And now things are worse than they were before the last iteration. Files and folders take an inordinate amount of time to open.
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\n360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-14] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2012-08-17]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2016-11-28]
ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-08-14]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ASM23.txt.lnk [2012-10-05]
ShortcutTarget: ASM23.txt.lnk -> C:\Documents and Settings\User\My Documents\ASM23.txt ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2014-08-29]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{CE68ADDF-E41F-46CB-AEA8-29F083998EEE}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2016-06-01] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3680450723-4200196162-3786228007-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-12-20]
CHR Extension: (Slides) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-27]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-10-27]
CHR Extension: (Sheets) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-01]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-10-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-27]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-27]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [117920 2011-08-15] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\N360.exe [288504 2017-11-10] (Symantec Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2015-02-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BHDrvx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20171218.003\BHDrvx86.sys [1367704 2017-10-11] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\160B020.007\ccSetx86.sys [147096 2017-11-10] (Symantec Corporation)
R3 e1qexpress; C:\WINDOWS\System32\DRIVERS\e1q5132.sys [192680 2011-06-21] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [393368 2017-10-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [126616 2017-11-18] (Symantec Corporation)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R3 IDSxpx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20171219.001\IDSxpx86.sys [759448 2017-11-15] (Symantec Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\160B020.007\SRTSP.SYS [662680 2017-11-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\160B020.007\SRTSPX.SYS [41112 2017-11-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\160B020.007\SYMEFASI.SYS [1459352 2017-11-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89288 2017-11-16] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\160B020.007\Ironx86.SYS [241920 2017-11-10] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\160B020.007\SYMTDI.SYS [382216 2017-11-10] (Symantec Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-10-17] (Zemana Ltd.)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
2017-11-28 09:55 - 2017-12-20 12:49 - 000032190 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-25 19:14 - 2017-11-28 15:13 - 000001324 ____N C:\WINDOWS\system32\d3d9caps.dat
2017-12-20 12:51 - 2017-10-22 10:14 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2017-12-20 12:49 - 2017-09-28 14:00 - 000000000 ____D C:\Documents and Settings\User\Desktop\Security
2017-12-20 12:47 - 2014-04-09 10:06 - 000000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-12-20 12:38 - 2013-06-06 11:21 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-20 04:26 - 2011-12-05 05:16 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-12-20 01:30 - 2014-08-29 12:34 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\BounceBack Express
2017-12-19 14:38 - 2013-06-06 11:21 - 000000882 ____N C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-12-19 13:36 - 2011-12-05 10:31 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-12-19 10:49 - 2016-11-28 13:05 - 000000000 ____D C:\Program Files\Keyboard Express 3
2017-12-19 10:47 - 2014-03-24 12:22 - 000000220 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-12-19 10:47 - 2008-04-14 07:00 - 000012598 ____C C:\WINDOWS\system32\wpa.dbl
2017-12-19 10:31 - 2011-12-05 10:44 - 000000178 __SHC C:\Documents and Settings\User\ntuser.ini
2017-12-15 09:24 - 2017-10-17 09:17 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2017-12-08 15:00 - 2014-03-24 12:22 - 000000214 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-11-28 15:16 - 2012-08-14 09:43 - 000002477 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2017-11-28 15:15 - 2012-08-14 09:43 - 000002479 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2017-11-28 09:51 - 2016-10-05 10:26 - 000926456 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-11-22 13:43 - 2015-06-04 12:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\N360
2017-11-22 13:42 - 2015-08-11 15:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
2017-11-22 13:42 - 2015-06-04 12:05 - 000001983 ____N C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
2017-11-22 13:38 - 2012-10-06 18:33 - 001188526 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3680450723-4200196162-3786228007-1003-0.dat
2017-11-22 13:38 - 2012-10-06 18:33 - 000164638 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-07-25 21:04 - 2017-07-25 22:36 - 008111467 ____C () C:\Documents and Settings\User\Local Settings\Application Data\12C backup - 20140829133210-3281.BB
2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 ____C () C:\Documents and Settings\User\Local Settings\Application Data\setup.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2017
Ran by User (20-12-2017 12:52:04)
Running from C:\Documents and Settings\User\Desktop\Security
Microsoft Windows XP Professional Service Pack 3 (X86) (2017-05-11 18:55:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3680450723-4200196162-3786228007-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3680450723-4200196162-3786228007-1004 - Limited - Enabled)
Guest (S-1-5-21-3680450723-4200196162-3786228007-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3680450723-4200196162-3786228007-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3680450723-4200196162-3786228007-1002 - Limited - Disabled)
User (S-1-5-21-3680450723-4200196162-3786228007-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACT! (HKLM\...\ACT!) (Version: - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Advertising Center (HKLM\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden
AJC Directory Synchronizer v1.16.6 (HKLM\...\AJC Directory Synchronizer_is1) (Version: - AJC Software)
BounceBack Express (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\{95632566-071E-4A02-92C1-4BD907065736}) (Version: 8.0 - CMS Products)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
CD Catalog Expert 9.30.807.11 (HKLM\...\CD Catalog Expert_is1) (Version: - eTeSoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.02 - CyberLink Corp.)
DiscTrack Plus (HKLM\...\DiscTrack Plus) (Version: - )
DolbyFiles (HKLM\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 0.1 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Hardlock Device Drivers (HKLM\...\Hardlock Device Drivers) (Version: - )
Image Importer Wizard (HKLM\...\{20EDB9A7-887F-47ED-B1E6-E2831FAD276F}) (Version: 3.0 - )
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 16.6.126.0 (HKLM\...\{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}) (Version: 16.6.126.0 - Intel)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5387 - Intel Corporation)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 8.10 Update Patch (HKLM\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version: - )
Keyboard Express 3 (HKLM\...\Keyboard Express 3) (Version: 3.0 - Insight Software Solutions, Inc.)
Menu Templates - Starter Kit (HKLM\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nanoscope 5.31r1 (HKLM\...\Nanoscope 5.31r1) (Version: - )
Nero 9 Essentials (HKLM\...\{a01dd7e5-ef6c-43b7-aa39-be7be987539f}) (Version: - Nero AG)
Network ScanGear Ver.1.4 (HKLM\...\{16EFC313-F083-4C16-AEB7-1FF1A4343540}) (Version: - )
Norton Security Suite (HKLM\...\N360) (Version: 22.11.2.7 - Symantec Corporation)
QuickBooks (HKLM\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4016.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4016.2206 - Intuit Inc.)
QuickBooks Pro Timer (HKLM\...\{6D49994F-2E35-4932-B9ED-D2F4EEBF91A2}) (Version: 8.00.0000 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6482 - Realtek Semiconductor Corp.)
Solid Edge Viewer ST4 (HKLM\...\{F2658C51-8FB6-4DAD-AF6E-71ECE035FBA4}) (Version: 104.00.00082 - Siemens)
TinyCAD 2.80.03 (HKLM\...\TinyCAD) (Version: 2.80.03 - TinyCAD)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\WinDirStat) (Version: - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-10-17] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2011-09-30] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-10-17] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
==================== Scheduled Tasks=============================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\User\NetHood\www.asmicro.com\target.lnk -> hxxp://www.asmicro.co
==================== Loaded Modules (Whitelisted) ==============
2012-08-17 15:38 - 2001-10-11 16:34 - 000077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2017-10-17 09:17 - 2017-10-17 09:17 - 000131952 ____C () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2014-08-29 12:29 - 2008-01-02 13:17 - 000107832 _____ () C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
2016-09-07 14:18 - 2016-09-06 11:00 - 005197312 ____C () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 14:18 - 2016-09-06 11:00 - 000147456 ____C () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 07:00 - 2017-10-31 12:31 - 000000855 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\AJC Software\AJC Directory Synchronizer\AJCDirS.exe] => Enabled:AJC Directory Synchronizer
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe] => Enabled:QuickBooks 2012 Data Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\WINDOWS\explorer.exe] => Enabled:Windows Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
==================== Restore Points =========================
12-09-2017 11:08:51 System Checkpoint
13-09-2017 16:36:48 System Checkpoint
16-09-2017 01:57:22 System Checkpoint
17-09-2017 03:56:27 System Checkpoint
20-09-2017 19:24:34 System Checkpoint
22-09-2017 11:59:07 System Checkpoint
23-09-2017 12:05:00 System Checkpoint
25-09-2017 21:18:20 System Checkpoint
27-09-2017 13:26:45 System Checkpoint
28-09-2017 14:05:44 JRT Pre-Junkware Removal
01-10-2017 18:31:10 System Checkpoint
03-10-2017 07:42:43 System Checkpoint
03-10-2017 14:53:21 Removed Backup and Sync from Google
03-10-2017 14:56:05 Removed Citrix Online Launcher
05-10-2017 16:00:55 System Checkpoint
06-10-2017 16:21:04 System Checkpoint
16-10-2017 09:19:27 Restore Point Created by FRST
16-10-2017 09:43:18 JRT Pre-Junkware Removal
18-10-2017 02:32:58 System Checkpoint
19-10-2017 13:45:00 System Checkpoint
21-10-2017 08:57:55 System Checkpoint
22-10-2017 10:01:04 zoek.exe restore point
23-10-2017 10:42:05 System Checkpoint
28-10-2017 07:43:40 System Checkpoint
31-10-2017 01:56:46 System Checkpoint
01-11-2017 02:00:52 Software Distribution Service 3.0
02-11-2017 02:15:39 System Checkpoint
03-11-2017 05:07:13 System Checkpoint
04-11-2017 05:44:43 System Checkpoint
05-11-2017 06:44:48 System Checkpoint
06-11-2017 07:44:44 System Checkpoint
09-11-2017 12:27:50 System Checkpoint
11-11-2017 16:49:40 System Checkpoint
15-11-2017 03:00:36 Software Distribution Service 3.0
16-11-2017 12:29:54 System Checkpoint
20-11-2017 12:22:38 System Checkpoint
22-11-2017 10:43:26 System Checkpoint
22-11-2017 13:22:37 Revo Uninstaller's restore point - Secunia PSI (3.0.0.11005)
24-11-2017 01:45:10 System Checkpoint
27-11-2017 11:18:18 System Checkpoint
05-12-2017 13:11:31 System Checkpoint
06-12-2017 13:28:16 System Checkpoint
08-12-2017 20:20:54 System Checkpoint
09-12-2017 20:56:03 System Checkpoint
11-12-2017 16:26:21 System Checkpoint
14-12-2017 03:51:20 System Checkpoint
15-12-2017 05:02:01 System Checkpoint
==================== Faulty Device Manager Devices =============
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (12/19/2017 10:16:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (12/18/2017 02:44:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application autoruns.exe, version 13.80.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (11/28/2017 03:12:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (11/28/2017 03:12:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
System errors:
=============
Error: (12/19/2017 06:00:22 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7
Error: (12/19/2017 06:00:22 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7
Error: (12/19/2017 10:40:48 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
Error: (12/19/2017 10:36:09 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (12/19/2017 09:55:51 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (12/19/2017 09:52:26 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
Error: (12/19/2017 09:40:19 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
Error: (12/19/2017 09:28:15 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
Error: (12/19/2017 09:16:08 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
Error: (12/19/2017 09:04:02 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
==================== Memory info ===========================
Processor: Intel® Core i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 33%
Total physical RAM: 3488.02 MB
Available physical RAM: 2313.59 MB
Total Virtual: 5369.82 MB
Available Virtual: 4041.48 MB
==================== Drives ================================
Drive c: (WinXP) (Fixed) (Total:465.76 GB) (Free:368.56 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (D) (Fixed) (Total:465.76 GB) (Free:276.75 GB) NTFS
Drive t: (ASM8112) (Fixed) (Total:2794.45 GB) (Free:1325.25 GB) NTFS
Drive x: () (Network) (Total:465.76 GB) (Free:368.56 GB)
Drive y: () (Network) (Total:465.76 GB) (Free:368.56 GB)
Drive z: () (Network) (Total