Another Poweliks Infection

mustang302 · October 27, 2014

Hi All,

I have been chasing some issues that started out as a msiecec.exe that would go away with AVG and then return upon re-boot. After running malwarebytes, it seems to have been resolved but I am still picking up 2 files (poweliks) every time re-boot. It seems to quarantine the issue but it always returns. Is there anyone that can help me run a program to get rid of this awful virus? Please see attached Hi-Jack file: And thank you in advance for any help you can give.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:22:18 PM, on 10/27/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 33.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\bob\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "bob"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [13753] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msyyyalua.exe
O4 - Startup: rasautou.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.piriform.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290006850321
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = maclean.local
O17 - HKLM\Software\..\Telephony: DomainName = maclean.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = maclean.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = maclean.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5826 bytes

Naathim · October 27, 2014

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

First of all select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

HiJackThis is outdated. Post me the FRST report please.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

mustang302 · October 28, 2014

Hi Naat,

Thank you for the reply. Please see logs that you have requested.

<?xml version="1.0" encoding="UTF-16" ?>
- <mbam-log>
- <header>
<date>2014/10/28 10:19:55 -0400</date>
<logfile>mbam-log-2014-10-28 (10-19-54).xml</logfile>
<isadmin>yes</isadmin>
</header>
- <engine>
<version>2.00.3.1025</version>
<malware-database>v2014.10.27.05</malware-database>
<rootkit-database>v2014.10.22.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
- <system>
<osversion>Windows XP Service Pack 3</osversion>
<arch>x86</arch>
<username>bob</username>
<filesys>NTFS</filesys>
</system>
- <summary>
<type>threat</type>
<result>completed</result>
<objects>336713</objects>
<time>2299</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>7</files>
<sectors>0</sectors>
</summary>
- <options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
- <items>
- <key>
<path>HKLM\SOFTWARE\CLASSES\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LOCALSERVER32\</path>
<vendor>Rootkit.Poweliks</vendor>
<action>success</action>
<hash>8130fe1b0e6e51e5d251989b55ae1fe1</hash>
</key>
- <key>
<path>HKLM\SOFTWARE\CLASSES\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}</path>
<vendor>Rootkit.Poweliks</vendor>
<action>delete-on-reboot</action>
<hash>8130fe1b0e6e51e5d251989b55ae1fe1</hash>
</key>
- <file>
<path>C:\Documents and Settings\bob\Application Data\ChromeUpdate.exe</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>496873a618642f0704299444ed14d729</hash>
</file>
- <file>
<path>c:\documents and settings\all users\local settings\temp\msyyyalua.exe</path>
<vendor>Trojan.Agent</vendor>
<action>delete-on-reboot</action>
<hash>02af3bdeacd0999dc56808d0ae53be42</hash>
</file>
- <file>
<path>C:\Documents and Settings\bob\Local Settings\Temp\1C.tmp</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>eac7a6734a320e28af7edafed62b3dc3</hash>
</file>
- <file>
<path>C:\Documents and Settings\bob\Local Settings\Temp\1D.tmp</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>10a11009eb9192a46fbeb523857c8878</hash>
</file>
- <file>
<path>C:\Documents and Settings\bob\Local Settings\Temp\1E.tmp</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>357c75a4fb8187afed4040987d84847c</hash>
</file>
- <file>
<path>C:\WINDOWS\Installer\{4877B555-C84A-4A33-B97D-4A18C3E7B45E}\msiexec.exe</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>783951c89ce067cfc16c09cf58a904fc</hash>
</file>
- <file>
<path>C:\WINDOWS\Installer\{9C3458D7-984B-4FEE-9F49-2626151A973F}\msiexec.exe</path>
<vendor>Trojan.Agent</vendor>
<action>success</action>
<hash>d4ddbb5e9ddf85b1032ac41453ae629e</hash>
</file>
</items>
</mbam-log>

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by bob (administrator) on SHOPLAPTOP on 28-10-2014 10:14:51
Running from C:\Documents and Settings\bob\Desktop
Loaded Profile: bob (Available profiles: bob & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Dell Inc) C:\WINDOWS\system32\WLTRAY.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\point32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Dell Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\point32.exe [217088 2005-03-23] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\RunServicesOnce: [washindex] => C:\Program Files\Washer\washidx.exe [64512 2001-04-02] ()
HKLM\...\Winlogon: [uIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] ( (Microsoft Corporation))
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^k4QAAA==n{F+2i@#@&l{xAPzmOk7+p6(L+1O`r?1.rwDRUtnVsE*i@#@&S4k^+cne'c+b@#@&`@#@&7DDz@#@&i @#@&di (the data entry has 33863 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\S-1-5-21-4256134047-3914645296-3435934652-1182\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-4256134047-3914645296-3435934652-1182\...\MountPoints2: {ff51663f-1d1c-11e2-9d6a-00123f07a0b6} - E:\MotoCastSetup.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\bob\Start Menu\Programs\Startup\rasautou.lnk
ShortcutTarget: rasautou.lnk -> C:\Documents and Settings\All Users\Application Data\AVG2012\IDS\quarantine\f893fe20-4ea4-47d2-bc1d-d15b79e34945\3f9949a6-4eb6-47d2-bc1d-d15b79e34945 (No File)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {3B9CCF95-728A-4432-A950-2AA2351FD69A} URL = http://info.com/searchw?qkw={searchTerms}&qcat=web&q={searchTerms}&qhqn={searchTerms}&KW={searchTerms}
SearchScopes: HKCU - {3B9CCF95-728A-4432-A950-2AA2351FD69A} URL = http://info.com/searchw?qkw={searchTerms}&qcat=web&q={searchTerms}&qhqn={searchTerms}&KW={searchTerms}
SearchScopes: HKCU - {A07979C5-740D-46E2-A433-AAF0992FB144} URL = http://www.google.com/#hl=en&expIds=27519&sugexp=ldymls&xhr=t&q={searchTerms}&cp=3&pf=p&sclient=psy&site=&source=hp&aq=0&aqi=g4g-o1&aql=&oq=TES&gs_rfai=&pbx=1&fp=1a830a797d8f1890
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290006850321
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\7e6ufdcp.default
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-18]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-11-28]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [872556 2004-12-06] (Dell Inc) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2010-11-17] (Meetinghouse Data Communications) [File not signed]
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [369024 2004-12-06] (Broadcom Corporation)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [38376 2009-09-17] (SafeNet, Inc.)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
S3 catchme; \??\C:\DOCUME~1\bob\LOCALS~1\Temp\catchme.sys [X]
S3 UIUSys; system32\drivers\UIUSys.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 10:14 - 2014-10-28 10:15 - 00010396 _____ () C:\Documents and Settings\bob\Desktop\FRST.txt
2014-10-28 10:13 - 2014-10-28 10:15 - 00000000 ____D () C:\FRST
2014-10-28 10:13 - 2014-10-28 09:25 - 01104896 _____ (Farbar) C:\Documents and Settings\bob\Desktop\FRST.exe
2014-10-28 10:01 - 2014-10-28 10:01 - 00000049 _____ () C:\Documents and Settings\bob\Desktop\123.txt
2014-10-28 07:16 - 2014-10-28 07:18 - 00000000 ___SD () C:\ComboFix
2014-10-27 16:42 - 2014-10-27 16:42 - 00000000 _RSHD () C:\cmdcons
2014-10-27 16:42 - 2010-11-17 09:45 - 00000211 _____ () C:\Boot.bak
2014-10-27 16:42 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-10-27 16:39 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-27 16:39 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-27 16:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-27 16:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-27 16:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-27 16:39 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-27 16:39 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-27 16:39 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-27 16:39 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-27 16:37 - 2014-10-27 16:39 - 00000000 ____D () C:\Qoobox
2014-10-27 16:37 - 2014-10-27 16:37 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-27 16:36 - 2014-10-27 16:32 - 05583977 ____R (Swearware) C:\Documents and Settings\bob\Desktop\ComboFix.exe
2014-10-27 16:33 - 2014-10-27 16:35 - 00000000 ____D () C:\Documents and Settings\bob\Application Data\GetRightToGo
2014-10-27 14:56 - 2014-10-28 07:40 - 00000000 ___HD () C:\0673b40
2014-10-27 14:56 - 2014-10-27 14:57 - 00087200 _____ () C:\Documents and Settings\All Users\Application Data\wrnhoah.tmp
2014-10-27 14:56 - 2014-10-27 14:56 - 13452574 _____ (PortableApps.com) C:\Documents and Settings\bob\Application Data\ChromeUpdate.exe
2014-10-27 14:56 - 2014-10-27 14:56 - 00000944 ____H () C:\Documents and Settings\All Users\Application Data\@system2.att
2014-10-27 14:56 - 2014-10-27 14:56 - 00000448 ____H () C:\Documents and Settings\bob\Application Data\麽鎒駓覜
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Local Settings\Temp
2014-10-27 13:59 - 2014-10-27 13:43 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\bob\Desktop\HijackThis.exe
2014-10-27 10:54 - 2014-10-27 10:54 - 00002220 _____ () C:\Documents and Settings\bob\My Documents\cc_20141027_105446.reg
2014-10-27 10:45 - 2014-10-27 10:46 - 00000000 ____D () C:\Documents and Settings\bob\Application Data\Mozilla
2014-10-27 10:45 - 2014-10-27 10:45 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-27 10:45 - 2014-10-27 10:45 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-10-27 10:45 - 2014-10-27 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-27 10:45 - 2014-10-27 10:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-27 10:45 - 2014-10-27 10:45 - 00000000 ____D () C:\Documents and Settings\bob\Local Settings\Application Data\Mozilla
2014-10-27 10:45 - 2014-10-27 10:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-10-27 10:22 - 2014-10-27 10:22 - 00237058 _____ () C:\Documents and Settings\bob\My Documents\cc_20141027_102251.reg
2014-10-27 10:16 - 2014-10-27 10:16 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-10-27 10:16 - 2014-10-27 10:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-10-27 10:15 - 2014-10-27 10:16 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 15:33 - 2014-10-24 15:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\j9tbgsdger04q
2014-10-24 14:19 - 2014-10-28 10:07 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 14:18 - 2014-10-24 14:18 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 14:18 - 2014-10-24 14:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-24 14:18 - 2014-10-24 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 14:18 - 2014-10-24 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-24 14:18 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-24 14:18 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-24 14:03 - 2014-10-24 14:16 - 00001061 _____ () C:\Documents and Settings\bob\Desktop\avgrep.txt
2014-10-24 13:49 - 2014-10-24 13:55 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-10-24 13:49 - 2014-10-24 13:55 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-10-24 10:45 - 2014-10-24 13:46 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-10-24 10:45 - 2014-10-24 13:46 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-10-24 10:45 - 2014-10-24 10:45 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-10-24 10:45 - 2014-10-24 10:45 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-10-24 10:45 - 2014-10-24 10:45 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-10-24 10:44 - 2014-10-24 10:46 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-10-24 10:44 - 2014-10-24 10:44 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-10-22 19:21 - 2014-10-22 21:46 - 00000000 ____D () C:\Documents and Settings\bob\Application Data\Varuxu

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 10:15 - 2010-11-17 10:38 - 00000000 ____D () C:\Documents and Settings\bob\Local Settings\Temp
2014-10-28 10:14 - 2010-11-17 10:19 - 01383273 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-28 10:10 - 2010-11-17 10:37 - 00000128 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-10-28 09:42 - 2012-12-13 07:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-28 07:39 - 2014-03-28 06:55 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-10-28 07:39 - 2010-11-17 10:28 - 00000000 __SHD () C:\WINDOWS\CSC
2014-10-28 07:39 - 2010-11-17 10:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-28 07:39 - 2010-11-17 04:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-28 07:39 - 2010-11-17 04:40 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-28 07:39 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-28 07:12 - 2010-11-17 10:26 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-28 07:09 - 2010-11-17 10:38 - 00000278 ___SH () C:\Documents and Settings\bob\ntuser.ini
2014-10-27 17:23 - 2011-11-28 12:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2012
2014-10-27 16:42 - 2010-11-17 04:35 - 00000327 __RSH () C:\boot.ini
2014-10-27 14:42 - 2011-06-28 12:33 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-27 13:53 - 2013-07-16 07:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2845187$
2014-10-27 13:14 - 2011-11-28 12:14 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG
2014-10-27 13:07 - 2010-11-17 10:38 - 00000000 ____D () C:\Documents and Settings\bob
2014-10-27 12:54 - 2010-11-17 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-10-27 11:33 - 2010-11-17 04:36 - 00130888 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-27 11:31 - 2010-11-17 12:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956744$
2014-10-27 10:53 - 2010-11-22 08:49 - 00000000 ____D () C:\Documents and Settings\bob\Local Settings\Application Data\Adobe
2014-10-27 10:52 - 2012-03-30 09:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-27 10:52 - 2011-09-27 09:31 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-27 10:43 - 2010-11-17 04:29 - 00000000 ____D () C:\WINDOWS\security
2014-10-27 10:20 - 2014-09-23 19:01 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-27 08:18 - 2012-10-03 08:41 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-27 06:58 - 2010-11-17 12:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2121546$
2014-10-24 10:49 - 2010-11-17 12:50 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-24 10:46 - 2010-11-17 09:45 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-10-24 10:45 - 2010-11-17 04:29 - 00000000 ____D () C:\WINDOWS\Help
2014-10-24 08:07 - 2010-11-17 13:01 - 00000000 ____D () C:\Program Files\JobBOSS
2014-10-24 08:07 - 2010-11-17 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\JobBOSS
2014-10-23 15:43 - 2010-11-17 13:11 - 00000000 ____D () C:\Program Files\ProNC
2014-10-23 15:36 - 2011-01-17 12:32 - 00000000 ____D () C:\math
2014-10-20 08:02 - 2010-11-18 09:40 - 00000000 ____D () C:\exec files
2014-10-16 23:56 - 2013-08-15 00:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 23:52 - 2010-11-17 12:05 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-09 18:32 - 2010-11-30 09:01 - 00000825 _____ () C:\WINDOWS\BRWMARK.INI
2014-10-08 15:00 - 2014-03-28 06:55 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-01 11:42 - 2011-01-17 12:19 - 00000024 _____ () C:\WINDOWS\SCAux.INI
2014-10-01 09:15 - 2010-11-18 13:01 - 00001536 _____ () C:\WINDOWS\ODBC.INI

Some content of TEMP:
====================
C:\Documents and Settings\bob\Local Settings\Temp\install_flashplayer15x32_mssd_aaa_aih.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-10-2014 01
Ran by bob at 2014-10-28 10:17:27
Running from C:\Documents and Settings\bob\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.4031 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
BobCAD-CAM V21 (HKLM\...\{5071E947-0232-4B91-B926-CD77E7DD569C}) (Version: 21.0 - BobCAD-CAM)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D480 MDC V.9x Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version: - )
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: - )
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
JobBOSSClient (HKLM\...\{C81C00B2-72E2-4D2D-8CAB-DB8395373BA4}) (Version: 11.7.4.1 - Exact Software ERP-NA/JobBOSS Software)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 5.3 (HKLM\...\{5B39603F-2A77-40E6-950D-ED7B8307933D}) (Version: 5.30.606.0 - Microsoft)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
ProNC (HKLM\...\ST5UNST #1) (Version: - )
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM\...\{FBAB5DC0-657B-424F-BE58-07DEFF68917C}) (Version: 13.0.5.891 - SAP)
Sentinel Protection Installer 7.2.2 (HKLM\...\{6DC0632A-A838-4B34-AC19-0FA18E1C533C}) (Version: 7.2.2 - SafeNet, Inc.)
Sentinel Protection Installer 7.6.1 (HKLM\...\{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}) (Version: 7.6.1 - SafeNet, Inc.)
Shockwave Player (HKLM\...\{930439A1-B49E-4A54-A499-31BDC1A91DE5}) (Version: 8.5.1.436 - Macromedia, Inc.)
SolidWorks 2010 Document Manager API (HKLM\...\{22029934-958E-4D4D-8593-2AEF0CFDB6C7}) (Version: 18.00.5035 - SolidWorks Corporation)
SolidWorks Document Manager (HKLM\...\{6E5AB882-67E5-4651-AB73-5A60CB8AD514}) (Version: 14.40.66 - SolidWorks Corporation)
SURFCAM V5 (HKLM\...\{F254C1B6-057E-459A-A304-648EB9CDFF9F}) (Version: 1.0.0 - )
SURFCAM VELOCITY II (HKLM\...\{6D9DE82C-2890-4C0E-9841-0C3E9F7492DC}) (Version: 1.1.0 - )
uniPoint Client (HKLM\...\InstallShield_{FDC13245-61D2-4798-A7B4-8B79A787858B}) (Version: 2010.1.4 - uniPoint)
uniPoint Client (Version: 2010.1.4 - uniPoint) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version: - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Workstation Driver (HKLM\...\{79059456-889A-4577-B951-BB3F52E5621B}) (Version: 11.7.2 - Exact Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{0103D176-A03C-4961-9B6E-F7A6BF89F774}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{07111263-A2F6-450B-820D-FB35086FB08A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{07219F8F-7C3D-4E06-8F8B-A7122DE1DC0B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{07DD4866-B534-4DB1-8355-BA80CEA9FDE5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{0D0A4B83-F79C-4E35-899F-7341449D0A59}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{0D8B54B7-E905-45B8-9AE6-874C92434837}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{0F907975-A666-45DB-B1FB-1F286BE71FDB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{11373434-E3A7-4E28-B588-B528306F86E4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{14C766B5-E668-4C77-A2FD-A1B134C7F04F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{15EF38E6-08C9-4B3A-A174-6182823CE0D1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{1B845987-89E8-40DF-83D9-818520C49A82}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{1CDD66E3-65A6-4080-A48D-0491BCC0403E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{1E74028E-6CC8-4A6E-9D23-F40678BAFDC6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{22054B35-52F1-454B-B609-5228E0ED6023}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{267FEAB4-2EAA-4C99-94CB-A2DA2271FF5C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{27B4C8CD-5FF9-461B-BE5D-67855DEF79D0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{29E693C8-D96D-4D72-8B90-B92F400E7DAA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{29E8D86D-8F01-41FC-8160-380E7178ABBB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{2D9270D1-931B-4E6D-A404-990836E1F7CE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{2ECE873B-417E-4E69-811E-E6571F09F4FF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{330F989E-ED97-4ABC-B144-52DB1BB924CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{34D97742-662A-4E25-A72B-BD9EA434F03F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{3BE49CBF-3F96-4C89-89A6-877B745F412D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{3D7738E2-4DC2-4185-98FB-E90DEAB03319}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{41AE41E4-FB14-460D-8E47-8D1FD83556D1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{41AEB85F-159E-476D-B80D-B3EA9AC591E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{429FFCEE-F2B0-468C-A07B-9840A0DEDDD3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{45B48C21-93D8-4667-8886-174AD7E60424}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{4605016A-F025-4E13-BDA8-50F06548F410}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{46982DC4-BB2D-4704-9F40-D6DD4A21B1E1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{47B3AB1F-B4E0-4791-8424-DE45A6A972A6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{4A3CF5B6-B188-477B-9AE3-5FDF45DCD145}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{4C8AC60D-E755-448C-9341-40B60D865374}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{4E052691-397A-4912-A378-C2B99ABCB43F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{501D1AD6-06A5-439F-A2D1-8D439358B072}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{50477BE9-3046-48E2-BAE3-733E85C1EC4D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{5547BC14-3B79-41DD-8A84-35A80492E671}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{57DB2C38-C5AB-405F-908A-9DE38C9E6A57}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{57DBDA72-16CF-49B3-AA17-8676CD287C37}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{5A71D218-E5CC-4E37-88C3-58B117614218}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6180CF2D-5A19-4B3E-8686-C6398D175B36}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{624E58DD-1AD0-4AB5-8F61-C72A81CEA46F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6417A256-75D3-483D-8BD2-99DD8DFDA296}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6467252F-85A4-4BF6-98D5-74CBEF581527}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{64D056D5-B54F-4215-B062-C58EA1BD8F54}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{66B15A67-E7EB-434C-8144-70F4D3D2F58C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6B3FA73B-1887-4D2E-B2FA-C89D374E5259}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6CE66C78-CC8D-4DFC-9A41-63C509C1A0DA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6DFA3FAC-2115-4195-A2D1-EABC319C0F04}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6FC5B1DA-00E8-4B7E-A8B0-4E573DD0FFFE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{70E64A23-4565-4C73-A552-E72E3CCD1A8B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{71214FF6-B868-4152-A258-B3565DD056A3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{754C9562-BBC6-498F-AC1E-90BBC288C539}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{7904BF78-71E4-4F5B-B3F0-BD4FE8058DF6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{7DB9DF5D-A7F5-4E5C-937E-375E4C83ED01}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{7F9A055C-CEB5-4FD4-A891-C88CC4D627CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{804B9D67-94B2-4030-8630-79DC378A8D8B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{810775F3-5920-4136-8073-8F57C1D2BCE2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{83778DD4-E017-4200-BF66-762567B37E0F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{83D47319-7ED4-4819-8EB1-955887FE4A41}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{896080EC-C09A-42D0-8B21-2D0B9E4A0FDA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{8B7630C3-CEB9-4834-AE30-DE369A5F33B0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{8CCB2615-0F16-41DB-A111-4D0C0273AE55}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{8DFC3C80-40F9-4DB7-8F0F-4CC4630F2624}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{8E6D709E-F597-41DE-9021-0B7ED75B9B34}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9047DA5E-BF39-417B-946D-E3BB11CC95CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9180564E-AC6F-402E-A5F3-9C1511223E23}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{919D750B-3B69-4B05-86E9-917F6837CE6C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{91CA5908-594A-4208-AF7A-D82BCEF9BC8B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{91E4A56D-87C1-4782-9A2C-173928384C06}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{92E14BB1-1101-4EB5-971E-11E8C3ED490A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{93D4D2DE-D4A6-45C1-96FA-F4EAD40B31E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{95841D3A-D4EA-4F6C-9B62-B7CBA4B51B6F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{980F72F1-2EA9-430B-9256-5615B43DB3A1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{996A5DE8-1DF3-454C-89D1-01DC801C99F1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9C336A4E-DFC8-4295-9A31-F3EBB67B973B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9CCB3E6C-74DC-4923-A254-EE074B40D8A5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9CFB60EE-0DAB-4F78-B0B2-8FB4AC77B101}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9DD99AB2-DE04-4C7B-A5D1-8A01E5E2756B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9F378231-C2A6-4242-95F0-B74B44CF527A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{A2F62A99-E230-44B1-B2EA-F7EBD83343CF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{AAF8C999-E806-4BA7-AFE8-952B6369C5F8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{AB016B02-7EEE-4E92-8A8F-A29B3E521CD8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{AE889A25-2F91-4426-8F22-E6E027259F19}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{AF44713D-B42B-471F-AD5C-10FFDF90C8AF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{B0B73AC5-12CF-40AF-8BB6-0968A35AD9FF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{B2F4F779-BEBD-4AE6-83D3-FACD38BC49CE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C270C35E-8EB4-4838-B3AB-C091BC6E23A7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C42A9F60-B904-484A-88FB-9FC16DF15972}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C4551D7E-D99C-4C82-849A-344B2477BEBF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C6A3A139-71C7-4EFF-A0E6-A7DFC841F14A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C89A7938-BC50-4CF8-A3DB-E55FD8F96943}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C8FB7D40-4675-4A8F-8828-57120F8DE789}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C9D13887-69B1-40C1-8A97-1B286C82165E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C9FDBEDF-FCDE-4E7F-8FFA-CEDF683FAC69}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{CB48EE57-6DD9-45C2-8CB8-5154B75D8A99}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{CD19BF93-4616-4460-9FDD-49225E41ECD3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D1F8B1F8-3CF6-4797-B2D4-54FBD9D6DA62}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D21549D7-F539-4FA5-A3D8-9D6DC81C8407}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D48EE29F-DB00-4FFE-B6CA-99AAF1428723}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D6B8D095-0F11-46A9-B4F0-F0FA81BE0A30}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D7636F4D-190E-4ED6-922C-9DE220A6A313}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D80DB259-6551-44D8-981C-57600D195BB7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D8A7264A-58FE-4A1C-92A4-C23D72243334}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{DE6BEE09-75E3-409F-9E73-4460A75AC142}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{DF12EF5B-B2FE-422A-9EDA-A3BB6C1315A1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{DF173DBE-250A-48DD-90A5-0E7F858EBF2D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E03F2C5A-B77C-4A8A-B133-4A6344B8C18A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E0B66335-9D8E-4F9F-8BD0-F2D0A603D8CC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E157E247-8BF1-4B70-89F3-83FEC59A2840}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E2093D35-6F94-40BA-8422-7732E57FC82D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E3A6890B-348B-4BA4-A1C9-2D1FDE41E261}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E44BDDE8-E177-4636-AFE6-884D865EB41F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E6B35C89-A687-4A13-AA3F-EDA8B0B04315}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E9776B6F-043F-4034-8EDB-C936286CB7DA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{EA59ED08-2C7C-4230-87FE-E5750B06B6B5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F1298FD6-445B-4122-88EB-88301A479948}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F2E67DE4-5CD5-4BDE-835A-E670301F8BB2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F380238F-3CA6-42E3-9939-57A4E398C72A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F421D112-6254-4245-A9E5-BD041D339BE2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F4FB6C75-4ECA-40EB-A6F0-7C01AC21FD2A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F8343E8D-7D54-4FCB-90FC-C037B94ABCC1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FA7D07C9-34FB-408F-B63A-CDD706AF41BD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FB7946A8-6168-4706-9D14-5DE342258BB6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FE35EA55-E428-47FD-BE18-7C2240FE6E40}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FF684E4B-E1BD-486A-A0DF-7B8C31397A19}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FFA42833-BAF1-4C61-8EC3-748404268A6A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FFD04005-9AB7-4762-BF3F-88C26C29986C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

14-10-2014 14:39:00 System Checkpoint
15-10-2014 15:31:55 System Checkpoint
16-10-2014 17:51:12 System Checkpoint
17-10-2014 03:52:21 Software Distribution Service 3.0
20-10-2014 21:40:26 System Checkpoint
21-10-2014 22:25:28 System Checkpoint
22-10-2014 22:32:23 System Checkpoint
24-10-2014 14:45:01 Installed %1 %2.
25-10-2014 15:05:38 System Checkpoint
26-10-2014 16:05:37 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 08:00 - 2004-08-04 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2010-11-17 10:41 - 2004-12-06 15:45 - 00065536 ____N () C:\WINDOWS\System32\wltrysvc.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-842925246-1580436667-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-842925246-1580436667-839522115-1003 - Limited - Enabled)
Guest (S-1-5-21-842925246-1580436667-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-842925246-1580436667-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-842925246-1580436667-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1350 WLAN Mini-PCI Card
Description: Dell Wireless 1350 WLAN Mini-PCI Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 07:40:53 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for MACLEAN\bob failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/28/2014 07:39:37 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/28/2014 07:39:17 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/28/2014 07:39:16 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/28/2014 07:14:21 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/28/2014 07:13:50 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/28/2014 07:12:13 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/28/2014 07:12:08 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/28/2014 07:03:16 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for MACLEAN\bob failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/28/2014 07:02:01 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

System errors:
=============
Error: (10/28/2014 10:13:17 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0

Error: (10/28/2014 10:12:37 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0

Error: (10/28/2014 10:12:03 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0

Error: (10/28/2014 07:39:16 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain MACLEAN due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/28/2014 07:15:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
Fips
intelppm
OMCI

Error: (10/28/2014 07:14:41 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/28/2014 07:13:50 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain MACLEAN due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/28/2014 07:12:08 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain MACLEAN due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/28/2014 06:58:38 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain MACLEAN due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/27/2014 05:28:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (10/28/2014 07:40:53 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: MACLEAN\bob0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:39:37 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:39:17 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:39:16 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:14:21 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:13:50 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:12:13 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:12:08 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:03:16 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: MACLEAN\bob0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/28/2014 07:02:01 AM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

==================== Memory info ===========================

Processor: Intel® Pentium® M processor 1.60GHz
Percentage of memory in use: 46%
Total physical RAM: 1278.11 MB
Available physical RAM: 688.5 MB
Total Pagefile: 3053.07 MB
Available Pagefile: 2418.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:27.9 GB) (Free:14.65 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 27.9 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=27.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Naathim · October 29, 2014

Hi

ComboFix usage warning!

This tool is not a toy and should be used only if told to do so by a malware expert!

ComboFix is a very strong tool that makes alterations to your system each time it is run. Please see THIS post by sUBS, the developer of ComboFix. You should never use it as a scanner for infections if you dont know what is onboard, as in some particular situations CF is able to render your machine ustable.
You can compare it to a scalpel. While in surgeon's hand, it will probably do its job; while if used not by a doctor may cause more harm than good.

Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
Accept the Terms of use.
When the Scan button becomes available, please click it. RogueKiller will start a full scan.
Let this process run uninterrupted!.
When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

mustang302 · October 29, 2014

Hi Naat,

I am unable to run rouge killer. I get a message saying that rougekiller is not a valid Win32 application. Any ideas?

Thanks

Naathim · October 29, 2014

reboot your machine please and try again. If no joy, I will use something another.

mustang302 · October 29, 2014

Hi Naat,

I rebooted and even tried in safe mode, still won't run.

Thanks

Naathim · October 29, 2014

OK, we will probably have to slay it another way.

Tell me - did ComboFix produce the logfile when ran earlier? Should be at C:\ComboFix.txt

mustang302 · October 29, 2014

Hi Naat,

Combofix would start to scan and then hang up. Was never able to finish the scan.

Thanks

Naathim · October 30, 2014

Reboot your machine into safe mode w/networking and try to run ComboFix from there.

Please reboot your computer and start tapping F8 repeatedly.

You should see a couple of options there, but the main three will be:

Safe Mode
Safe Mode with networking
Safe Mode with command prompt

Using your arrow keys enter the Safe Mode with networking option.

mustang302 · October 30, 2014

Hi Naat,

Thank you for your help. Unfortunately, I was able to get combofix to run and start autoscan. Once there, it runs forever and just hangs. This is what happens while running in normal mode as well. Let me know if this may be a candidate of a re-format or maybe you have another idea.

Thanks

Naathim · October 30, 2014

Hi

Can't tell, but it doesn't look good if the tools don't want to cooperate.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

Copy the entire content of the codebox below and paste into the Notepad document:

startHKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^k4QAAA==n{F+2i@#@&l{xAPzmOk7+p6(L+1O`r?1.rwDRUtnVsE*i@#@&S4k^+cne'c+b@#@&`@#@&7DDz@#@&i    @#@&di (the data entry has 33863 more characters). <==== ATTENTION!InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTIONend

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

mustang302 · November 3, 2014

Hi Naat,

Sorry for the delay. I appreciate your help. Please see the log.

Thanks

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014
Ran by bob at 2014-11-03 10:56:18 Run:1
Running from C:\Documents and Settings\bob\Desktop
Loaded Profile: bob (Available profiles: bob & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^k4QAAA==n{F+2i@#@&l{xAPzmOk7+p6(L+1O`r?1.rwDRUtnVsE*i@#@&S4k^+cne'c+b@#@&`@#@&7DDz@#@&i @#@&di (the data entry has 33863 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
end
*****************

HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\a => value deleted successfully.
[HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] => Subkey with invalid name deleted successfully.

==== End of Fixlog ====

Naathim · November 3, 2014

OK, FRST killed the main baddie. Now please give me a fresh look:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

mustang302 · November 3, 2014

Hi Naat,

Please see the following:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by bob (administrator) on SHOPLAPTOP on 03-11-2014 12:58:29
Running from C:\Documents and Settings\bob\Desktop
Loaded Profile: bob (Available profiles: bob & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Dell Inc) C:\WINDOWS\system32\WLTRAY.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\point32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Dell Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\point32.exe [217088 2005-03-23] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\RunServicesOnce: [washindex] => C:\Program Files\Washer\washidx.exe [64512 2001-04-02] ()
HKLM\...\Winlogon: [uIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-4256134047-3914645296-3435934652-1182\...\MountPoints2: {ff51663f-1d1c-11e2-9d6a-00123f07a0b6} - E:\MotoCastSetup.exe -a
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-24] (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {3B9CCF95-728A-4432-A950-2AA2351FD69A} URL = http://info.com/searchw?qkw={searchTerms}&qcat=web&q={searchTerms}&qhqn={searchTerms}&KW={searchTerms}
SearchScopes: HKCU - {3B9CCF95-728A-4432-A950-2AA2351FD69A} URL = http://info.com/searchw?qkw={searchTerms}&qcat=web&q={searchTerms}&qhqn={searchTerms}&KW={searchTerms}
SearchScopes: HKCU - {A07979C5-740D-46E2-A433-AAF0992FB144} URL = http://www.google.com/#hl=en&expIds=27519&sugexp=ldymls&xhr=t&q={searchTerms}&cp=3&pf=p&sclient=psy&site=&source=hp&aq=0&aqi=g4g-o1&aql=&oq=TES&gs_rfai=&pbx=1&fp=1a830a797d8f1890
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290006850321
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-18]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-11-28]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [872556 2004-12-06] (Dell Inc) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2010-11-17] (Meetinghouse Data Communications) [File not signed]
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [369024 2004-12-06] (Broadcom Corporation)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [38376 2009-09-17] (SafeNet, Inc.)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
S3 cpuz134; \??\C:\DOCUME~1\bob\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 UIUSys; system32\drivers\UIUSys.sys [X]
S0 ywod; System32\drivers\hnppvqn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 12:50 - 2014-11-03 12:58 - 00009126 _____ () C:\Documents and Settings\bob\Desktop\FRST.txt
2014-11-03 10:52 - 2014-11-03 10:48 - 00000562 _____ () C:\fixlist.txt
2014-11-03 10:51 - 2014-11-03 10:51 - 01106432 _____ (Farbar) C:\Documents and Settings\bob\Desktop\FRST.exe
2014-11-03 10:51 - 2014-11-03 10:51 - 00000000 ____D () C:\Documents and Settings\bob\Desktop\FRST-OlderVersion
2014-10-30 06:26 - 2014-10-30 06:26 - 00000000 _RSHD () C:\cmdcons
2014-10-30 06:24 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-30 06:24 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-30 06:24 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-30 06:24 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-30 06:24 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-30 06:24 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-30 06:24 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-30 06:24 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-30 06:24 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-30 06:23 - 2014-10-30 06:29 - 00000000 ___SD () C:\ComboFix
2014-10-30 06:17 - 2014-10-30 06:17 - 05591672 ____R (Swearware) C:\Documents and Settings\bob\Desktop\ComboFix.exe
2014-10-29 12:45 - 2014-10-29 12:51 - 00000128 _____ () C:\WINDOWS\Reimage.ini
2014-10-29 09:16 - 2014-10-29 09:16 - 00000000 ____D () C:\Avenger
2014-10-29 08:25 - 2014-10-29 08:26 - 00006493 _____ () C:\WINDOWS\iis6.log
2014-10-29 08:25 - 2014-10-29 08:26 - 00002821 _____ () C:\WINDOWS\tsoc.log
2014-10-29 08:25 - 2014-10-29 08:26 - 00002054 _____ () C:\WINDOWS\comsetup.log
2014-10-29 08:25 - 2014-10-29 08:26 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-29 08:25 - 2014-10-29 08:26 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-29 08:25 - 2014-10-29 08:26 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-10-29 08:25 - 2014-10-29 08:26 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-10-29 08:25 - 2014-10-29 08:25 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-10-29 08:25 - 2014-10-29 08:25 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-10-29 08:25 - 2014-10-29 08:25 - 00001906 _____ () C:\WINDOWS\msmqinst.log
2014-10-29 08:25 - 2014-10-29 08:25 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-10-29 08:25 - 2014-10-29 08:25 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-10-29 08:25 - 2014-10-29 08:25 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-10-29 08:25 - 2014-10-29 08:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-29 08:25 - 2014-10-29 08:25 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-10-29 08:18 - 2014-10-29 08:18 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-10-29 08:14 - 2014-10-29 08:14 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-10-29 07:55 - 2014-11-03 12:08 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 07:54 - 2014-10-29 07:54 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 07:53 - 2014-10-29 07:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 07:53 - 2014-10-01 10:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-29 07:53 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-29 06:56 - 2014-10-29 06:56 - 00000000 ____D () C:\Program Files\SafeNet Sentinel
2014-10-28 16:18 - 2014-10-29 06:54 - 00000000 ____D () C:\RECYCLER(2)
2014-10-28 15:13 - 2014-11-03 10:11 - 00011527 _____ () C:\WINDOWS\setupapi.log
2014-10-28 15:13 - 2014-10-28 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-28 15:03 - 2014-10-28 15:03 - 00000000 ____D () C:\Documents and Settings\Administrator\IETldCache
2014-10-28 12:28 - 2014-10-29 06:56 - 00000000 ____D () C:\ComboFix(2)
2014-10-28 12:04 - 2014-10-29 09:27 - 4037345164 _____ () C:\avenger.txt
2014-10-28 09:13 - 2014-11-03 12:58 - 00000000 ____D () C:\FRST
2014-10-27 15:42 - 2010-11-17 08:45 - 00000211 _____ () C:\Boot.bak
2014-10-27 15:42 - 2004-08-03 22:00 - 00260272 __RSH () C:\cmldr
2014-10-27 15:37 - 2014-10-30 06:24 - 00000000 ____D () C:\Qoobox
2014-10-27 15:37 - 2014-10-27 15:37 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-27 15:33 - 2014-10-27 15:35 - 00000000 ____D () C:\Documents and Settings\bob\Application Data\GetRightToGo
2014-10-27 13:56 - 2014-10-27 13:57 - 00087200 _____ () C:\Documents and Settings\All Users\Application Data\wrnhoah.tmp
2014-10-27 13:56 - 2014-10-27 13:56 - 00000944 ____H () C:\Documents and Settings\All Users\Application Data\@system2.att
2014-10-27 13:56 - 2014-10-27 13:56 - 00000448 ____H () C:\Documents and Settings\bob\Application Data\麽鎒駓覜
2014-10-27 09:54 - 2014-10-27 09:54 - 00002220 _____ () C:\Documents and Settings\bob\My Documents\cc_20141027_105446.reg
2014-10-27 09:45 - 2014-10-29 06:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-27 09:45 - 2014-10-29 06:58 - 00000000 ____D () C:\Documents and Settings\bob\Application Data\Mozilla
2014-10-27 09:45 - 2014-10-27 09:45 - 00000000 ____D () C:\Documents and Settings\bob\Local Settings\Application Data\Mozilla
2014-10-27 09:45 - 2014-10-27 09:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-10-27 09:22 - 2014-10-27 09:22 - 00237058 _____ () C:\Documents and Settings\bob\My Documents\cc_20141027_102251.reg
2014-10-27 09:16 - 2014-10-29 07:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-10-24 13:18 - 2014-10-29 07:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-24 13:18 - 2014-10-24 13:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-24 12:49 - 2014-11-03 11:54 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-10-24 12:49 - 2014-10-24 12:55 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-10-24 09:45 - 2014-10-24 12:46 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-10-24 09:45 - 2014-10-24 12:46 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-10-24 09:45 - 2014-10-24 09:45 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-10-24 09:45 - 2014-10-24 09:45 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-10-24 09:44 - 2014-10-29 08:21 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 12:58 - 2010-11-17 09:38 - 00000000 ____D () C:\Documents and Settings\bob\Local Settings\Temp
2014-11-03 12:42 - 2012-12-13 06:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-03 12:07 - 2010-11-17 03:37 - 00590908 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-03 12:06 - 2014-03-28 05:55 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-03 12:06 - 2010-11-17 09:19 - 01555313 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-03 12:06 - 2004-08-04 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-03 11:57 - 2010-11-17 09:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-03 11:57 - 2010-11-17 03:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-03 11:57 - 2010-11-17 03:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-11-03 11:54 - 2010-11-17 09:38 - 00000278 ___SH () C:\Documents and Settings\bob\ntuser.ini
2014-11-03 11:54 - 2010-11-17 09:26 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-03 11:05 - 2010-11-17 09:37 - 00000128 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-10-30 10:18 - 2010-11-17 09:28 - 00000000 __SHD () C:\WINDOWS\CSC
2014-10-30 06:26 - 2010-11-17 03:35 - 00000327 __RSH () C:\boot.ini
2014-10-30 06:23 - 2011-06-28 11:33 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-29 13:11 - 2010-11-17 09:38 - 00000000 ____D () C:\Documents and Settings\bob
2014-10-29 09:16 - 2013-12-12 11:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-10-29 08:29 - 2010-11-17 11:50 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-29 08:26 - 2010-11-17 03:29 - 00000000 ____D () C:\WINDOWS\security
2014-10-29 08:25 - 2010-11-17 08:45 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-10-29 08:24 - 2011-11-28 11:14 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG
2014-10-29 07:08 - 2010-11-17 03:36 - 00131688 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-29 07:07 - 2010-11-17 09:28 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-29 07:07 - 2010-11-17 09:26 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-10-29 07:07 - 2010-11-17 09:25 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-10-29 07:06 - 2010-11-17 09:17 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-29 07:04 - 2013-08-14 23:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-28 15:45 - 2010-11-17 09:38 - 00001593 _____ () C:\Documents and Settings\bob\Start Menu\Programs\Remote Assistance.lnk
2014-10-28 15:45 - 2010-11-17 09:29 - 00001593 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-10-28 15:45 - 2010-11-17 09:21 - 00001593 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-10-28 15:14 - 2010-11-17 13:35 - 00024856 _____ () C:\Documents and Settings\bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-27 16:23 - 2011-11-28 11:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2012
2014-10-27 12:53 - 2013-07-16 06:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2845187$
2014-10-27 11:54 - 2010-11-17 10:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-10-27 10:31 - 2010-11-17 11:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956744$
2014-10-27 09:53 - 2010-11-22 07:49 - 00000000 ____D () C:\Documents and Settings\bob\Local Settings\Application Data\Adobe
2014-10-27 09:20 - 2014-09-23 18:01 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-27 07:18 - 2012-10-03 07:41 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-27 05:58 - 2010-11-17 11:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2121546$
2014-10-24 09:45 - 2010-11-17 03:29 - 00000000 ____D () C:\WINDOWS\Help
2014-10-24 07:07 - 2010-11-17 12:01 - 00000000 ____D () C:\Program Files\JobBOSS
2014-10-24 07:07 - 2010-11-17 12:01 - 00000000 ____D () C:\Documents and Settings\All Users\JobBOSS
2014-10-23 14:43 - 2010-11-17 12:11 - 00000000 ____D () C:\Program Files\ProNC
2014-10-23 14:36 - 2011-01-17 11:32 - 00000000 ____D () C:\math
2014-10-20 07:02 - 2010-11-18 08:40 - 00000000 ____D () C:\exec files
2014-10-09 17:32 - 2010-11-30 08:01 - 00000825 _____ () C:\WINDOWS\BRWMARK.INI
2014-10-08 14:00 - 2014-03-28 05:55 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

Some content of TEMP:
====================
C:\Documents and Settings\bob\Local Settings\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Documents and Settings\bob\Local Settings\Temp\ReimagePackage.exe
C:\Documents and Settings\bob\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\bob\Local Settings\Temp\WindowsXP-KB968930-x86-ENG.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by bob at 2014-11-03 12:59:08
Running from C:\Documents and Settings\bob\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.4031 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
BobCAD-CAM V21 (HKLM\...\{5071E947-0232-4B91-B926-CD77E7DD569C}) (Version: 21.0 - BobCAD-CAM)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D480 MDC V.9x Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version: - )
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: - )
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
JobBOSSClient (HKLM\...\{C81C00B2-72E2-4D2D-8CAB-DB8395373BA4}) (Version: 11.7.4.1 - Exact Software ERP-NA/JobBOSS Software)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 5.3 (HKLM\...\{5B39603F-2A77-40E6-950D-ED7B8307933D}) (Version: 5.30.606.0 - Microsoft)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
ProNC (HKLM\...\ST5UNST #1) (Version: - )
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM\...\{FBAB5DC0-657B-424F-BE58-07DEFF68917C}) (Version: 13.0.5.891 - SAP)
Sentinel Protection Installer 7.2.2 (HKLM\...\{6DC0632A-A838-4B34-AC19-0FA18E1C533C}) (Version: 7.2.2 - SafeNet, Inc.)
Sentinel Protection Installer 7.6.1 (HKLM\...\{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}) (Version: 7.6.1 - SafeNet, Inc.)
Shockwave Player (HKLM\...\{930439A1-B49E-4A54-A499-31BDC1A91DE5}) (Version: 8.5.1.436 - Macromedia, Inc.)
SolidWorks 2010 Document Manager API (HKLM\...\{22029934-958E-4D4D-8593-2AEF0CFDB6C7}) (Version: 18.00.5035 - SolidWorks Corporation)
SolidWorks Document Manager (HKLM\...\{6E5AB882-67E5-4651-AB73-5A60CB8AD514}) (Version: 14.40.66 - SolidWorks Corporation)
SURFCAM V5 (HKLM\...\{F254C1B6-057E-459A-A304-648EB9CDFF9F}) (Version: 1.0.0 - )
SURFCAM VELOCITY II (HKLM\...\{6D9DE82C-2890-4C0E-9841-0C3E9F7492DC}) (Version: 1.1.0 - )
uniPoint Client (HKLM\...\InstallShield_{FDC13245-61D2-4798-A7B4-8B79A787858B}) (Version: 2010.1.4 - uniPoint)
uniPoint Client (Version: 2010.1.4 - uniPoint) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version: - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Workstation Driver (HKLM\...\{79059456-889A-4577-B951-BB3F52E5621B}) (Version: 11.7.2 - Exact Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{0103D176-A03C-4961-9B6E-F7A6BF89F774}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{07111263-A2F6-450B-820D-FB35086FB08A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{07219F8F-7C3D-4E06-8F8B-A7122DE1DC0B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{07DD4866-B534-4DB1-8355-BA80CEA9FDE5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{0D0A4B83-F79C-4E35-899F-7341449D0A59}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{0D8B54B7-E905-45B8-9AE6-874C92434837}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{0F907975-A666-45DB-B1FB-1F286BE71FDB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{11373434-E3A7-4E28-B588-B528306F86E4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{14C766B5-E668-4C77-A2FD-A1B134C7F04F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{15EF38E6-08C9-4B3A-A174-6182823CE0D1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{1B845987-89E8-40DF-83D9-818520C49A82}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{1CDD66E3-65A6-4080-A48D-0491BCC0403E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{1E74028E-6CC8-4A6E-9D23-F40678BAFDC6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{22054B35-52F1-454B-B609-5228E0ED6023}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{267FEAB4-2EAA-4C99-94CB-A2DA2271FF5C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{27B4C8CD-5FF9-461B-BE5D-67855DEF79D0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{29E693C8-D96D-4D72-8B90-B92F400E7DAA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{29E8D86D-8F01-41FC-8160-380E7178ABBB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{2D9270D1-931B-4E6D-A404-990836E1F7CE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{2ECE873B-417E-4E69-811E-E6571F09F4FF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{330F989E-ED97-4ABC-B144-52DB1BB924CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{34D97742-662A-4E25-A72B-BD9EA434F03F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{3BE49CBF-3F96-4C89-89A6-877B745F412D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{3D7738E2-4DC2-4185-98FB-E90DEAB03319}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{41AE41E4-FB14-460D-8E47-8D1FD83556D1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{41AEB85F-159E-476D-B80D-B3EA9AC591E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{429FFCEE-F2B0-468C-A07B-9840A0DEDDD3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{45B48C21-93D8-4667-8886-174AD7E60424}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{4605016A-F025-4E13-BDA8-50F06548F410}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{46982DC4-BB2D-4704-9F40-D6DD4A21B1E1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{47B3AB1F-B4E0-4791-8424-DE45A6A972A6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{4A3CF5B6-B188-477B-9AE3-5FDF45DCD145}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{4C8AC60D-E755-448C-9341-40B60D865374}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{4E052691-397A-4912-A378-C2B99ABCB43F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{501D1AD6-06A5-439F-A2D1-8D439358B072}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{50477BE9-3046-48E2-BAE3-733E85C1EC4D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{5547BC14-3B79-41DD-8A84-35A80492E671}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{57DB2C38-C5AB-405F-908A-9DE38C9E6A57}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{57DBDA72-16CF-49B3-AA17-8676CD287C37}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{5A71D218-E5CC-4E37-88C3-58B117614218}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6180CF2D-5A19-4B3E-8686-C6398D175B36}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{624E58DD-1AD0-4AB5-8F61-C72A81CEA46F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6417A256-75D3-483D-8BD2-99DD8DFDA296}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6467252F-85A4-4BF6-98D5-74CBEF581527}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{64D056D5-B54F-4215-B062-C58EA1BD8F54}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{66B15A67-E7EB-434C-8144-70F4D3D2F58C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6B3FA73B-1887-4D2E-B2FA-C89D374E5259}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6CE66C78-CC8D-4DFC-9A41-63C509C1A0DA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6DFA3FAC-2115-4195-A2D1-EABC319C0F04}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{6FC5B1DA-00E8-4B7E-A8B0-4E573DD0FFFE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{70E64A23-4565-4C73-A552-E72E3CCD1A8B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{71214FF6-B868-4152-A258-B3565DD056A3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{754C9562-BBC6-498F-AC1E-90BBC288C539}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{7904BF78-71E4-4F5B-B3F0-BD4FE8058DF6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{7DB9DF5D-A7F5-4E5C-937E-375E4C83ED01}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{7F9A055C-CEB5-4FD4-A891-C88CC4D627CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{804B9D67-94B2-4030-8630-79DC378A8D8B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{810775F3-5920-4136-8073-8F57C1D2BCE2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{83778DD4-E017-4200-BF66-762567B37E0F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{83D47319-7ED4-4819-8EB1-955887FE4A41}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{896080EC-C09A-42D0-8B21-2D0B9E4A0FDA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{8B7630C3-CEB9-4834-AE30-DE369A5F33B0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{8CCB2615-0F16-41DB-A111-4D0C0273AE55}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{8DFC3C80-40F9-4DB7-8F0F-4CC4630F2624}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{8E6D709E-F597-41DE-9021-0B7ED75B9B34}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9047DA5E-BF39-417B-946D-E3BB11CC95CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9180564E-AC6F-402E-A5F3-9C1511223E23}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{919D750B-3B69-4B05-86E9-917F6837CE6C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{91CA5908-594A-4208-AF7A-D82BCEF9BC8B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{91E4A56D-87C1-4782-9A2C-173928384C06}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{92E14BB1-1101-4EB5-971E-11E8C3ED490A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{93D4D2DE-D4A6-45C1-96FA-F4EAD40B31E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{95841D3A-D4EA-4F6C-9B62-B7CBA4B51B6F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{980F72F1-2EA9-430B-9256-5615B43DB3A1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{996A5DE8-1DF3-454C-89D1-01DC801C99F1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9C336A4E-DFC8-4295-9A31-F3EBB67B973B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9CCB3E6C-74DC-4923-A254-EE074B40D8A5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9CFB60EE-0DAB-4F78-B0B2-8FB4AC77B101}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9DD99AB2-DE04-4C7B-A5D1-8A01E5E2756B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{9F378231-C2A6-4242-95F0-B74B44CF527A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{A2F62A99-E230-44B1-B2EA-F7EBD83343CF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{AAF8C999-E806-4BA7-AFE8-952B6369C5F8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{AB016B02-7EEE-4E92-8A8F-A29B3E521CD8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{AE889A25-2F91-4426-8F22-E6E027259F19}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{AF44713D-B42B-471F-AD5C-10FFDF90C8AF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{B0B73AC5-12CF-40AF-8BB6-0968A35AD9FF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{B2F4F779-BEBD-4AE6-83D3-FACD38BC49CE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C270C35E-8EB4-4838-B3AB-C091BC6E23A7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C42A9F60-B904-484A-88FB-9FC16DF15972}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C4551D7E-D99C-4C82-849A-344B2477BEBF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C6A3A139-71C7-4EFF-A0E6-A7DFC841F14A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C89A7938-BC50-4CF8-A3DB-E55FD8F96943}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C8FB7D40-4675-4A8F-8828-57120F8DE789}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C9D13887-69B1-40C1-8A97-1B286C82165E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{C9FDBEDF-FCDE-4E7F-8FFA-CEDF683FAC69}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{CB48EE57-6DD9-45C2-8CB8-5154B75D8A99}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{CD19BF93-4616-4460-9FDD-49225E41ECD3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D1F8B1F8-3CF6-4797-B2D4-54FBD9D6DA62}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D21549D7-F539-4FA5-A3D8-9D6DC81C8407}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D48EE29F-DB00-4FFE-B6CA-99AAF1428723}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D6B8D095-0F11-46A9-B4F0-F0FA81BE0A30}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D7636F4D-190E-4ED6-922C-9DE220A6A313}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D80DB259-6551-44D8-981C-57600D195BB7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{D8A7264A-58FE-4A1C-92A4-C23D72243334}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{DE6BEE09-75E3-409F-9E73-4460A75AC142}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{DF12EF5B-B2FE-422A-9EDA-A3BB6C1315A1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{DF173DBE-250A-48DD-90A5-0E7F858EBF2D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E03F2C5A-B77C-4A8A-B133-4A6344B8C18A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E0B66335-9D8E-4F9F-8BD0-F2D0A603D8CC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E157E247-8BF1-4B70-89F3-83FEC59A2840}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E2093D35-6F94-40BA-8422-7732E57FC82D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E3A6890B-348B-4BA4-A1C9-2D1FDE41E261}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E44BDDE8-E177-4636-AFE6-884D865EB41F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E6B35C89-A687-4A13-AA3F-EDA8B0B04315}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{E9776B6F-043F-4034-8EDB-C936286CB7DA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{EA59ED08-2C7C-4230-87FE-E5750B06B6B5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F1298FD6-445B-4122-88EB-88301A479948}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F2E67DE4-5CD5-4BDE-835A-E670301F8BB2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F380238F-3CA6-42E3-9939-57A4E398C72A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F421D112-6254-4245-A9E5-BD041D339BE2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F4FB6C75-4ECA-40EB-A6F0-7C01AC21FD2A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{F8343E8D-7D54-4FCB-90FC-C037B94ABCC1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FA7D07C9-34FB-408F-B63A-CDD706AF41BD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FB7946A8-6168-4706-9D14-5DE342258BB6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FE35EA55-E428-47FD-BE18-7C2240FE6E40}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FF684E4B-E1BD-486A-A0DF-7B8C31397A19}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FFA42833-BAF1-4C61-8EC3-748404268A6A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256134047-3914645296-3435934652-1182_Classes\CLSID\{FFD04005-9AB7-4762-BF3F-88C26C29986C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

14-10-2014 14:39:00 System Checkpoint
15-10-2014 15:31:55 System Checkpoint
16-10-2014 17:51:12 System Checkpoint
17-10-2014 03:52:21 Software Distribution Service 3.0
20-10-2014 21:40:26 System Checkpoint
21-10-2014 22:25:28 System Checkpoint
22-10-2014 22:32:23 System Checkpoint
24-10-2014 14:45:01 Installed %1 %2.
25-10-2014 15:05:38 System Checkpoint
26-10-2014 16:05:37 System Checkpoint
28-10-2014 15:16:53 System Checkpoint
28-10-2014 19:33:10 Removed Sentinel Protection Installer 7.6.1
28-10-2014 19:33:47 Removed Sentinel Protection Installer 7.2.2
28-10-2014 20:13:25 Installed SpyHunter
29-10-2014 11:28:54 Removed SpyHunter
29-10-2014 11:54:04 Restore Operation
29-10-2014 13:16:07 Installed %1 %2.
30-10-2014 16:05:05 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2004-08-04 07:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2010-11-17 09:41 - 2004-12-06 14:45 - 00065536 ____N () C:\WINDOWS\System32\wltrysvc.exe

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Naathim · November 17, 2014

Ouch,

I'm sorry but somehow I've missed your thread. Please post back if you still need help. I will make sure not to leave you anymore.

AdvancedSetup · February 24, 2015

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Another Poweliks Infection

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information