1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Possible rootkit

Discussion in 'Malware Removal Help' started by Tony D, Jan 17, 2015.

  1. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    My brother brings his machine to me because it's slow. He thinks it's because the 160 GB hard drive is full. He brings a 1 TB drive. I clone his 160 GB to a 1TB drive and the machine is still slow. Ran JRT, AdwCleaner RogueKiller, TDSSKiller and aswMBR. It's running pretty well right now, but still not right.

    RogueKiller showed two items in orange and one in red. The orange ones were atapi@unknown. The red one was arkbcfltr@unknown. Couple this with aswMBR saying that the MBR code is unknown and I'm suspicious.

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 1/17/2015
    Scan Time: 4:11:34 PM
    Logfile:
    Administrator: Yes
    Version: 2.00.4.1028
    Malware Database: v2015.01.17.05
    Rootkit Database: v2015.01.14.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Compaq_Administrator
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 366551
    Time Elapsed: 29 min, 54 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)
    (end)

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2015 01
    Ran by Compaq_Administrator (administrator) on DESKTOP on 17-01-2015 16:53:35
    Running from C:\Documents and Settings\Compaq_Administrator\Desktop
    Loaded Profiles: Compaq_Administrator (Available profiles: Compaq_Administrator & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
    (Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    (Microsoft) C:\WINDOWS\arservice.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbService.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
    HKLM\...\Run: [ftutil2] => rundll32.exe ftutil2.dll,SetWriteCacheMode
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16239616 2006-06-13] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [nwiz] => nwiz.exe /install
    HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-23] ()
    HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [249856 2006-02-16] (Hewlett-Packard Company)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
    HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296056 2012-06-13] (RealNetworks, Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM\...\Run: [Cobian Backup 11 interface] => C:\Program Files\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
    ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
    ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
    SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {0CE527A3-B00A-4C02-8A76-D1D30B9E84E3} URL =
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {23698BEA-D151-4EAE-A43C-C3817BB1EE36} URL = http://search.yahoo.com/search?p={s...pe=W3i_DS,136,0_0,Search,20131040,20028,0,8,0
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {5C64534F-9223-48E1-944F-6364585FFE73} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    Toolbar: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://74.5.116.98:4433/XTSAC.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\duvuomx1.default
    FF SelectedSearchEngine: Google (avast)
    FF DefaultSearchEngine: Google (avast)
    FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
    FF SearchEngineOrder.1: Google (avast)
    FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
    FF Homepage: https://www.google.com/?trackid=sp-006
    FF NewTab: about:newtab
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF SearchPlugin: C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\duvuomx1.default\searchplugins\google-avast.xml
    FF SearchPlugin: C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\duvuomx1.default\searchplugins\yahoo-avast.xml
    FF Extension: Microsoft Choice Guard - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\duvuomx1.default\Extensions\ChoiceGuard@Microsoft [2010-10-14]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-08-26]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-13]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-10]
    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Pin It) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aeocpmaimgdkdkkhnilgfoicilnefefh [2014-11-07]
    CHR Extension: (Google Docs) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-19]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-19]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-26]
    CHR Extension: (YouTube) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-19]
    CHR Extension: (Play Car Racing Games Online) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgdkkkkgocfanngnjhepjgkejljlooop [2014-07-31]
    CHR Extension: (Google Search) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-19]
    CHR Extension: (avast! Online Security) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-21]
    CHR Extension: (Search YouTube) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iabhcmlfmommijjhppgpmaldhnnodggp [2015-01-05]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-11-11]
    CHR Extension: (Facebook Platinum) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld [2014-12-11]
    CHR Extension: (Voicify) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klonjmnnpocmmjknkimicfkanmmkiebl [2014-07-31]
    CHR Extension: (Color My SNS) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnoogpgfefbafjjifeikjajmhjknghfh [2014-09-04]
    CHR Extension: (Extensions Update Notifier) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlldbplhbaopldicmcoogopmkonpebjm [2014-10-18]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03]
    CHR Extension: (Gmail) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-19]
    CHR Extension: (saferweB) - C:\Documents and Settings\All Users\Application Data\mmdglfbdpaigkchnclogfmffkgbjkgbc\ [2013-10-19]
    CHR Extension: (PricoeDOwnuloaaDer) - C:\Documents and Settings\All Users\Application Data\nmhbblhjckpnkafohfdiojaggbcihafi\ [2013-10-19]
    CHR Extension: (unicoupons) - C:\Documents and Settings\All Users\Application Data\oefackpibdmhcicoeilojnjoccagpffo\ [2013-10-19]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-13]
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
    R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
    R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
    R2 CobianBackup11; C:\Program Files\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
    S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-08-29] (NOS Microsystems Ltd.)
    S2 gupdate1c9fdd345b5f810; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-05] (Google Inc.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [307200 2003-08-29] (Lexmark International, Inc.) [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-03-17] (Alcatel-Lucent) [File not signed]
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
    S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2008-03-18] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
    S3 RampartSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [114786 2004-08-16] (SonicWALL, Inc.) [File not signed]
    S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{8DA84759-6C62-4695-9DB6-4789D64FAF43}
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
    R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
    R3 ArcCD; C:\WINDOWS\system32\Drivers\ArcCD.sys [36224 2007-11-06] (ArcSoft Inc.) [File not signed]
    U1 ArcRec; C:\WINDOWS\system32\Drivers\ArcRec.sys [7680 2007-04-24] (ArcSoft Inc.) [File not signed]
    S4 ArcUdfs; C:\WINDOWS\system32\Drivers\ArcUdfs.sys [134912 2007-04-25] (ArcSoft Inc.) [File not signed]
    S3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
    R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
    R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
    R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-27] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-27] (AVAST Software)
    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-27] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-27] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-27] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-27] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-27] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-27] ()
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-06] (AVG Technologies)
    R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [139604 2003-07-24] (Deterministic Networks, Inc.)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-01-16] ()
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-07] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-07] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-07] (HP)
    R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
    R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-17] (Malwarebytes Corporation)
    S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
    R0 MrFilter; C:\WINDOWS\system32\Drivers\MrFilter.sys [12992 2003-05-22] (Roxio) [File not signed]
    R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
    R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
    R1 RCFOX; C:\WINDOWS\system32\Drivers\RCFOX.sys [78032 2004-07-27] (SonicWALL, Inc.) [File not signed]
    R3 rcvpn; C:\WINDOWS\System32\DRIVERS\rcvpn.sys [23180 2003-08-20] (SonicWALL, Inc.)
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
    R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
    S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-01-17 16:53 - 2015-01-17 16:54 - 00026843 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.txt
    2015-01-17 16:53 - 2015-01-17 16:53 - 01117696 _____ (Farbar) C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.exe
    2015-01-17 16:53 - 2015-01-17 16:53 - 00000000 ____D () C:\FRST
    2015-01-16 16:41 - 2015-01-16 16:41 - 00000060 _____ () C:\WINDOWS\setupact.log
    2015-01-16 16:41 - 2015-01-16 16:41 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-01-16 16:07 - 2015-01-16 16:09 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2015-01-16 15:57 - 2015-01-16 15:57 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2015-01-16 15:55 - 2015-01-16 15:55 - 00002888 _____ () C:\WINDOWS\system32\.crusader
    2015-01-16 15:37 - 2015-01-16 15:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
    2015-01-16 14:32 - 2015-01-16 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2015-01-16 14:13 - 2015-01-17 15:48 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-01-16 14:12 - 2015-01-16 14:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2015-01-16 13:57 - 2015-01-16 13:57 - 00005180 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\JRT.txt
    2015-01-16 09:36 - 2015-01-16 13:42 - 00011774 _____ () C:\WINDOWS\setupapi.log
    2015-01-05 18:36 - 2015-01-05 18:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\mmdglfbdpaigkchnclogfmffkgbjkgbc
    2014-12-26 15:25 - 2015-01-17 15:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-12-26 15:25 - 2015-01-17 15:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-12-26 15:25 - 2014-12-26 15:25 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
    2014-12-26 12:39 - 2014-12-26 12:39 - 48701440 _____ () C:\WINDOWS\system32\config\software.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00483328 _____ () C:\WINDOWS\system32\config\default.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00065536 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-01-17 16:54 - 2006-12-22 16:44 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp
    2015-01-17 16:51 - 2010-02-25 05:44 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-17 16:43 - 2014-05-17 10:27 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-17 16:29 - 2014-05-10 18:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-17 15:58 - 2014-07-11 06:03 - 00000720 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-17 15:58 - 2010-08-26 12:12 - 00000720 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2015-01-17 15:37 - 2006-12-22 16:41 - 00000189 _____ () C:\WINDOWS\system\hpsysdrv.DAT
    2015-01-17 15:18 - 2012-12-10 10:23 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-01-17 15:17 - 2005-08-30 23:17 - 01958532 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-17 15:11 - 2006-08-01 15:48 - 00043531 _____ () C:\WINDOWS\system32\nvapps.xml
    2015-01-17 15:09 - 2005-11-14 20:58 - 00000000 ____D () C:\WINDOWS\Registration
    2015-01-17 15:07 - 2012-04-14 12:46 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-268140147-829281293-1905240433-1007.job
    2015-01-17 15:06 - 2014-04-02 05:43 - 00000252 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-01-17 15:06 - 2010-02-25 05:44 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-17 15:06 - 2005-08-30 23:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-16 17:00 - 2006-12-22 16:44 - 00000278 ___SH () C:\Documents and Settings\Compaq_Administrator\ntuser.ini
    2015-01-16 17:00 - 2005-08-30 23:17 - 00032244 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-16 16:08 - 2007-02-23 17:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-16 16:07 - 2008-10-09 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
    2015-01-16 16:06 - 2006-08-01 16:10 - 00000000 ____D () C:\Program Files\Adobe
    2015-01-16 14:04 - 2013-10-19 11:55 - 00000000 ____D () C:\AdwCleaner
    2015-01-16 13:58 - 2012-04-14 13:14 - 00000000 ____D () C:\GVTS
    2015-01-16 13:49 - 2010-02-23 16:23 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
    2015-01-16 13:37 - 2013-11-17 20:07 - 00000000 ____D () C:\Program Files\IObit
    2015-01-16 13:19 - 2005-08-30 23:02 - 00000658 _____ () C:\WINDOWS\win.ini
    2015-01-16 13:19 - 2005-08-30 17:34 - 00000279 __RSH () C:\boot.ini
    2015-01-16 13:19 - 2005-08-30 15:52 - 00000227 _____ () C:\WINDOWS\system.ini
    2015-01-16 09:42 - 2006-12-22 16:44 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator
    2015-01-16 09:28 - 2013-12-17 13:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
    2015-01-16 07:29 - 2006-12-25 14:40 - 00002483 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Microsoft Word.lnk
    2015-01-14 08:11 - 2013-08-14 13:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-01-14 08:01 - 2006-12-22 17:30 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-01-14 04:29 - 2012-04-15 11:47 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-01-14 04:29 - 2011-06-08 06:59 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-01-12 14:23 - 2010-03-27 14:15 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-268140147-829281293-1905240433-1007.job
    2015-01-12 06:29 - 2006-08-01 15:52 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2015-01-08 16:12 - 2014-04-02 05:43 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-01-07 06:16 - 2006-12-22 17:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB925454$
    2015-01-05 12:42 - 2013-04-10 13:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
    2015-01-02 12:29 - 2006-12-27 13:53 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\andrew
    2014-12-31 05:43 - 2007-12-18 15:43 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\larry
    2014-12-31 05:41 - 2006-12-25 14:41 - 00002481 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Microsoft Excel.lnk
    2014-12-30 17:41 - 2006-12-27 13:52 - 00148992 ____N () C:\Documents and Settings\Compaq_Administrator\My Documents\contact list 8-20-06.xls
    2014-12-30 10:27 - 2006-12-27 13:56 - 00046592 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-12-30 10:20 - 2007-07-10 13:20 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\ZoomBrowser EX
    2014-12-26 12:39 - 2006-08-01 15:22 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-12-26 12:39 - 2006-08-01 15:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-12-26 11:26 - 2012-03-06 19:48 - 03315767 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-268140147-829281293-1905240433-1007-0.dat
    2014-12-26 11:25 - 2012-03-06 19:48 - 00281538 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-12-26 11:11 - 2006-12-27 13:52 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\Red Cross
    2014-12-24 10:50 - 2006-12-26 10:36 - 00000000 ____D () C:\Program Files\The Print Shop Ensemble III
    2014-12-24 09:07 - 2007-01-23 16:02 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\TurboTax
    2014-12-24 08:48 - 2014-02-28 09:18 - 00002447 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
    2014-12-21 06:27 - 2010-09-16 12:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981322$
    2014-12-19 11:13 - 2013-11-16 09:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    ==================== Files in the root of some directories =======
    2007-06-28 17:53 - 2007-06-28 17:53 - 0000000 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\Hewlett-PackardHP Officejet 5600 series1167143290_API.log
    2007-06-28 17:53 - 2007-06-28 17:53 - 0000492 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\Hewlett-PackardHP Officejet 5600 series1167143290_PROTOCOL.log
    2007-06-28 17:53 - 2007-06-28 17:53 - 0000424 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\Hewlett-PackardHP Officejet 5600 series1167143290_UI.log
    2006-12-26 09:59 - 2006-12-26 09:59 - 0002284 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\HPSU_48BitScanUpdate.log
    2006-12-26 10:00 - 2006-12-26 10:00 - 0072221 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    2006-12-26 09:55 - 2006-12-26 09:55 - 0122487 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2012-03-29 12:21 - 2012-03-29 12:21 - 0070487 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\userenv.xml
    2011-03-03 11:57 - 2014-02-21 13:05 - 0000664 ____N () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\d3d9caps.dat
    2006-12-27 13:56 - 2014-12-30 10:27 - 0046592 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2006-12-22 16:44 - 2006-12-31 20:17 - 0000143 ____N () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
    2013-10-09 17:39 - 2013-10-09 17:46 - 0000600 ____N () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PUTTY.RND
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\dllnt_dump.dll
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2015 01
    Ran by Compaq_Administrator at 2015-01-17 16:54:58
    Running from C:\Documents and Settings\Compaq_Administrator\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    5600 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    5600_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    5600Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM\...\7-Zip 9.20) (Version: - )
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
    AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
    Apple Application Support (HKLM\...\{0C34B801-6AEC-4667-B053-03A67E2D0415}) (Version: 1.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
    Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
    Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
    BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Canon Camera Access Library (HKLM\...\CAL) (Version: 8.3.0.1 - )
    Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
    Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
    Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.0.9 - )
    Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.3.0.8 - )
    Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
    Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.4.0.14 - )
    Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.5.0.8 - )
    Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.0.8 - )
    Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
    Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.19.43 - )
    Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.8.0.74 - )
    Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version: - )
    Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety2 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety3 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    CWA Reminder by We-Care.com v4.1.22.3 (HKLM\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.3 - We-Care.com)
    Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
    DefaultTab (HKLM\...\{F3E79B5C-3CAD-4B30-A5DA-A09C297B8EB9}) (Version: 1.0.0 - DefaultTab) <==== ATTENTION
    Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.29 - NOS Microsystems Ltd.)
    Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
    Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
    HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
    HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
    HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
    HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version: - HP)
    HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
    HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
    HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
    InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    InterActual Player (HKLM\...\InterActual Player) (Version: - )
    iTunes (HKLM\...\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}) (Version: 9.0.1.8 - Apple Inc.)
    Kiplinger's WILLPower (HKLM\...\Kiplinger's WILLPower) (Version: - )
    Learning QuickBooks 2007 (HKLM\...\{DEEB514D-FEB5-4EB6-9A34-C309ADEEBB02}) (Version: 5.00.000 - )
    LightScribe 1.4.105.1 (Version: 1.4.105.1 - http://www.lightscribe.com) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    MediaImpression 3.6.2 LE (HKLM\...\{C0A25D74-1A95-40ED-AA67-E6F21D9C8A38}) (Version: 3.6.2.278 - ArcSoft)
    Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    My HP Games (HKLM\...\WildTangent compaq Master Uninstall) (Version: HPCMPQ1404 - WildTangent)
    NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
    OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )
    PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )
    Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
    QuickBooks Pro (HKLM\...\QuickBooks Pro) (Version: - )
    QuickBooks Pro 2007 (HKLM\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version: - )
    QuickBooks Product Listing Service (HKLM\...\{054C3038-FFAC-446D-9682-E25891DC2E05}) (Version: 2.0.132 - Intuit)
    Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
    QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
    RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Rocket (HKU\S-1-5-21-268140147-829281293-1905240433-1007\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    Roxio EasyWrite Reader (HKLM\...\Roxio MRFilter) (Version: - )
    Safari (HKLM\...\{E56D39F8-2A9F-44B4-B068-A72E45A073E6}) (Version: 4.31.9.1 - Apple Inc.)
    Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.9 - IObit)
    SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
    Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
    Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
    Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
    Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SonicWALL Global VPN Client (HKLM\...\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}) (Version: 1.0 - SonicWALL)
    Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
    SySaver (HKU\S-1-5-21-268140147-829281293-1905240433-1007\...\SySaver) (Version: 2 - SySaver) <==== ATTENTION!
    TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer)
    The Print Shop Ensemble III (HKLM\...\The Print Shop Ensemble) (Version: - )
    TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    TurboTax 2008 (HKLM\...\TurboTax 2008) (Version: - )
    TurboTax 2009 (HKLM\...\TurboTax 2009) (Version: - Intuit, Inc)
    TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
    TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
    TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax Deluxe 2007 (HKLM\...\TurboTax Deluxe 2007) (Version: - )
    Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
    Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    WexTech AnswerWorks (HKLM\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - )
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{03C3A013-02F2-4E56-87A8-B74A7C5DC75B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" No File
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> c:\Program Files\InterActual\InterActual Player\mfc42.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> c:\Program Files\InterActual\InterActual Player\mfc42.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> c:\Program Files\InterActual\InterActual Player\mfc42.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{1B3FC869-FA13-4948-A865-B626713E98B4}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{28400E86-5FFC-453D-A534-EF455A115E74}\localserver32 -> C:\Program Files\Intuit\QuickBooks Product Listing Service\QBProductListingCOMServer.exe (TODO: <Company name>)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{451BBD82-48B5-4525-B3C3-035465D73469}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{45F5708E-3B43-4FA8-BE7E-A5F1849214CB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4877276C-A727-486D-B201-F096035CA4DF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{77AD5847-AE1B-4193-9F15-6E9B2D811E4D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7A669A0C-0813-4BF1-A723-26B79C5E9DDC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{86AC2FAD-C987-4757-B591-02F9867A8BE5}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\QBW32.EXE (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Rocket\Application\3 (the data entry has 41 more characters).
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A31E3E12-DC10-4D60-B2DA-93EDE3936B4C}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{AC9F2F90-E877-11CE-9F68-00AA00574A4F}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}\InprocServer32 -> C:\WINDOWS\system32\ACTXPRXY.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{CC669B53-4BBB-4AA8-8201-88D8B9FE5C33}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\MSVBVM60.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    ==================== Restore Points =========================
    09-11-2014 20:11:21 System Checkpoint
    10-11-2014 21:26:53 System Checkpoint
    11-11-2014 22:04:35 System Checkpoint
    12-11-2014 08:00:29 Software Distribution Service 3.0
    13-11-2014 08:08:20 System Checkpoint
    14-11-2014 09:09:20 System Checkpoint
    15-11-2014 10:44:07 System Checkpoint
    16-11-2014 11:14:42 System Checkpoint
    17-11-2014 11:16:12 System Checkpoint
    18-11-2014 12:05:13 System Checkpoint
    19-11-2014 13:45:52 System Checkpoint
    20-11-2014 14:05:19 System Checkpoint
    21-11-2014 15:05:29 System Checkpoint
    22-11-2014 17:56:15 System Checkpoint
    23-11-2014 18:28:50 System Checkpoint
    24-11-2014 19:14:00 System Checkpoint
    25-11-2014 20:13:01 System Checkpoint
    26-11-2014 21:13:03 System Checkpoint
    27-11-2014 11:29:02 avast! antivirus system restore point
    28-11-2014 11:41:01 System Checkpoint
    29-11-2014 12:49:56 System Checkpoint
    30-11-2014 12:57:28 System Checkpoint
    01-12-2014 13:05:30 System Checkpoint
    02-12-2014 14:00:40 System Checkpoint
    03-12-2014 14:28:19 System Checkpoint
    04-12-2014 15:28:19 System Checkpoint
    05-12-2014 17:05:06 System Checkpoint
    06-12-2014 17:40:30 System Checkpoint
    08-12-2014 10:00:05 System Checkpoint
    09-12-2014 10:54:17 System Checkpoint
    10-12-2014 08:00:33 Software Distribution Service 3.0
    11-12-2014 08:54:26 System Checkpoint
    12-12-2014 08:54:38 System Checkpoint
    13-12-2014 09:06:42 System Checkpoint
    14-12-2014 09:54:45 System Checkpoint
    15-12-2014 10:54:47 System Checkpoint
    16-12-2014 11:54:46 System Checkpoint
    17-12-2014 12:54:45 System Checkpoint
    18-12-2014 13:00:01 System Checkpoint
    19-12-2014 13:01:13 System Checkpoint
    20-12-2014 13:58:45 System Checkpoint
    21-12-2014 15:30:24 System Checkpoint
    23-12-2014 06:01:28 System Checkpoint
    24-12-2014 06:32:31 System Checkpoint
    25-12-2014 06:39:48 System Checkpoint
    26-12-2014 06:45:39 System Checkpoint
    27-12-2014 07:30:43 System Checkpoint
    28-12-2014 08:30:46 System Checkpoint
    29-12-2014 09:41:35 System Checkpoint
    30-12-2014 10:52:51 System Checkpoint
    31-12-2014 11:57:23 System Checkpoint
    01-01-2015 13:57:02 System Checkpoint
    02-01-2015 14:31:49 System Checkpoint
    03-01-2015 15:30:55 System Checkpoint
    04-01-2015 15:56:55 System Checkpoint
    05-01-2015 16:45:29 System Checkpoint
    06-01-2015 17:41:46 System Checkpoint
    07-01-2015 19:00:48 System Checkpoint
    08-01-2015 19:22:46 System Checkpoint
    09-01-2015 20:22:54 System Checkpoint
    10-01-2015 21:22:50 System Checkpoint
    11-01-2015 22:22:50 System Checkpoint
    12-01-2015 22:29:42 System Checkpoint
    13-01-2015 23:35:31 System Checkpoint
    14-01-2015 08:00:25 Software Distribution Service 3.0
    15-01-2015 08:32:53 System Checkpoint
    16-01-2015 13:22:21 Removed Vz In Home Agent
    16-01-2015 15:54:19 Checkpoint by HitmanPro
    16-01-2015 15:54:56 Checkpoint by HitmanPro
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2004-08-10 06:00 - 2012-04-15 10:01 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-268140147-829281293-1905240433-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-268140147-829281293-1905240433-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    ==================== Loaded Modules (whitelisted) =============
    2015-01-17 15:15 - 2015-01-17 15:15 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011701\algo.dll
    2004-08-09 23:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2004-08-09 23:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2004-08-09 23:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-09 23:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2009-03-15 20:16 - 2009-03-15 20:16 - 00755712 ____N () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
    2009-03-15 20:26 - 2009-03-15 20:26 - 00471040 ____N () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    2010-02-20 09:18 - 2010-02-20 09:18 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
    2010-02-20 09:18 - 2010-02-20 09:18 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    2011-02-23 16:42 - 2011-02-23 16:42 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    2005-08-03 01:19 - 2005-08-03 01:19 - 00050176 ____N () C:\WINDOWS\armcex.dll
    2013-10-19 18:05 - 2014-11-27 11:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2009-09-05 00:54 - 2009-09-05 00:54 - 00180224 ____N () C:\Program Files\QuickTime\QTSystem\QTCF.dll
    2009-09-04 22:14 - 2009-09-04 22:14 - 00120096 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
    2009-09-04 22:14 - 2009-09-04 22:14 - 00039712 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
    2009-09-04 22:15 - 2009-09-04 22:15 - 00067872 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AD022376
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupreg: ihanotify => C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe 1 fios
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    ========================= Accounts: ==========================
    Administrator (S-1-5-21-268140147-829281293-1905240433-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Compaq_Administrator (S-1-5-21-268140147-829281293-1905240433-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Administrator
    Guest (S-1-5-21-268140147-829281293-1905240433-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-268140147-829281293-1905240433-1006 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-268140147-829281293-1905240433-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-268140147-829281293-1905240433-1005 - Limited - Disabled)
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (01/12/2015 06:35:20 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: Faulting application winword.exe, version 10.0.6866.0, faulting module mso.dll, version 10.0.6870.0, fault address 0x000035ed.
    Error: (01/12/2015 06:33:46 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: Faulting application winword.exe, version 10.0.6866.0, faulting module winword.exe, version 10.0.6866.0, fault address 0x00320612.
    Error: (01/05/2015 02:44:15 PM) (Source: COM+) (EventID: 4689) (User: )
    Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed
    Error: (12/19/2014 11:20:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Error: (12/15/2014 06:31:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Error: (12/11/2014 05:05:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Error: (11/15/2014 11:03:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Error: (11/15/2014 07:36:50 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: Faulting application winword.exe, version 10.0.6866.0, faulting module mso.dll, version 10.0.6870.0, fault address 0x000035ed.
    Error: (11/11/2014 04:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application hpqtra08.exe, version 53.0.13.0, faulting module hpqcxm08.dll, version 70.0.170.0, fault address 0x00004728.
    Processing media-specific event for [hpqtra08.exe!ws!]
    Error: (11/11/2014 01:56:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    System errors:
    =============
    Error: (01/17/2015 03:12:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
    Error: (01/17/2015 03:11:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.
    Error: (01/17/2015 03:08:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2
    Error: (01/16/2015 04:35:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
    %%1053
    Error: (01/16/2015 04:35:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    Error: (01/16/2015 04:33:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2
    Error: (01/16/2015 03:59:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error 0 (0x0).
    Error: (01/16/2015 03:59:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2
    Error: (01/16/2015 02:07:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2
    Error: (01/16/2015 02:04:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Microsoft Office Sessions:
    =========================
    Error: (01/12/2015 06:35:20 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: winword.exe10.0.6866.0mso.dll10.0.6870.0000035ed
    Error: (01/12/2015 06:33:46 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: winword.exe10.0.6866.0winword.exe10.0.6866.000320612
    Error: (01/05/2015 02:44:15 PM) (Source: COM+) (EventID: 4689) (User: )
    Description: Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed
    Error: (12/19/2014 11:20:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: WINWORD.EXE10.0.6866.0hungapp0.0.0.000000000
    Error: (12/15/2014 06:31:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
    Error: (12/11/2014 05:05:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
    Error: (11/15/2014 11:03:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: WINWORD.EXE10.0.6866.0hungapp0.0.0.000000000
    Error: (11/15/2014 07:36:50 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: winword.exe10.0.6866.0mso.dll10.0.6870.0000035ed
    Error: (11/11/2014 04:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: hpqtra08.exe53.0.13.0hpqcxm08.dll70.0.170.000004728
    Error: (11/11/2014 01:56:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    ==================== Memory info ===========================
    Processor: AMD Athlon(tm) 64 Processor 3500+
    Percentage of memory in use: 66%
    Total physical RAM: 1470.48 MB
    Available physical RAM: 485.93 MB
    Total Pagefile: 2791.58 MB
    Available Pagefile: 2027.38 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1935.14 MB
    ==================== Drives ================================
    Drive c: (PRESARIO) (Fixed) (Total:877.94 GB) (Free:752.29 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (PRESARIO_RP) (Fixed) (Total:53.56 GB) (Free:45.3 GB) FAT32 ==>[Drive with boot components (Windows XP)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 4A5F34B2)
    Partition 1: (Active) - (Size=877.9 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=53.6 GB) - (Type=0C)
    ==================== End Of Log ============================

    # AdwCleaner v4.108 - Report created 17/01/2015 at 17:03:10
    # Updated 17/01/2015 by Xplode
    # Database : 2015-01-13.2 [Live]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Compaq_Administrator - DESKTOP
    # Running from : C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****
    Service Deleted : YahooAUService
    ***** [ Files / Folders ] *****

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    ***** [ Browsers ] *****
    -\\ Internet Explorer v8.0.6001.18702

    -\\ Mozilla Firefox v31.0 (x86 en-US)

    -\\ Google Chrome v

    *************************
    AdwCleaner[R0].txt - [22429 octets] - [19/10/2013 11:56:14]
    AdwCleaner[R1].txt - [2681 octets] - [26/10/2013 10:58:35]
    AdwCleaner[R2].txt - [2757 octets] - [26/10/2013 11:40:02]
    AdwCleaner[R3].txt - [2505 octets] - [26/10/2013 15:01:39]
    AdwCleaner[R4].txt - [13127 octets] - [16/01/2015 13:59:55]
    AdwCleaner[R5].txt - [1453 octets] - [17/01/2015 16:59:18]
    AdwCleaner[S0].txt - [21945 octets] - [19/10/2013 11:58:10]
    AdwCleaner[S1].txt - [398 octets] - [26/10/2013 11:00:01]
    AdwCleaner[S2].txt - [355 octets] - [26/10/2013 11:41:25]
    AdwCleaner[S3].txt - [355 octets] - [26/10/2013 15:03:16]
    AdwCleaner[S4].txt - [11826 octets] - [16/01/2015 14:03:35]
    AdwCleaner[S5].txt - [1376 octets] - [17/01/2015 17:03:10]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1436 octets] ##########
     
  2. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Note: I had to shut down Avast in order to download FRST. Avast was blocking the FRST download saying that it was infected with FileRepMetagen.
     
  3. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    I did start on this earlier but forgot that i had to go out for awhile.

    The AV vendors keep getting notified of this, but not all take much notice I'm afraid.

    There are a few things we need to address, but first...........

    There are entries for Advanced SystemCare 7 in the report but no entry in the uninstall list..... can you confirm that it has been removed.
    Also try and uninstall these:
    DefaultTab
    Rocket
    SySaver


    Once we know that all 4 have been removed, please let me have another set of FRST reports.
    I can then see what's remaining.

    Please re-run FRST.
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • It will also make another log (Addition.txt). Please copy and paste it to your reply also.

    Thanks
     
  4. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Sorry it took so long. I ran into a couple of problems.

    I don't see Advance System Care in Add/Remove programs or in Revo uninstaller.
    Had to use Total Uninstall to get rid of Default Tab.
    Rocket - I don't see it in Add/Remove Programs or Revo.
    SySaver - was able to uninstall via Add/Remove Programs.

    Was having a problem getting FRST to run. Turns out Avast was blocking it. Unintalled Avast and it ran.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 01
    Ran by Compaq_Administrator (administrator) on DESKTOP on 18-01-2015 14:55:01
    Running from C:\Documents and Settings\Compaq_Administrator\Desktop
    Loaded Profiles: Compaq_Administrator (Available profiles: Compaq_Administrator & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
    (Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    (Microsoft) C:\WINDOWS\arservice.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbService.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
    (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
    HKLM\...\Run: [ftutil2] => rundll32.exe ftutil2.dll,SetWriteCacheMode
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16239616 2006-06-13] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [nwiz] => nwiz.exe /install
    HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-23] ()
    HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [249856 2006-02-16] (Hewlett-Packard Company)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
    HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296056 2012-06-13] (RealNetworks, Inc.)
    HKLM\...\Run: [Cobian Backup 11 interface] => C:\Program Files\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
    ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
    ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {0CE527A3-B00A-4C02-8A76-D1D30B9E84E3} URL =
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {23698BEA-D151-4EAE-A43C-C3817BB1EE36} URL = http://search.yahoo.com/search?p={s...pe=W3i_DS,136,0_0,Search,20131040,20028,0,8,0
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {5C64534F-9223-48E1-944F-6364585FFE73} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    Toolbar: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://74.5.116.98:4433/XTSAC.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\duvuomx1.default
    FF DefaultSearchEngine: Google (avast)
    FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
    FF SearchEngineOrder.1: Google (avast)
    FF SelectedSearchEngine: Google (avast)
    FF Homepage: https://www.google.com/?trackid=sp-006
    FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF SearchPlugin: C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\duvuomx1.default\searchplugins\google-avast.xml
    FF SearchPlugin: C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\duvuomx1.default\searchplugins\yahoo-avast.xml
    FF Extension: Microsoft Choice Guard - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\duvuomx1.default\Extensions\ChoiceGuard@Microsoft [2010-10-14]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-08-26]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-18]
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-13]
    FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Pin It) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aeocpmaimgdkdkkhnilgfoicilnefefh [2014-11-07]
    CHR Extension: (Google Docs) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-19]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-19]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-26]
    CHR Extension: (YouTube) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-19]
    CHR Extension: (Play Car Racing Games Online) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgdkkkkgocfanngnjhepjgkejljlooop [2014-07-31]
    CHR Extension: (Google Search) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-19]
    CHR Extension: (avast! Online Security) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-21]
    CHR Extension: (Search YouTube) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iabhcmlfmommijjhppgpmaldhnnodggp [2015-01-05]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-11-11]
    CHR Extension: (Facebook Platinum) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld [2014-12-11]
    CHR Extension: (Voicify) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klonjmnnpocmmjknkimicfkanmmkiebl [2014-07-31]
    CHR Extension: (Color My SNS) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnoogpgfefbafjjifeikjajmhjknghfh [2014-09-04]
    CHR Extension: (Extensions Update Notifier) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlldbplhbaopldicmcoogopmkonpebjm [2014-10-18]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03]
    CHR Extension: (Gmail) - C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-19]
    CHR Extension: (saferweB) - C:\Documents and Settings\All Users\Application Data\mmdglfbdpaigkchnclogfmffkgbjkgbc\ [2013-10-19]
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-13]
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
    R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
    R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
    R2 CobianBackup11; C:\Program Files\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
    S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-08-29] (NOS Microsystems Ltd.)
    S2 gupdate1c9fdd345b5f810; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-05] (Google Inc.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [307200 2003-08-29] (Lexmark International, Inc.) [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-03-17] (Alcatel-Lucent) [File not signed]
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
    S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2008-03-18] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
    S3 RampartSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [114786 2004-08-16] (SonicWALL, Inc.) [File not signed]
    S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{8DA84759-6C62-4695-9DB6-4789D64FAF43}
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
    R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
    R3 ArcCD; C:\WINDOWS\system32\Drivers\ArcCD.sys [36224 2007-11-06] (ArcSoft Inc.) [File not signed]
    U1 ArcRec; C:\WINDOWS\system32\Drivers\ArcRec.sys [7680 2007-04-24] (ArcSoft Inc.) [File not signed]
    S4 ArcUdfs; C:\WINDOWS\system32\Drivers\ArcUdfs.sys [134912 2007-04-25] (ArcSoft Inc.) [File not signed]
    S3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
    R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
    R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
    R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-06] (AVG Technologies)
    R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [139604 2003-07-24] (Deterministic Networks, Inc.)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-01-16] ()
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-07] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-07] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-07] (HP)
    R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
    R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-18] (Malwarebytes Corporation)
    S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
    R0 MrFilter; C:\WINDOWS\system32\Drivers\MrFilter.sys [12992 2003-05-22] (Roxio) [File not signed]
    R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
    R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
    R1 RCFOX; C:\WINDOWS\system32\Drivers\RCFOX.sys [78032 2004-07-27] (SonicWALL, Inc.) [File not signed]
    R3 rcvpn; C:\WINDOWS\System32\DRIVERS\rcvpn.sys [23180 2003-08-20] (SonicWALL, Inc.)
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
    R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
    S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-01-18 14:54 - 2015-01-18 14:54 - 01118208 _____ (Farbar) C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.exe
    2015-01-18 13:07 - 2015-01-18 13:07 - 00000653 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Total Uninstall 5.lnk
    2015-01-18 13:07 - 2015-01-18 13:07 - 00000000 ____D () C:\Program Files\Total Uninstall 5
    2015-01-18 13:07 - 2015-01-18 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Martau
    2015-01-18 12:59 - 2015-01-18 12:59 - 00000925 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Revo Uninstaller.lnk
    2015-01-18 12:59 - 2015-01-18 12:59 - 00000000 ____D () C:\Program Files\VS Revo Group
    2015-01-17 16:58 - 2015-01-17 16:59 - 02186752 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe
    2015-01-17 16:54 - 2015-01-17 17:17 - 00063929 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Addition.txt
    2015-01-17 16:53 - 2015-01-18 14:55 - 00025024 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.txt
    2015-01-17 16:53 - 2015-01-18 14:55 - 00000000 ____D () C:\FRST
    2015-01-16 16:41 - 2015-01-16 16:41 - 00000060 _____ () C:\WINDOWS\setupact.log
    2015-01-16 16:41 - 2015-01-16 16:41 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-01-16 16:07 - 2015-01-16 16:09 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2015-01-16 15:57 - 2015-01-16 15:57 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2015-01-16 15:55 - 2015-01-16 15:55 - 00002888 _____ () C:\WINDOWS\system32\.crusader
    2015-01-16 15:37 - 2015-01-16 15:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
    2015-01-16 14:32 - 2015-01-16 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2015-01-16 14:13 - 2015-01-17 15:48 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-01-16 14:12 - 2015-01-16 14:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2015-01-16 13:57 - 2015-01-16 13:57 - 00005180 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\JRT.txt
    2015-01-16 09:36 - 2015-01-18 12:55 - 00016393 _____ () C:\WINDOWS\setupapi.log
    2015-01-05 18:36 - 2015-01-05 18:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\mmdglfbdpaigkchnclogfmffkgbjkgbc
    2014-12-26 15:25 - 2015-01-18 14:50 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-12-26 15:25 - 2015-01-18 14:50 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-12-26 15:25 - 2014-12-26 15:25 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
    2014-12-26 12:39 - 2014-12-26 12:39 - 48701440 _____ () C:\WINDOWS\system32\config\software.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00483328 _____ () C:\WINDOWS\system32\config\default.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00065536 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-01-18 14:55 - 2006-12-22 16:44 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp
    2015-01-18 14:54 - 2005-08-30 23:17 - 02037237 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-18 14:52 - 2014-05-17 10:27 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-18 14:52 - 2005-11-14 20:58 - 00000000 ____D () C:\WINDOWS\Registration
    2015-01-18 14:51 - 2010-02-25 05:44 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-18 14:49 - 2014-04-02 05:43 - 00000252 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-01-18 14:49 - 2012-04-14 12:46 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-268140147-829281293-1905240433-1007.job
    2015-01-18 14:49 - 2010-02-25 05:44 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-18 14:49 - 2006-08-01 15:48 - 00043531 _____ () C:\WINDOWS\system32\nvapps.xml
    2015-01-18 14:49 - 2005-08-30 23:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-18 14:48 - 2012-03-29 14:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2015-01-18 14:46 - 2006-12-22 16:44 - 00000278 ___SH () C:\Documents and Settings\Compaq_Administrator\ntuser.ini
    2015-01-18 14:46 - 2006-12-22 16:41 - 00000189 _____ () C:\WINDOWS\system\hpsysdrv.DAT
    2015-01-18 14:46 - 2005-08-30 23:17 - 00032512 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-18 14:39 - 2005-11-14 20:52 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
    2015-01-18 14:33 - 2014-05-10 18:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-18 14:19 - 2012-04-14 13:14 - 00000000 ____D () C:\GVTS
    2015-01-18 13:49 - 2010-02-23 16:23 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
    2015-01-18 12:59 - 2006-12-27 13:56 - 00047616 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-18 12:38 - 2013-10-05 12:32 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SySaver
    2015-01-17 17:03 - 2013-10-19 11:55 - 00000000 ____D () C:\AdwCleaner
    2015-01-17 15:58 - 2014-07-11 06:03 - 00000720 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-17 15:58 - 2010-08-26 12:12 - 00000720 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2015-01-16 16:08 - 2007-02-23 17:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-16 16:07 - 2008-10-09 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
    2015-01-16 16:06 - 2006-08-01 16:10 - 00000000 ____D () C:\Program Files\Adobe
    2015-01-16 13:37 - 2013-11-17 20:07 - 00000000 ____D () C:\Program Files\IObit
    2015-01-16 13:19 - 2005-08-30 23:02 - 00000658 _____ () C:\WINDOWS\win.ini
    2015-01-16 13:19 - 2005-08-30 17:34 - 00000279 __RSH () C:\boot.ini
    2015-01-16 13:19 - 2005-08-30 15:52 - 00000227 _____ () C:\WINDOWS\system.ini
    2015-01-16 09:42 - 2006-12-22 16:44 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator
    2015-01-16 09:28 - 2013-12-17 13:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
    2015-01-16 07:29 - 2006-12-25 14:40 - 00002483 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Microsoft Word.lnk
    2015-01-14 08:11 - 2013-08-14 13:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-01-14 08:01 - 2006-12-22 17:30 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-01-14 04:29 - 2012-04-15 11:47 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-01-14 04:29 - 2011-06-08 06:59 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-01-12 14:23 - 2010-03-27 14:15 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-268140147-829281293-1905240433-1007.job
    2015-01-12 06:29 - 2006-08-01 15:52 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2015-01-08 16:12 - 2014-04-02 05:43 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-01-07 06:16 - 2006-12-22 17:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB925454$
    2015-01-05 12:42 - 2013-04-10 13:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
    2015-01-02 12:29 - 2006-12-27 13:53 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\andrew
    2014-12-31 05:43 - 2007-12-18 15:43 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\larry
    2014-12-31 05:41 - 2006-12-25 14:41 - 00002481 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Microsoft Excel.lnk
    2014-12-30 17:41 - 2006-12-27 13:52 - 00148992 ____N () C:\Documents and Settings\Compaq_Administrator\My Documents\contact list 8-20-06.xls
    2014-12-30 10:20 - 2007-07-10 13:20 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\ZoomBrowser EX
    2014-12-26 12:39 - 2006-08-01 15:22 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-12-26 12:39 - 2006-08-01 15:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-12-26 11:26 - 2012-03-06 19:48 - 03315767 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-268140147-829281293-1905240433-1007-0.dat
    2014-12-26 11:25 - 2012-03-06 19:48 - 00281538 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-12-26 11:11 - 2006-12-27 13:52 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\Red Cross
    2014-12-24 10:50 - 2006-12-26 10:36 - 00000000 ____D () C:\Program Files\The Print Shop Ensemble III
    2014-12-24 09:07 - 2007-01-23 16:02 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\My Documents\TurboTax
    2014-12-24 08:48 - 2014-02-28 09:18 - 00002447 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
    2014-12-21 06:27 - 2010-09-16 12:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981322$
    2014-12-19 11:13 - 2013-11-16 09:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    ==================== Files in the root of some directories =======
    2007-06-28 17:53 - 2007-06-28 17:53 - 0000000 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\Hewlett-PackardHP Officejet 5600 series1167143290_API.log
    2007-06-28 17:53 - 2007-06-28 17:53 - 0000492 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\Hewlett-PackardHP Officejet 5600 series1167143290_PROTOCOL.log
    2007-06-28 17:53 - 2007-06-28 17:53 - 0000424 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\Hewlett-PackardHP Officejet 5600 series1167143290_UI.log
    2006-12-26 09:59 - 2006-12-26 09:59 - 0002284 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\HPSU_48BitScanUpdate.log
    2006-12-26 10:00 - 2006-12-26 10:00 - 0072221 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    2006-12-26 09:55 - 2006-12-26 09:55 - 0122487 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2012-03-29 12:21 - 2012-03-29 12:21 - 0070487 ____N () C:\Documents and Settings\Compaq_Administrator\Application Data\userenv.xml
    2011-03-03 11:57 - 2014-02-21 13:05 - 0000664 ____N () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\d3d9caps.dat
    2006-12-27 13:56 - 2015-01-18 12:59 - 0047616 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2006-12-22 16:44 - 2006-12-31 20:17 - 0000143 ____N () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
    2013-10-09 17:39 - 2013-10-09 17:46 - 0000600 ____N () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PUTTY.RND
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\dllnt_dump.dll
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2015 01
    Ran by Compaq_Administrator at 2015-01-18 14:56:29
    Running from C:\Documents and Settings\Compaq_Administrator\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)

    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    5600 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    5600_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    5600Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM\...\7-Zip 9.20) (Version: - )
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
    AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
    Apple Application Support (HKLM\...\{0C34B801-6AEC-4667-B053-03A67E2D0415}) (Version: 1.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
    Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
    Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
    Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
    BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Canon Camera Access Library (HKLM\...\CAL) (Version: 8.3.0.1 - )
    Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
    Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
    Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.0.9 - )
    Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.3.0.8 - )
    Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
    Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.4.0.14 - )
    Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.5.0.8 - )
    Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.0.8 - )
    Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
    Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.19.43 - )
    Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.8.0.74 - )
    Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version: - )
    Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety2 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety3 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    CWA Reminder by We-Care.com v4.1.22.3 (HKLM\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.3 - We-Care.com)
    Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
    Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.29 - NOS Microsystems Ltd.)
    Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
    Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
    HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
    HP Extended Capabilities 5.3 (HKLM\...\HPExtendedCapabilities) (Version: 5.3 - HP)
    HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
    HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version: - HP)
    HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
    HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
    HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
    InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    InterActual Player (HKLM\...\InterActual Player) (Version: - )
    iTunes (HKLM\...\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}) (Version: 9.0.1.8 - Apple Inc.)
    Kiplinger's WILLPower (HKLM\...\Kiplinger's WILLPower) (Version: - )
    Learning QuickBooks 2007 (HKLM\...\{DEEB514D-FEB5-4EB6-9A34-C309ADEEBB02}) (Version: 5.00.000 - )
    LightScribe 1.4.105.1 (Version: 1.4.105.1 - http://www.lightscribe.com) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    MediaImpression 3.6.2 LE (HKLM\...\{C0A25D74-1A95-40ED-AA67-E6F21D9C8A38}) (Version: 3.6.2.278 - ArcSoft)
    Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    My HP Games (HKLM\...\WildTangent compaq Master Uninstall) (Version: HPCMPQ1404 - WildTangent)
    NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
    OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )
    PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )
    Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
    QuickBooks Pro (HKLM\...\QuickBooks Pro) (Version: - )
    QuickBooks Pro 2007 (HKLM\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version: - )
    QuickBooks Product Listing Service (HKLM\...\{054C3038-FFAC-446D-9682-E25891DC2E05}) (Version: 2.0.132 - Intuit)
    Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
    QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
    RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller 1.87 (HKLM\...\Revo Uninstaller) (Version: 1.87 - VS Revo Group)
    Roxio EasyWrite Reader (HKLM\...\Roxio MRFilter) (Version: - )
    Safari (HKLM\...\{E56D39F8-2A9F-44B4-B068-A72E45A073E6}) (Version: 4.31.9.1 - Apple Inc.)
    Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
    SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.9 - IObit)
    SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
    Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
    Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
    Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
    Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SonicWALL Global VPN Client (HKLM\...\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}) (Version: 1.0 - SonicWALL)
    Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
    TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer)
    The Print Shop Ensemble III (HKLM\...\The Print Shop Ensemble) (Version: - )
    Total Uninstall 5.3.0 (HKLM\...\Total Uninstall 5_is1) (Version: 5.3.0 - Gavrila Martau)
    TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    TurboTax 2008 (HKLM\...\TurboTax 2008) (Version: - )
    TurboTax 2009 (HKLM\...\TurboTax 2009) (Version: - Intuit, Inc)
    TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
    TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
    TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax Deluxe 2007 (HKLM\...\TurboTax Deluxe 2007) (Version: - )
    Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
    Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
    WexTech AnswerWorks (HKLM\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - )
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{03C3A013-02F2-4E56-87A8-B74A7C5DC75B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" No File
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> c:\Program Files\InterActual\InterActual Player\mfc42.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> c:\Program Files\InterActual\InterActual Player\mfc42.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> c:\Program Files\InterActual\InterActual Player\mfc42.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{1B3FC869-FA13-4948-A865-B626713E98B4}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{28400E86-5FFC-453D-A534-EF455A115E74}\localserver32 -> C:\Program Files\Intuit\QuickBooks Product Listing Service\QBProductListingCOMServer.exe (TODO: <Company name>)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{451BBD82-48B5-4525-B3C3-035465D73469}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{45F5708E-3B43-4FA8-BE7E-A5F1849214CB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4877276C-A727-486D-B201-F096035CA4DF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{77AD5847-AE1B-4193-9F15-6E9B2D811E4D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7A669A0C-0813-4BF1-A723-26B79C5E9DDC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{86AC2FAD-C987-4757-B591-02F9867A8BE5}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\QBW32.EXE (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Rocket\Application\3 (the data entry has 41 more characters).
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A31E3E12-DC10-4D60-B2DA-93EDE3936B4C}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{AC9F2F90-E877-11CE-9F68-00AA00574A4F}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\WINDOWS\system32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}\InprocServer32 -> C:\WINDOWS\system32\ACTXPRXY.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{CC669B53-4BBB-4AA8-8201-88D8B9FE5C33}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\MSVBVM60.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}\InprocServer32 -> C:\WINDOWS\system32\FM20.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
    ==================== Restore Points =========================
    09-11-2014 20:11:21 System Checkpoint
    10-11-2014 21:26:53 System Checkpoint
    11-11-2014 22:04:35 System Checkpoint
    12-11-2014 08:00:29 Software Distribution Service 3.0
    13-11-2014 08:08:20 System Checkpoint
    14-11-2014 09:09:20 System Checkpoint
    15-11-2014 10:44:07 System Checkpoint
    16-11-2014 11:14:42 System Checkpoint
    17-11-2014 11:16:12 System Checkpoint
    18-11-2014 12:05:13 System Checkpoint
    19-11-2014 13:45:52 System Checkpoint
    20-11-2014 14:05:19 System Checkpoint
    21-11-2014 15:05:29 System Checkpoint
    22-11-2014 17:56:15 System Checkpoint
    23-11-2014 18:28:50 System Checkpoint
    24-11-2014 19:14:00 System Checkpoint
    25-11-2014 20:13:01 System Checkpoint
    26-11-2014 21:13:03 System Checkpoint
    27-11-2014 11:29:02 avast! antivirus system restore point
    28-11-2014 11:41:01 System Checkpoint
    29-11-2014 12:49:56 System Checkpoint
    30-11-2014 12:57:28 System Checkpoint
    01-12-2014 13:05:30 System Checkpoint
    02-12-2014 14:00:40 System Checkpoint
    03-12-2014 14:28:19 System Checkpoint
    04-12-2014 15:28:19 System Checkpoint
    05-12-2014 17:05:06 System Checkpoint
    06-12-2014 17:40:30 System Checkpoint
    08-12-2014 10:00:05 System Checkpoint
    09-12-2014 10:54:17 System Checkpoint
    10-12-2014 08:00:33 Software Distribution Service 3.0
    11-12-2014 08:54:26 System Checkpoint
    12-12-2014 08:54:38 System Checkpoint
    13-12-2014 09:06:42 System Checkpoint
    14-12-2014 09:54:45 System Checkpoint
    15-12-2014 10:54:47 System Checkpoint
    16-12-2014 11:54:46 System Checkpoint
    17-12-2014 12:54:45 System Checkpoint
    18-12-2014 13:00:01 System Checkpoint
    19-12-2014 13:01:13 System Checkpoint
    20-12-2014 13:58:45 System Checkpoint
    21-12-2014 15:30:24 System Checkpoint
    23-12-2014 06:01:28 System Checkpoint
    24-12-2014 06:32:31 System Checkpoint
    25-12-2014 06:39:48 System Checkpoint
    26-12-2014 06:45:39 System Checkpoint
    27-12-2014 07:30:43 System Checkpoint
    28-12-2014 08:30:46 System Checkpoint
    29-12-2014 09:41:35 System Checkpoint
    30-12-2014 10:52:51 System Checkpoint
    31-12-2014 11:57:23 System Checkpoint
    01-01-2015 13:57:02 System Checkpoint
    02-01-2015 14:31:49 System Checkpoint
    03-01-2015 15:30:55 System Checkpoint
    04-01-2015 15:56:55 System Checkpoint
    05-01-2015 16:45:29 System Checkpoint
    06-01-2015 17:41:46 System Checkpoint
    07-01-2015 19:00:48 System Checkpoint
    08-01-2015 19:22:46 System Checkpoint
    09-01-2015 20:22:54 System Checkpoint
    10-01-2015 21:22:50 System Checkpoint
    11-01-2015 22:22:50 System Checkpoint
    12-01-2015 22:29:42 System Checkpoint
    13-01-2015 23:35:31 System Checkpoint
    14-01-2015 08:00:25 Software Distribution Service 3.0
    15-01-2015 08:32:53 System Checkpoint
    16-01-2015 13:22:21 Removed Vz In Home Agent
    16-01-2015 15:54:19 Checkpoint by HitmanPro
    16-01-2015 15:54:56 Checkpoint by HitmanPro
    18-01-2015 12:23:43 Software Distribution Service 3.0
    18-01-2015 12:37:30 Removed DefaultTab
    18-01-2015 13:04:21 Revo Uninstaller's restore point - DefaultTab
    18-01-2015 13:05:22 Removed DefaultTab
    18-01-2015 13:05:44 Revo Uninstaller's restore point - DefaultTab
    18-01-2015 13:06:10 Removed DefaultTab
    18-01-2015 13:11:18 Uninstalled with Total Uninstall "DefaultTab"
    18-01-2015 13:11:48 Removed DefaultTab
    18-01-2015 13:12:03 Uninstalled with Total Uninstall "DefaultTab"
    18-01-2015 13:12:33 Removed DefaultTab
    18-01-2015 14:44:46 avast! antivirus system restore point
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2004-08-10 06:00 - 2012-04-15 10:01 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-268140147-829281293-1905240433-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-268140147-829281293-1905240433-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    ==================== Loaded Modules (whitelisted) =============
    2004-08-09 23:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2004-08-09 23:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2004-08-09 23:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-09 23:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2009-03-15 20:16 - 2009-03-15 20:16 - 00755712 ____N () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
    2009-03-15 20:26 - 2009-03-15 20:26 - 00471040 ____N () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    2010-02-20 09:18 - 2010-02-20 09:18 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
    2010-02-20 09:18 - 2010-02-20 09:18 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    2011-02-23 16:42 - 2011-02-23 16:42 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    2005-08-03 01:19 - 2005-08-03 01:19 - 00050176 ____N () C:\WINDOWS\armcex.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AD022376
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupreg: ihanotify => C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe 1 fios
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    ========================= Accounts: ==========================
    Administrator (S-1-5-21-268140147-829281293-1905240433-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Compaq_Administrator (S-1-5-21-268140147-829281293-1905240433-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Administrator
    Guest (S-1-5-21-268140147-829281293-1905240433-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-268140147-829281293-1905240433-1006 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-268140147-829281293-1905240433-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-268140147-829281293-1905240433-1005 - Limited - Disabled)
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (01/18/2015 01:12:32 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall
    Error: (01/18/2015 01:11:48 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall
    Error: (01/18/2015 01:06:10 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall
    Error: (01/18/2015 01:05:21 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall
    Error: (01/18/2015 00:37:30 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall
    Error: (01/12/2015 06:35:20 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: Faulting application winword.exe, version 10.0.6866.0, faulting module mso.dll, version 10.0.6870.0, fault address 0x000035ed.
    Error: (01/12/2015 06:33:46 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: Faulting application winword.exe, version 10.0.6866.0, faulting module winword.exe, version 10.0.6866.0, fault address 0x00320612.
    Error: (01/05/2015 02:44:15 PM) (Source: COM+) (EventID: 4689) (User: )
    Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed
    Error: (12/19/2014 11:20:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Error: (12/15/2014 06:31:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    System errors:
    =============
    Error: (01/18/2015 02:51:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2
    Error: (01/18/2015 02:50:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
    Error: (01/18/2015 02:09:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2
    Error: (01/18/2015 02:01:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2
    Error: (01/18/2015 01:49:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
    %%1053
    Error: (01/18/2015 01:49:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    Error: (01/18/2015 01:47:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2
    Error: (01/18/2015 01:31:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Application Layer Gateway Service service failed to start due to the following error:
    %%1053
    Error: (01/18/2015 01:31:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    Error: (01/18/2015 01:30:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Microsoft Office Sessions:
    =========================
    Error: (01/18/2015 01:12:32 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall (NULL)(NULL)(NULL)
    Error: (01/18/2015 01:11:48 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall (NULL)(NULL)(NULL)
    Error: (01/18/2015 01:06:10 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall (NULL)(NULL)(NULL)
    Error: (01/18/2015 01:05:21 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall (NULL)(NULL)(NULL)
    Error: (01/18/2015 00:37:30 PM) (Source: MsiInstaller) (EventID: 11721) (User: DESKTOP)
    Description: Product: DefaultTab -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _4C0618CD_329D_488D_8E04_4FACC1521A93, location: C:\Documents and Settings\Compaq_Administrator\Application Data\DefaultTab\DefaultTab\cfg.exe, command: Uninstall (NULL)(NULL)(NULL)
    Error: (01/12/2015 06:35:20 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: winword.exe10.0.6866.0mso.dll10.0.6870.0000035ed
    Error: (01/12/2015 06:33:46 AM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
    Description: winword.exe10.0.6866.0winword.exe10.0.6866.000320612
    Error: (01/05/2015 02:44:15 PM) (Source: COM+) (EventID: 4689) (User: )
    Description: Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed
    Error: (12/19/2014 11:20:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: WINWORD.EXE10.0.6866.0hungapp0.0.0.000000000
    Error: (12/15/2014 06:31:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    ==================== Memory info ===========================
    Processor: AMD Athlon(tm) 64 Processor 3500+
    Percentage of memory in use: 58%
    Total physical RAM: 1470.48 MB
    Available physical RAM: 612.95 MB
    Total Pagefile: 2791.79 MB
    Available Pagefile: 2075.01 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1932.48 MB
    ==================== Drives ================================
    Drive c: (PRESARIO) (Fixed) (Total:877.94 GB) (Free:752.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (PRESARIO_RP) (Fixed) (Total:53.56 GB) (Free:45.3 GB) FAT32 ==>[Drive with boot components (Windows XP)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 4A5F34B2)
    Partition 1: (Active) - (Size=877.9 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=53.6 GB) - (Type=0C)
    ==================== End Of Log ============================
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Avast is a pain, I stopped recommending a long time ago.

    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

    Also let me know how the system is behaving now.

    Thanks
     

    Attached Files:

  6. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thank you Pete,

    Here's the log. Not sure yet on the performance. What do you think about running RogueKiller again to see if it still detects the items I mentioned in my initial post?

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-01-2015 01
    Ran by Compaq_Administrator at 2015-01-19 17:31:25 Run:1
    Running from C:\Documents and Settings\Compaq_Administrator\Desktop
    Loaded Profiles: Compaq_Administrator (Available profiles: Compaq_Administrator & Administrator)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKLM\...\Run: [] => [X]
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> {0CE527A3-B00A-4C02-8A76-D1D30B9E84E3} URL =
    Toolbar: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    Toolbar: HKU\S-1-5-21-268140147-829281293-1905240433-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
    CHR Extension: (saferweB) - C:\Documents and Settings\All Users\Application Data\mmdglfbdpaigkchnclogfmffkgbjkgbc\ [2013-10-19]
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-06] (AVG Technologies)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-01-16] ()
    R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
    S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
    S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [X]
    2015-01-16 15:57 - 2015-01-16 15:57 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2015-01-16 15:55 - 2015-01-16 15:55 - 00002888 _____ () C:\WINDOWS\system32\.crusader
    2015-01-16 15:37 - 2015-01-16 15:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
    2014-12-26 12:39 - 2014-12-26 12:39 - 48701440 _____ () C:\WINDOWS\system32\config\software.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00483328 _____ () C:\WINDOWS\system32\config\default.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00065536 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
    2014-12-26 12:39 - 2014-12-26 12:39 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
    2015-01-05 18:36 - 2015-01-05 18:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\mmdglfbdpaigkchnclogfmffkgbjkgbc
    2015-01-16 13:37 - 2013-11-17 20:07 - 00000000 ____D () C:\Program Files\IObit
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\dllnt_dump.dll
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{03C3A013-02F2-4E56-87A8-B74A7C5DC75B}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" No File
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{1B3FC869-FA13-4948-A865-B626713E98B4}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{451BBD82-48B5-4525-B3C3-035465D73469}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{45F5708E-3B43-4FA8-BE7E-A5F1849214CB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{77AD5847-AE1B-4193-9F15-6E9B2D811E4D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7A669A0C-0813-4BF1-A723-26B79C5E9DDC}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Rocket\Application\3 (the data entry has 41 more characters).
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A31E3E12-DC10-4D60-B2DA-93EDE3936B4C}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{CC669B53-4BBB-4AA8-8201-88D8B9FE5C33}\InprocServer32 -> No File Path
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AD022376
    Hosts:
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value deleted successfully.
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 => value deleted successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
    HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CE527A3-B00A-4C02-8A76-D1D30B9E84E3}" => Key deleted successfully.
    HKCR\CLSID\{0CE527A3-B00A-4C02-8A76-D1D30B9E84E3} => Key not found.
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} => value deleted successfully.
    HKCR\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B} => Key not found.
    HKU\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    C:\Program Files\AVAST Software\Avast\WebRep\FF => not found.
    C:\Documents and Settings\All Users\Application Data\mmdglfbdpaigkchnclogfmffkgbjkgbc\ => Moved successfully.
    avgtp => Service stopped successfully.
    avgtp => Service deleted successfully.
    hitmanpro37 => Service deleted successfully.
    SmartDefragDriver => Service stopped successfully.
    SmartDefragDriver => Service deleted successfully.
    BLKWGU(Belkin) => Service deleted successfully.
    catchme => Service deleted successfully.
    ftsata2 => Service deleted successfully.
    ZDPSp50 => Service deleted successfully.
    C:\WINDOWS\system32\Drivers\hitmanpro37.sys => Moved successfully.
    C:\WINDOWS\system32\.crusader => Moved successfully.
    C:\Documents and Settings\All Users\Application Data\HitmanPro => Moved successfully.
    C:\WINDOWS\system32\config\software.iobit => Moved successfully.
    C:\WINDOWS\system32\config\default.iobit => Moved successfully.
    C:\WINDOWS\system32\config\SECURITY.iobit => Moved successfully.
    C:\WINDOWS\system32\config\SAM.iobit => Moved successfully.
    "C:\Documents and Settings\All Users\Application Data\mmdglfbdpaigkchnclogfmffkgbjkgbc" => File/Directory not found.
    C:\Program Files\IObit => Moved successfully.
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\dllnt_dump.dll => Moved successfully.
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Quarantine.exe => Moved successfully.
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{03C3A013-02F2-4E56-87A8-B74A7C5DC75B}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{1B3FC869-FA13-4948-A865-B626713E98B4}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{451BBD82-48B5-4525-B3C3-035465D73469}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{45F5708E-3B43-4FA8-BE7E-A5F1849214CB}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{77AD5847-AE1B-4193-9F15-6E9B2D811E4D}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{7A669A0C-0813-4BF1-A723-26B79C5E9DDC}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{A31E3E12-DC10-4D60-B2DA-93EDE3936B4C}" => Key deleted successfully.
    "HKU\S-1-5-21-268140147-829281293-1905240433-1007_Classes\CLSID\{CC669B53-4BBB-4AA8-8201-88D8B9FE5C33}" => Key deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":373E1720" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":AD022376" ADS removed successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    ========= ipconfig /flushdns =========
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========
    EmptyTemp: => Removed 586.5 MB temporary data.

    The system needed a reboot.
    ==== End of Fixlog 17:38:04 ====
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Instead of running Rogue Killer again............

    Download Malwarebytes Anti-Rootkit
    • Unzip the File to a convenient location. (Recommend the Desktop)
    • Open the folder where the contents were unzipped to run mbar.exe

      7bcc50dfd6c82d9b90bf062ab8395c11.png
    • Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

      485b1c94069327b0e3e4281ea92292b4.png
    • If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)
    • The following image opens, select Next.

      4ae354a9656b2b1b1a9db6b05e3a0f6e.png
    • The following image opens, select Update

      171102ae2caa4cc711ae3672b9557736.png
    • When the Update completes, select Next

      26c0969ac34287e521493e2024637c94.png
    • In the following window ensure "Targets" are ticked. Then select "Scan"

      ac3ba40350301aecf55f92aec7cd2e32.png
    • If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

      c7a098bfa00684436591b0a61b6ca2f3.png
    • Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

      e9c8fee0d1649ba567ef9f1fcf397aec.png
    • Select "Yes" to close down the program. If NO infections were found you will see the following image:

      56b74deb240a9260344ed6b311713857.png
    • Select "Exit" to close down.
    • Copy and paste the two following logs from the mbar folder:
    System - log
    Mbar - log Date and time of scan will also be shown

    964d59feb12931cbbbd0cda2bbfe087e.png


    Post those two logs in your reply.

    Thanks
     
  8. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thank you Pete, I had run MBAR the other day. It was clean. Thought I mentioned that, but looks like I forgot. Here's the logs:


    tes Anti-Rootkit BETA 1.08.3.1004
    www.malwarebytes.org
    Database version:
    main: v2015.01.20.04
    rootkit: v2015.01.14.01
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer
    Compaq_Administrator :: DESKTOP [administrator]
    1/20/2015 7:22:55 AM
    mbar-log-2015-01-20 (07-22-55).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 363600
    Time elapsed: 53 minute(s), 59 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0




    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.3.1004
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version:
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.204000 GHz
    Memory total: 1541914624, free: 646447104
    Downloaded database version: v2015.01.20.04
    Downloaded database version: v2015.01.14.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.3.1004
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version:
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.204000 GHz
    Memory total: 1541914624, free: 691822592
    =======================================
    Initializing...
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.3.1004
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version:
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.204000 GHz
    Memory total: 1541914624, free: 932642816
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/20/2015 07:22:16
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    viaide.sys
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    MrFilter.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\AmdK8.sys
    \SystemRoot\system32\DRIVERS\aracpi.sys
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\ArcCD.SYS
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    \SystemRoot\system32\DRIVERS\HSX_DP.sys
    \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\nvnetbus.sys
    \SystemRoot\system32\DRIVERS\NVNRM.SYS
    \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\armoucfltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\arkbcfltr.sys
    \SystemRoot\system32\DRIVERS\arpolicy.sys
    \SystemRoot\system32\DRIVERS\dne2000.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rcvpn.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\NVENETFD.sys
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\ArcRec.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \??\C:\WINDOWS\system32\Drivers\RCFOX.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    Scan started
    Database versions:
    main: v2015.01.20.04
    rootkit: v2015.01.14.01
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8a44cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a440900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a44cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a44ef18, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8a3e3940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4A5F34B2
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1841177457
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1841177520 Numsec = 112341600
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  9. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Thanks for that.
    The 2 entries you mentioned:
    atapi@unknown
    arkbcfltr@unknown

    are probably nothing to worry about.
    Does the system have a card reader attached? ( this is sometimes the cause of the atapi error)
    The arkbcfltr entry is probably referring to the Microsoft keyboard filter.
    RogueKiller does throw up quite a few entries that aren't bad, that's why i prefer MBAR.

    It would be interesting to see the whole RogueKiller report though, so it may be an idea to re-run it now and post the report.
    Even if it's just to clarify if these are false positives.
     
  10. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    They're still there. Here's the report.\\
    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Compaq_Administrator [Administrator]
    Mode : Scan -- Date : 01/20/2015 16:42:32
    ¤¤¤ Processes : 0 ¤¤¤
    ¤¤¤ Registry : 9 ¤¤¤
    [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
    [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
    [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-268140147-829281293-1905240433-1007\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Found
    [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} | DhcpNameServer : 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} | DhcpNameServer : 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} | DhcpNameServer : 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
    ¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
    [SSDT:Addr(Hook.SSDT)] NtOpenProcess[122] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xb5c37dbe
    [SSDT:Addr(Hook.SSDT)] NtOpenThread[128] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xb5c37f4a
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\MrFilter @ Unknown (MrFilter.sys)
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\ArcCD @ Unknown (\SystemRoot\System32\Drivers\ArcCD.SYS)
    [Filter(Root.Keylogger)] \Driver\Kbdclass @ \Device\KeyboardClass0 : \Driver\arkbcfltr @ Unknown (\SystemRoot\system32\DRIVERS\armoucfltr.sys)
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
    --- User ---
    [MBR] c96cdfd899204f00cdf1c977f3af8184
    [BSP] 4aef9fb25d9a1d1fc42366942e364d75 : Toshiba MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 899012 MB [Windows XP Bootstrap | Windows XP Bootloader]
    1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1841177520 | Size: 54854 MB
    User = LL1 ... OK
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] c96cdfd899204f00cdf1c977f3af8184
    [BSP] 4aef9fb25d9a1d1fc42366942e364d75 : Toshiba MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 899012 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
    1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1841177520 | Size: 54854 MB
    +++++ PhysicalDrive1: USB 2.0 Flash Disk USB Device +++++
    --- User ---
    [MBR] 8c9fca14cce17e6047ab767c352eb6fa
    [BSP] 3366af17c60cea4b60fdecc99f9288f8 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 967 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    ============================================
    RKreport_DEL_01162015_142414.log - RKreport_SCN_01162015_142119.log - RKreport_SCN_01172015_155411.log
     
  11. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    As i suspected it's nothing to worry about:

    http://www.adlice.com/kernelmode-rootkits-part-3-kernel-filters/

    There is also a lot of info over at the RogueKiller forum:

    http://forum.adlice.com/index.php?action=forum#c2

    So:
    Armoucfltr.sys with description Microsoft PS2 Mouse Filter is a driver file from company Microsoft Corporation belonging to product Microsoft AR PS/2 Mouse Filter Driver.

    ArcCD.sys file is a common Windows file which is responsible for loading and processing the settings of related application or Windows function.

    Mrfilter.sys with description EasyWrite Driver is a driver file from company Roxio belonging to product Drag-to-Disc.

    All files check out.

    Also, as stated above...' it’s USELESS in most of the cases to remove a filter'
    It's the file/process etc that is causing it, that has to be removed.
    If no bad files/processes are showing in the report.... then it's a good chance that the line is legit.

    Does that help to explain things a bit?
     
  12. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Pete, you are the man! I read your post and a bit of the adlice docs. Must say, it hasn't sunk in yet. Maybe another look tomorrow when I'm up to speed.
     

Share This Page