\AVS Video Editor_is1) (Version: 6.3.3.235 - Online Media Technologies Ltd.)
    AVS Video Recorder 2.5 (HKLM\...\AVS Video Recorder_is1) (Version: 2.5.4.84 - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
    BitPim 1.0.7 (HKLM\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <[email protected]>)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 0.0.20.0 - Brother Industries, Ltd.)
    Buzzdock (HKLM\...\{cfd32d46-7d3f-483f-bace-7172aec5592d}) (Version: - Alactro LLC) <==== ATTENTION
    CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
    Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
    Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
    Diamond Mind Baseball version 10 (HKLM\...\Diamond Mind Baseball version 10) (Version: 10 - Diamond Mind, Inc.)
    DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
    Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
    DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
    FanSpeedControl (HKLM\...\InstallShield_{9E3BC634-769E-4847-9530-E22433D13E45}) (Version: 1.00.00.9 - Lenovo)
    FanSpeedControl (Version: 1.00.00.9 - Lenovo) Hidden
    FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version: - )
    FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
    Garmin POI Loader (HKLM\...\{D181A318-28DF-4B83-8F13-24C2D0BDA12D}) (Version: 2.6.1.0 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM\...\{B39177F9-269D-4A9B-82F2-7A48589CCCEF}) (Version: 2.5.2 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    GoToMeeting 7.1.7.2539 (HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\GoToMeeting) (Version: 7.1.7.2539 - CitrixOnline)
    GoToMyPC (HKLM\...\{761A9EF4-3916-49DE-B86D-93D199962DF7}) (Version: 8.3.1606 - Citrix Systems, Inc.)
    Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - )
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
    InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1268 - InterVideo Inc.)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
    Java(TM) 6 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
    Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    KeywordBlueprint (HKLM\...\CommissionBlueprint.KeywordBlueprint.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1) (Version: 1.29 - UNKNOWN)
    KeywordBlueprint (Version: 1.29 - UNKNOWN) Hidden
    Kindle Previewer (HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\KindlePreviewer) (Version: 2.922 - Amazon)
    LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
    Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.32 - Lenovo)
    Lenovo Registration (HKLM\...\Lenovo Registration) (Version: - Lenovo - Leader Technologies)
    Lenovo System Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5122.06 - PC-Doctor, Inc.)
    LG SP USB Driver (HKLM\...\{E2AE8456-CCFE-46C0-8629-71CC507660FC}) (Version: 1.0 - LG Electronics)
    LG USB Modem Driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.7 - LG Electronics)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.62.1.3 - Marvell)
    McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.118 - McAfee, Inc.)
    Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01d - )
    Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
    Micro Niche Finder 5.0 (HKLM\...\Micro Niche Finder 5.0_is1) (Version: 5.7.37.0 - James J. Jones, LLC.)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft IntelliPoint 6.2 (HKLM\...\{8C5FAD77-F678-4758-A296-C12F08D179E0}) (Version: 6.20.182.0 - Microsoft)
    Microsoft IntelliType Pro 6.2 (HKLM\...\{345112D9-0930-4A68-AB71-A831BA5DE7AA}) (Version: 6.20.182.0 - Microsoft)
    Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
    Notepad++ (HKLM\...\Notepad++) (Version: 5.6.8 - )
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Online Data Backup (HKLM\...\{4C018129-1793-48D2-B82C-6FA71C96B476}) (Version: 1.00.0001 - lenovo)
    Opera Stable 28.0.1750.48 (HKLM\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
    OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
    PageBreeze Free HTML Editor (HKLM\...\PageBreeze Free HTML Editor) (Version: - )
    Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
    Productivity Center Supplement for ThinkCentre (HKLM\...\{D728E945-256D-4477-B377-6BBA693714AC}) (Version: 3.00b - )
    QuickBooks (Version: 20.0.4017.807 - Intuit Inc.) Hidden
    QuickBooks Pro 2010 (HKLM\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5700 - Realtek Semiconductor Corp.)
    Rescue and Recovery (HKLM\...\{F151F2B3-0C32-44D3-90E2-E639B8024622}) (Version: 4.21.0030.00 - Lenovo Group Limited)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    RoboForm 7-9-10-1 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)
    Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
    Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
    Strong Signal (HKLM\...\Strong Signal) (Version: 2.0.5559.15476 - Strong Signal) <==== ATTENTION!
    System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.14.0025 - Lenovo)
    ThinkVantage Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.00.0019 - )
    ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 3.00b - )
    ThinkVantage Technologies Welcome Message (Version: 1.20 - ) Hidden
    Traffic Travis 3.3.36 (HKLM\...\Traffic Travis_is1) (Version: - Affilorama Ltd.)
    TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Wallpapers (Version: - ) Hidden
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
    XP Themes (Version: 1.00.0000 - Lenovo) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2331\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1FB6D0D0-9468-D082-8640-C7EE85889A47} No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {47CD0A42-9468-D082-149A-BCB685889A47} No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-07-21 18:49 - 2011-04-30 09:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4010547908-1741489271-1736194522-1009.job => C:\Program Files\Citrix\GoToMeeting\2539\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1412515523.job => C:\Program Files\Opera\launcher.exe
    Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PCDR5\pcdr5cuiw32.exeK-backgroundmon scripts\backgroundmon.xml
    Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE

    ==================== Loaded Modules (whitelisted) ==============

    2013-12-08 18:13 - 2013-10-23 16:23 - 00089136 _____ () C:\WINDOWS\system32\cpwmon2k.dll
    2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-30 14:07 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    2008-11-24 19:34 - 2008-11-24 19:34 - 00520192 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    2008-11-24 19:28 - 2008-11-24 19:28 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
    2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2010-05-14 17:11 - 2007-09-14 09:58 - 00059904 ____N () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
    2010-04-01 03:35 - 2007-06-18 20:28 - 00056056 ____N () C:\WINDOWS\system32\DLAAPI_W.DLL
    2008-09-26 17:24 - 2008-09-26 17:24 - 00040960 ____N () C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
    2008-05-23 15:40 - 2008-05-23 15:40 - 00028672 ____N () C:\Program Files\Lenovo\FanSpeedControl\SpioDll.dll
    2010-04-01 03:30 - 2009-03-26 13:50 - 00028160 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
    2008-11-24 19:28 - 2008-11-24 19:28 - 00139264 ____N () c:\Program Files\Common Files\Lenovo\CDRecord.dll
    2010-04-01 03:30 - 2009-04-03 01:45 - 00064064 ____N () C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
    2010-04-01 03:30 - 2009-04-03 01:44 - 00059968 ____N () C:\Program Files\ThinkPad\Utilities\DPMTray.EXE
    2010-04-01 03:30 - 2009-03-26 13:50 - 00010240 ____N () C:\Program Files\ThinkPad\Utilities\US\DPMTRAY.DLL
    2009-05-28 02:09 - 2009-05-28 02:09 - 00049976 ____N () C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    2013-05-09 16:37 - 2013-05-09 16:37 - 00400704 _____ () C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    2010-04-01 03:27 - 2008-11-20 04:27 - 00020480 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
    2008-07-21 18:49 - 2008-04-14 08:00 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll
    2008-07-21 18:49 - 2008-04-14 08:00 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll
    2015-03-18 17:25 - 2015-03-18 17:25 - 00484472 _____ () C:\Program Files\Opera\28.0.1750.48\opera_crashreporter.exe
    2015-03-18 17:25 - 2015-03-18 17:25 - 09625720 _____ () C:\Program Files\Opera\28.0.1750.48\pdf.dll
    2015-03-22 11:36 - 2015-04-04 06:36 - 00639224 _____ () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe
    2015-04-03 20:36 - 2015-04-03 20:36 - 00563448 _____ () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5\plugin.exe
    2015-04-04 00:36 - 2015-04-04 00:36 - 00418552 _____ () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\4\plugin.exe
    2015-04-03 23:36 - 2015-04-03 23:36 - 00475896 _____ () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe
    2010-01-02 10:42 - 2010-01-02 10:42 - 00018207 _____ () C:\Program Files\FileZilla FTP Client\mingwm10.dll
    2015-04-04 00:36 - 2015-04-04 00:36 - 01196280 _____ () C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\2\plugin.exe
    2015-03-22 11:36 - 2015-04-04 07:36 - 00559864 _____ () C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe
    2009-09-13 20:06 - 2009-09-13 20:06 - 00204800 ____N () C:\Program Files\Notepad++\plugins\ComparePlugin.dll
    2008-09-06 08:51 - 2008-09-06 08:51 - 00014336 ____N () C:\Program Files\Notepad++\plugins\NppExport.dll
    2007-08-04 21:10 - 2007-08-04 21:10 - 00250368 ____N () C:\Program Files\Notepad++\plugins\Config\tidy\libTidy.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\ThinkDots 1024_768.bmp
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
    MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u

    ==================== Accounts: =============================

    Administrator (S-1-5-21-4010547908-1741489271-1736194522-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-4010547908-1741489271-1736194522-1003 - Limited - Enabled)
    Guest (S-1-5-21-4010547908-1741489271-1736194522-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-4010547908-1741489271-1736194522-1007 - Limited - Disabled)
    John (S-1-5-21-4010547908-1741489271-1736194522-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\John
    SUPPORT_388945a0 (S-1-5-21-4010547908-1741489271-1736194522-1002 - Limited - Disabled)
    Susie (S-1-5-21-4010547908-1741489271-1736194522-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Susie

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/01/2015 09:20:03 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks Pro 2010":
    The user canceled one of the dialog boxes. No message was sent.

    Error: (04/01/2015 09:20:03 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks Pro 2010":
    Failed to send mail message:

    Error: (04/01/2015 09:19:17 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks Pro 2010":
    DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

    Error: (04/01/2015 09:19:17 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks Pro 2010":
    Connection String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\A Bark In The Park.QBW;ENG=QB_data_engine_20;DBN=6a4dfe0352204570835e60869bb3eb0b

    Error: (04/01/2015 09:19:17 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks Pro 2010":
    Connection Error:Invalid user ID or password

    Error: (04/01/2015 09:19:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (04/01/2015 09:19:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (04/01/2015 09:19:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks":
    Returning NULL QBWinInstance Handle

    Error: (04/01/2015 09:13:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks Pro 2010":
    DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from function:'DBMgr::DBConnPool::init'

    Error: (04/01/2015 09:13:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
    Description: An unexpected error has occured in "QuickBooks Pro 2010":
    Connection String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\A Bark In The Park.QBW;ENG=QB_data_engine_20;DBN=c956d00356934138926189b874da66a5


    System errors:
    =============
    Error: (04/03/2015 03:04:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The McAfee Boot Delay Start Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/02/2015 02:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053

    Error: (04/02/2015 02:39:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the McAfee Platform Services service to connect.

    Error: (04/02/2015 02:39:13 PM) (Source: DCOM) (EventID: 10005) (User: LENOVO)
    Description: DCOM got error "%%1053" attempting to start the service mcpltsvc with arguments ""
    in order to run the server:
    {20966775-18A4-4299-B8E3-772C336B52A7}

    Error: (04/02/2015 02:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053

    Error: (04/02/2015 02:39:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the McAfee Platform Services service to connect.

    Error: (04/02/2015 02:39:11 PM) (Source: DCOM) (EventID: 10005) (User: LENOVO)
    Description: DCOM got error "%%1053" attempting to start the service mcpltsvc with arguments ""
    in order to run the server:
    {20966775-18A4-4299-B8E3-772C336B52A7}

    Error: (04/02/2015 02:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    %%1053

    Error: (04/02/2015 02:39:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the McAfee Platform Services service to connect.

    Error: (04/02/2015 02:39:10 PM) (Source: DCOM) (EventID: 10005) (User: LENOVO)
    Description: DCOM got error "%%1053" attempting to start the service mcpltsvc with arguments ""
    in order to run the server:
    {20966775-18A4-4299-B8E3-772C336B52A7}


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU Q9500 @ 2.83GHz
    Percentage of memory in use: 34%
    Total physical RAM: 3037.17 MB
    Available physical RAM: 1984.63 MB
    Total Pagefile: 7431.69 MB
    Available Pagefile: 6283.14 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1929.2 MB

    ==================== Drives ================================

    Drive c: (Preload) (Fixed) (Total:462.21 GB) (Free:154.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HOGTTPC-EN) (CDROM) (Total:0.73 GB) (Free:0 GB) UDF1.02

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 777AA0E1)
    Partition 1: (Active) - (Size=462.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=3.6 GB) - (Type=12)

    ==================== End Of Log ============================
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    susb8383,
    The programs listed for Uninstall here are either adware generators, Unsafe for XP, or poor quality junk programs.
    You should not have any Java installed on this system (javascript normally comes with browsers, is completely different than Java, and is OK)
    I would suggest getting your browsers off Yahoo if you don't want unsolicited adware.
    ---------------------------------------------------------
    The McAfee Site Advisor add-on is not very useful, at best.
    If you want to see how good it is, look at its ratings for some of the most infamous adware/junkware/tracking/hijacker distribution sites.
    Go here: http://www.siteadvisor.com/sites/
    Type in each of the following to check its "rating"
    MyWebSearch.com
    searchqu.com
    ask.com
    conduit.com
    trovi.com
    funmoods.com

    Notice the "safety" ratings despite the customers' observances in the pie charts.
    -----------------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
    Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

    CamStudio 2.7.2
    Buzzdock
    Java 7 Update 7
    Java(TM) 6 Update 25
    Lenovo System Toolbox
    McAfee Security Scan Plus
    McAfee SiteAdvisor
    Strong Signal

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to C:\tempcandelete
    NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)
    For some reason, your present location for FRST.exe is here >>> C:\tempcandelete
    Run FRST and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  11. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    Question about CamStudio: I had downloaded that recently to be able to do some screen capture videos. I got it from CNET. Aren't their downloads supposed to be clean?

    Thanks.
     
  12. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    Ok, I uninstalled everything on the list except CamStudio (awaiting your comment).

    Here is the log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
    Ran by Susie at 2015-04-04 17:47:41 Run:1
    Running from C:\tempcandelete
    Loaded Profiles: John & Susie (Available profiles: John & Susie & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://search.yahoo.com/yhs/search?hspart=mcafee&hsimp=yhs-logo002&fr=mcafee&type=B011US91002D20140109&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> {28AB671A-06F7-4AEF-BC7B-0758CC88BBC9} URL = http://us.yhs4.search.yahoo.com/yhs/...26os=Windows XP&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> {B97994BE-0D47-44AA-81C9-E7B72C1D2817} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140109&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://search.yahoo.com/yhs/search?hspart=mcafee&hsimp=yhs-logo002&fr=mcafee&type=B011US91002D20140109&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> DefaultScope {B97994BE-0D47-44AA-81C9-E7B72C1D2817} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140109&p={SearchTerms}
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-11] (Oracle Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-05] (McAfee, Inc.)
    BHO: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll [2015-03-22] ()
    C:\Program Files\Strong Signal
    Toolbar: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-05] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-05] (McAfee, Inc.)
    FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DFirefox%26cc% 3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCtD0AyBtCyCtDyEtBtDz ztN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E 0D0CtC0FyB0BtG0ByE0DzztG0AyDtCzytGtAyB0BtCtGtD0ByCzz0BtAyEtB0CyBtC0A2QtN1M1 F1B2Z1V1N2Y1L1Qzu2SyDyC0C0AtD0CyBzytG0FyCyDtAtGyE0CtCzztGzytByCzytGyByCtDzy 0Bzy0ByCyByEyC0C2QtN1B2Z1V1T1S1NzuyCtCtA%26cr%3D365930667%26a%3Dwny_ir_15_1 2%26os%3DWindows XP
    FF Keyword.URL: https://search.yahoo.com/yhs/search?...02D20140109&p=
    FF DefaultSearchEngine: Secure Search
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    FF SearchPlugin: C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\searchplugins\bing-zugo.xml [2011-07-29]
    FF SearchPlugin: C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\searchplugins\Search Provided by Yahoo.xml [2015-03-26]
    FF SearchPlugin: C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\3fv0jnjf.Default User\searchplugins\Search Provided by Yahoo.xml [2015-03-22]
    FF Extension: Strong Signal - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{32b2bf24-d7e1-4457-ae7d-61b5c4686a26}.xpi [2015-03-22]
    FF Extension: Strong Signal - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\3fv0jnjf.Default User\Extensions\{32b2bf24-d7e1-4457-ae7d-61b5c4686a26}.xpi [2015-03-22]
    FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-05-19]
    FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DChrome%26cc%3 Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCtD0AyBtCyCtDyEtBtDzz tN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E0 D0CtC0FyB0BtG0ByE0DzztG0AyDtCzytGtAyB0BtCtGtD0ByCzz0BtAyEtB0CyBtC0A2QtN1M1F 1B2Z1V1N2Y1L1Qzu2SyDyC0C0AtD0CyBzytG0FyCyDtAtGyE0CtCzztGzytByCzytGyByCtDzy0 Bzy0ByCyByEyC0C2QtN1B2Z1V1T1S1NzuyCtCtA%26cr%3D365930667%26a%3Dwny_ir_15_12 %26os%3DWindows XP
    CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D7%26b%3DChrome%26cc%3 Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCtD0AyBtCyCtDyEtBtDzz tN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E0 D0CtC0FyB0BtG0ByE0DzztG0AyDtCzytGtAyB0BtCtGtD0ByCzz0BtAyEtB0CyBtC0A2QtN1M1F 1B2Z1V1N2Y1L1Qzu2SyDyC0C0AtD0CyBzytG0FyCyDtAtGyE0CtCzztGzytByCzytGyByCtDzy0 Bzy0ByCyByEyC0C2QtN1B2Z1V1T1S1NzuyCtCtA%26cr%3D365930667%26a%3Dwny_ir_15_12 %26os%3DWindows XP",
    CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs/...26os=Windows XP&p={searchTerms}
    S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-10-11] (Oracle Corporation)
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Error: (0) Failed to create a restore point.
    Processes closed successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe not found.
    C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
    HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
    "HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => Key deleted successfully.
    HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => Key not found.
    "HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28AB671A-06F7-4AEF-BC7B-0758CC88BBC9}" => Key deleted successfully.
    HKCR\CLSID\{28AB671A-06F7-4AEF-BC7B-0758CC88BBC9} => Key not found.
    "HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B97994BE-0D47-44AA-81C9-E7B72C1D2817}" => Key deleted successfully.
    HKCR\CLSID\{B97994BE-0D47-44AA-81C9-E7B72C1D2817} => Key not found.
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => Key deleted successfully.
    HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found.
    HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c723a437-2eaf-466d-a95b-3fa0966bf88c} => Key not found.
    HKCR\CLSID\{c723a437-2eaf-466d-a95b-3fa0966bf88c} => Key not found.
    "C:\Program Files\Strong Signal" => File/Directory not found.
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.
    HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} => Key not found.
    HKCR\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} => Key not found.
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
    HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
    HKCR\PROTOCOLS\Handler\dssrequest => Key not found.
    HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
    HKCR\PROTOCOLS\Handler\sacore => Key not found.
    HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
    Firefox homepage deleted successfully.
    Firefox Keyword.URL deleted successfully.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox SearchEngineOrder.1 deleted successfully.
    Firefox SelectedSearchEngine deleted successfully.
    C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\searchplugins\bing-zugo.xml => Moved successfully.
    C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\searchplugins\Search Provided by Yahoo.xml => Moved successfully.
    C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\3fv0jnjf.Default User\searchplugins\Search Provided by Yahoo.xml => Moved successfully.
    C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{32b2bf24-d7e1-4457-ae7d-61b5c4686a26}.xpi => not found.
    C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\3fv0jnjf.Default User\Extensions\{32b2bf24-d7e1-4457-ae7d-61b5c4686a26}.xpi => not found.
    C:\Program Files\McAfee\SiteAdvisor => Moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found.
    Chrome HomePage not detected.
    Chrome StartupUrls not detected.
    Chrome DefaultSearchURL not detected.
    JavaQuickStarterService => Service not found.

    ========= ipconfig /flushdns =========



    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========

    EmptyTemp: => Removed 5.7 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 17:52:08 ====
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    susb8383,
    Good fix so far.
    CNET is the junk purveyor of the planet. Along with Download.com, Softonic.com, and Brothersoft.com
    Don't EVER download anything from any of them.

    About most sites for CamStudio, have a look at each:
    http://camstudio.org/forum/discussi...dio-as-adware-and-blocks-it-from-installation
    http://blog.yoocare.com/camstudio-adware-removal-guide/
    http://brianmahoney.ca/2013/12/cam-studio-installation-how-to-avoid-malware/

    I don't know for sure if CamStudio continues downloading junk after it's installed.
    But the smell rises.
    If you want to keep it, it's up to you, but... I can't stay here forever if it continues to deliver garbage.
    Choose whether to keep it or not.

    Then, Let's run another scan to see what's left.
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents in your next reply.

    askey127
     
  14. susb8383

    susb8383 Thread Starter

    Joined:
    Apr 22, 2011
    Messages:
    121
    Oh, that's weird! I posted that log weeks ago but I don't see my post. Odd.

    Regardless...the problem is fixed. No more weird stuff on that browser. AND we just bought a new computer. We're setting it up right now and will retire this old dinosaur.

    Thanks so much for your help.

    Guess I'll post the log just to be complete:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
    Ran by Susie (administrator) on LENOVO on 16-04-2015 18:05:38
    Running from C:\tempcandelete
    Loaded Profiles: John & Susie (Available profiles: John & Susie & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (HP) C:\WINDOWS\system32\HPZipm12.exe
    (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
    () C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
    (Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
    () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    (Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
    (Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE
    () C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE
    () C:\PROGRA~1\ThinkPad\UTILIT~1\DPMTray.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
    (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2processfactory.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    () C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
    (Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    (Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
    () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
    (Lenovo Group Limited) C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    () C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    () C:\PROGRA~1\ThinkPad\UTILIT~1\DPMTray.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
    () C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    (Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
    () C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
    (Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LenovoFSC] => C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [40960 2008-09-26] ()
    HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [98304 2009-11-06] (Primax Electronics Ltd.)
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851968 2008-09-09] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    HKLM\...\Run: [PWRAGD] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-04-03] ()
    HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-24] (Lenovo Group Limited)
    HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited)
    HKLM\...\Run: [LPMailChecker] => C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited)
    HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [988584 2007-08-31] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)
    HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
    HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
    HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
    HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
    Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-05] (Siber Systems)
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Run: [AmazonMP3DownloaderHelper] => C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] ()
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-05] (Siber Systems)
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin
    HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1008\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Susie/My%20Documents/myhomepage.html
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre
    HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://artucker.powweb.com//atticworxdirect.htm
    URLSearchHook: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF7&pc=MALC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> {89C04934-372C-4BA8-8147-58939264F1E8} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://lf.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110730&user_guid=667804CC4492410C96E3334AE104CBFF&machine_id=03e46290ac526e56f351011b707a5b71&browser=IE&os=win&os_version=5.1-x86-SP3&iesrc={referrer:source}
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-10-05] (Siber Systems Inc.)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-10-05] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-4010547908-1741489271-1736194522-1008 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-10-05] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-4010547908-1741489271-1736194522-1009 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2014-10-05] (Siber Systems Inc.)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272292042328
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272292038406
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://71.184.192.210/codebase/DVM_IPCam2.ocx
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2009-11-05] (Microsoft Corporation)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default
    FF DefaultSearchEngine: Secure Search
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCtD0AyBtCyCtDyEtBtDzztN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E0D0CtC0FyB0BtG0ByE0DzztG0AyDtCzytGtAyB0BtCtGtD0ByCzz0BtAyEtB0CyBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0C0AtD0CyBzytG0FyCyDtAtGyE0CtCzztGzytByCzytGyByCtDzy0Bzy0ByCyByEyC0C2QtN1B2Z1V1T1S1NzuyCtCtA%26cr%3D365930667%26a%3Dwny_ir_15_12%26os%3DWindows XP
    FF Keyword.URL: https://search.yahoo.com/yhs/search...ogo002&fr=mcafee&type=B111US91002D20140109&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-10-11] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2014-10-05] (Siber Systems Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4010547908-1741489271-1736194522-1009: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Susie\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-11-20] (Citrix Online)
    FF user.js: detected! => C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\user.js [2015-03-22]
    FF user.js: detected! => C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\3fv0jnjf.Default User\user.js [2015-03-22]
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-05] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-05] (Apple Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-03-26]
    FF Extension: Garmin Communicator - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27]
    FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Susie\Application Data\Mozilla\Firefox\Profiles\ig5eijdw.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-04]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-26]
    FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011-06-09]
    FF HKU\S-1-5-21-4010547908-1741489271-1736194522-1009\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-18]
    CHR Extension: (Google Docs) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-10]
    CHR Extension: (YouTube) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18]
    CHR Extension: (Google Search) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18]
    CHR Extension: (Google Sheets) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-18]
    CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-18]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18]
    CHR Extension: (Gmail) - C:\Documents and Settings\Susie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18]

    Opera:
    =======
    OPR StartupUrls: "file:///C:/Documents%20and%20Settings/Susie/My%20Documents/myhomepage.html"
    OPR Extension: (PDF Viewer) - C:\Documents and Settings\Susie\Application Data\Opera Software\Opera Stable\Extensions\encfpfilknmenlmjemepncnlbbjlabkc [2015-02-07]
    OPR Extension: (RoboForm) - C:\Program Files\Siber Systems\AI RoboForm\Opera [2011-05-10]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-05-02] () [File not signed]
    S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
    R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1495384 2015-02-10] (Citrix Online, a division of Citrix Systems, Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S3 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
    U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
    S3 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
    R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
    R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2009-07-10] (Lenovo Group Limited) [File not signed]
    R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-11-24] () [File not signed]
    R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-11-24] (Lenovo Group Limited) [File not signed]
    R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-11-24] (Lenovo Group Limited) [File not signed]
    R2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed]
    S2 0112241428183957mcinstcleanup; C:\DOCUME~1\Susie\LOCALS~1\Temp\011224~1.EXE -cleanup -nolog [X]
    S3 Dmomnetkmp; No ImagePath
    S3 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
    S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-14] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-14] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP)
    U3 Hwppis; C:\WINDOWS\system32\drivers\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.)
    R3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE1200xp.sys [1034240 2011-03-28] (Broadcom Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
    S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
    S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
    R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [29432 2015-02-10] (Citrix Systems)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    S3 pelmouse; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [19456 2009-11-02] (TPMX Electronics Ltd.)
    S3 pelusblf; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [24064 2009-12-14] (TPMX Electronics Ltd.)
    R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2010-04-01] (Microsoft Corporation) [File not signed]
    S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
    R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [File not signed]
    R3 SuperIO; C:\WINDOWS\System32\DRIVERS\spio.sys [5760 2008-03-06] ()
    S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2010-01-21] (LG Electronics Inc.)
    S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-21] (LG Electronics Inc.)
    S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-21] (LG Electronics Inc.)
    S3 WUSB54GCv3; C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys [627072 2008-12-04] (Ralink Technology, Corp.)
    R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell)
    S3 catchme; \??\C:\DOCUME~1\Susie\LOCALS~1\Temp\catchme.sys [X]
    S3 JL2005C; System32\Drivers\jl2005c.sys [X]
    U0 mfewfpk; No ImagePath
    U1 WS2IFSL; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-16 17:42 - 2015-04-16 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    2015-04-04 17:48 - 2015-04-04 17:48 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    2015-04-04 11:58 - 2015-04-16 18:05 - 00000000 ____D () C:\FRST
    2015-03-31 17:12 - 2015-03-31 17:14 - 00000000 ____D () C:\Documents and Settings\Susie\Desktop\new camera
    2015-03-27 19:25 - 2015-04-12 20:23 - 00002447 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2014.lnk
    2015-03-27 19:25 - 2015-03-27 19:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2014
    2015-03-26 22:25 - 2015-03-26 22:25 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\WooCommerce
    2015-03-25 23:49 - 2015-03-25 23:49 - 00000134 _____ () C:\Documents and Settings\Susie\Desktop\AmazonFBAidenticalproducts.txt
    2015-03-25 21:25 - 2015-03-25 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Susie\Desktop\HijackThis (1).exe
    2015-03-24 00:04 - 2015-03-24 00:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
    2015-03-24 00:03 - 2015-03-24 00:04 - 00006161 _____ () C:\WINDOWS\KB2868038.log
    2015-03-23 05:22 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
    2015-03-23 05:22 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
    2015-03-22 22:37 - 2015-04-04 17:54 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol
    2015-03-22 22:37 - 2015-04-04 17:47 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
    2015-03-22 14:49 - 2015-03-22 14:49 - 00004535 _____ () C:\Documents and Settings\Susie\Application Data\CamStudio.cfg
    2015-03-22 14:49 - 2015-03-22 14:49 - 00000408 _____ () C:\Documents and Settings\Susie\Application Data\CamShapes.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 00000408 _____ () C:\Documents and Settings\Susie\Application Data\CamLayout.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 00000095 _____ () C:\Documents and Settings\Susie\Application Data\Camdata.ini
    2015-03-22 14:33 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
    2015-03-22 14:33 - 2013-07-16 20:58 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio.sys
    2015-03-22 14:17 - 2015-03-22 14:18 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\My CamStudio Temp Files
    2015-03-22 14:04 - 2015-03-22 14:06 - 00000000 ____D () C:\Documents and Settings\Susie\Local Settings\Application Data\cano
    2015-03-22 14:04 - 2015-03-22 14:04 - 00000096 _____ () C:\Documents and Settings\Susie\Application Data\version2.xml
    2015-03-18 19:51 - 2015-04-15 14:51 - 00000892 _____ () C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2015-03-18 07:51 - 2015-03-18 07:54 - 00366344 _____ () C:\Documents and Settings\Susie\Desktop\lessontest.html

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-16 18:06 - 2011-04-30 09:37 - 00000000 ____D () C:\Documents and Settings\Susie\Local Settings\temp
    2015-04-16 18:05 - 2010-04-27 22:54 - 00000000 ____D () C:\tempcandelete
    2015-04-16 17:51 - 2015-02-01 07:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-04-16 17:43 - 2011-08-21 08:55 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-16 17:43 - 2008-07-21 18:05 - 00032406 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-04-16 17:41 - 2011-04-30 09:37 - 00000000 ____D () C:\Documents and Settings\John\Local Settings\temp
    2015-04-16 17:39 - 2008-07-21 18:50 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-04-16 17:25 - 2014-10-05 09:25 - 00000390 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1412515523.job
    2015-04-16 17:08 - 2014-11-20 20:03 - 00000514 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4010547908-1741489271-1736194522-1009.job
    2015-04-16 16:12 - 2014-11-15 19:50 - 00000000 ____D () C:\Documents and Settings\John\Desktop\New Camera
    2015-04-16 16:04 - 2014-03-27 06:04 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-04-16 16:04 - 2011-08-21 08:55 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-16 16:00 - 2008-07-21 18:01 - 01570172 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-04-16 15:58 - 2011-04-30 09:37 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2015-04-16 15:58 - 2008-07-21 10:58 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-04-16 15:58 - 2008-07-21 10:58 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-04-16 15:57 - 2010-04-26 10:22 - 00001040 _____ () C:\WINDOWS\system32\ICAutoUpdate.log.bak
    2015-04-16 15:57 - 2008-07-21 18:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-04-16 08:35 - 2010-04-26 10:21 - 00000278 ___SH () C:\Documents and Settings\John\ntuser.ini
    2015-04-16 08:35 - 2010-04-26 10:21 - 00000000 ____D () C:\Documents and Settings\John
    2015-04-16 06:30 - 2010-04-26 10:21 - 00000000 ____D () C:\Documents and Settings\John\Application Data\Adobe
    2015-04-16 06:00 - 2010-04-26 19:28 - 00000278 ___SH () C:\Documents and Settings\Susie\ntuser.ini
    2015-04-15 23:21 - 2011-06-26 16:25 - 05021123 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4010547908-1741489271-1736194522-1009-0.dat
    2015-04-15 23:21 - 2011-06-26 16:25 - 00326842 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2015-04-15 23:20 - 2010-04-26 19:28 - 00000000 ____D () C:\Documents and Settings\Susie
    2015-04-15 16:54 - 2013-12-08 18:18 - 00000000 ____D () C:\Documents and Settings\Susie\Local Settings\Application Data\CutePDF Writer
    2015-04-15 16:54 - 2010-04-26 20:56 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\Reference
    2015-04-15 16:49 - 2010-04-26 21:07 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\TurboTax
    2015-04-15 14:51 - 2012-03-29 15:22 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-04-15 14:51 - 2011-05-15 07:40 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-04-14 23:30 - 2010-05-16 17:28 - 00000000 ____D () C:\Documents and Settings\Susie\Local Settings\Application Data\Paint.NET
    2015-04-14 23:04 - 2015-03-15 00:12 - 01184120 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2015-04-14 23:04 - 2013-08-14 08:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-04-14 22:57 - 2010-04-26 10:58 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-04-14 18:49 - 2011-04-29 16:36 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2015-04-13 22:11 - 2010-04-26 20:57 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\taxes
    2015-04-12 07:28 - 2010-04-01 03:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
    2015-04-10 15:52 - 2011-06-08 22:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-04-10 04:41 - 2010-04-26 20:27 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\abarkinthepark
    2015-04-08 17:25 - 2014-10-05 09:25 - 00000000 ____D () C:\Program Files\Opera
    2015-04-08 15:00 - 2014-03-27 06:04 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-04-06 22:38 - 2011-04-30 22:26 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\MRR
    2015-04-04 17:52 - 2010-04-01 03:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PC-Doctor
    2015-04-04 17:48 - 2008-07-21 18:05 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
    2015-04-04 17:47 - 2010-05-19 07:49 - 00000000 ____D () C:\Program Files\McAfee
    2015-04-04 17:45 - 2010-04-26 16:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
    2015-04-04 17:45 - 2010-04-01 03:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lenovo Services
    2015-04-04 17:42 - 2014-09-28 21:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-04-04 17:41 - 2011-05-01 13:03 - 00000000 ____D () C:\Program Files\Java
    2015-04-04 12:00 - 2010-05-01 14:59 - 00000000 ____D () C:\Documents and Settings\Susie\Application Data\FileZilla
    2015-04-04 00:44 - 2014-12-18 06:32 - 00001820 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-04-02 18:28 - 2010-04-26 20:57 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\recipies
    2015-03-31 19:09 - 2010-04-26 22:57 - 00013047 _____ () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (Windows).CAL
    2015-03-30 23:58 - 2010-04-26 19:28 - 00000000 ____D () C:\Documents and Settings\Susie\Application Data\Adobe
    2015-03-29 08:27 - 2010-04-26 16:26 - 00000089 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
    2015-03-29 05:50 - 2010-04-01 03:40 - 20605926 _____ () C:\sysiclog.txt.bak
    2015-03-27 19:29 - 2008-07-21 18:06 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
    2015-03-27 19:28 - 2012-03-23 19:19 - 00001331 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    2015-03-27 19:24 - 2012-03-23 18:54 - 00000000 ____D () C:\Program Files\TurboTax
    2015-03-25 21:26 - 2014-07-06 16:32 - 00018494 _____ () C:\Documents and Settings\Susie\Desktop\hijackthis.log
    2015-03-24 23:49 - 2008-07-21 18:05 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
    2015-03-24 00:04 - 2014-02-19 10:57 - 00453161 _____ () C:\WINDOWS\setupapi.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 01910834 _____ () C:\WINDOWS\iis6.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 01736587 _____ () C:\WINDOWS\FaxSetup.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00839496 _____ () C:\WINDOWS\ocgen.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00802550 _____ () C:\WINDOWS\tsoc.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00591578 _____ () C:\WINDOWS\comsetup.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00535706 _____ () C:\WINDOWS\msmqinst.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00356687 _____ () C:\WINDOWS\ntdtcsetup.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00304947 _____ () C:\WINDOWS\netfxocm.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00120073 _____ () C:\WINDOWS\MedCtrOC.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00096303 _____ () C:\WINDOWS\ocmsn.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00088063 _____ () C:\WINDOWS\tabletoc.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00087082 _____ () C:\WINDOWS\msgsocm.log
    2015-03-24 00:04 - 2008-07-21 10:55 - 00001374 _____ () C:\WINDOWS\imsins.log
    2015-03-22 21:42 - 2014-11-22 15:41 - 00000000 ____D () C:\Documents and Settings\Susie\Application Data\vlc
    2015-03-22 21:28 - 2010-05-19 18:12 - 00165888 _____ () C:\Documents and Settings\Susie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-03-22 15:29 - 2013-05-27 23:15 - 00000000 ____D () C:\Documents and Settings\Susie\Application Data\Audacity
    2015-03-22 13:22 - 2010-04-27 23:01 - 00009919 _____ () C:\Documents and Settings\Susie\My Documents\myhomepage.html
    2015-03-21 20:17 - 2010-04-26 20:58 - 00000000 ____D () C:\Documents and Settings\Susie\My Documents\web pages

    ==================== Files in the root of some directories =======

    2015-03-22 14:49 - 2015-03-22 14:49 - 0000095 _____ () C:\Documents and Settings\Susie\Application Data\Camdata.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 0000408 _____ () C:\Documents and Settings\Susie\Application Data\CamLayout.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 0000408 _____ () C:\Documents and Settings\Susie\Application Data\CamShapes.ini
    2015-03-22 14:49 - 2015-03-22 14:49 - 0004535 _____ () C:\Documents and Settings\Susie\Application Data\CamStudio.cfg
    2011-07-01 20:31 - 2011-07-01 20:31 - 0013046 _____ () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (DOS).CAL
    2010-04-27 22:25 - 2010-04-27 22:38 - 0038455 ____N () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (Windows).ADR
    2010-04-26 22:57 - 2015-03-31 19:09 - 0013047 _____ () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (Windows).CAL
    2010-04-26 22:08 - 2010-04-27 22:48 - 0009333 ____N () C:\Documents and Settings\Susie\Application Data\Comma Separated Values (Windows).EML
    2015-03-22 14:04 - 2015-03-22 14:04 - 0000096 _____ () C:\Documents and Settings\Susie\Application Data\version2.xml
    2010-05-19 18:12 - 2015-03-22 21:28 - 0165888 _____ () C:\Documents and Settings\Susie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-06-26 14:41 - 2011-06-26 14:41 - 0000275 _____ () C:\Documents and Settings\Susie\Local Settings\Application Data\HamsterVideoConverterSettings.cfg

    Files to move or delete:
    ====================
    C:\Documents and Settings\Susie\gosetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================
     
  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    susb8383,
    Never saw the earlier post. Sorry.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    This is about all we can do with an XP machine now.
    Doesn't look bad.
    askey127
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145459

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice