Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.ZeroAccess inserted into tcp/ip stack...please help


  • This topic is locked This topic is locked
54 replies to this topic

#1 legion2013

legion2013

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 19 August 2014 - 12:49 PM

As the title says Rootkit.ZeroAccess inserted into tcp/ip stack. I have tried using comboFix to remove it but it keeps finding it after restarting the computer. I've tried Malwaremalbytes, rtkill, TDSS rootkit removing tool, SuperAntyspyware Profesional, and JRT with no luck at all.  Computer start fine then it becomes slow.

 

Please help me revome this spyware from my computer and help me understand how the whole process of detecting and removing this stuff works.

 

I've attached the dds.txt and attatch.txt files.

 

Thank you

Rod

Attached Files



BC AdBot (Login to Remove)

 


m

#2 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 24 August 2014 - 09:47 AM

Hi legion2013 :)

 

I am polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's get started.

 

Please copy and paste your most recent ComboFix log in your next reply to me. It is located here:

 

C:\ComboFix.txt

 

Let me know if you have any questions.

 

polskamachina


Edited by polskamachina, 24 August 2014 - 09:49 AM.

Member of the Bleeping Computer A.I.I. early response team!

#3 legion2013

legion2013
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 25 August 2014 - 10:47 AM

ComboFix is still telling me rootkit is present when I run it. It Restarted the computer and gave me this log :(

 

 

ComboFix 14-08-24.01 - Drigo 08/25/2014  11:07:41.22.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1484 [GMT -4:00]
Running from: c:\documents and settings\Drigo.PC785018295244\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-25 to 2014-08-25  )))))))))))))))))))))))))))))))
.
.
2014-08-14 13:27 . 2014-08-14 13:27    --------    d-----w-    c:\windows\ERUNT
2014-08-14 03:30 . 2014-08-14 03:30    --------    d-----w-    c:\documents and settings\Drigo.PC785018295244\Application Data\SUPERAntiSpyware.com
2014-08-14 03:29 . 2014-08-19 03:37    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-08-14 03:29 . 2014-08-14 03:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2014-08-13 13:25 . 2014-08-13 13:25    --------    d-----w-    c:\program files\ESET
2014-08-13 13:04 . 2014-08-13 13:04    --------    d-----w-    c:\documents and settings\Drigo.PC785018295244\Application Data\FixZeroAccess
2014-08-12 15:31 . 2008-04-13 18:39    92544    ----a-w-    c:\windows\system32\drivers\mqac.sys
2014-08-12 15:25 . 2014-08-12 15:25    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2014-08-12 15:25 . 2014-08-12 15:25    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Google
2014-08-12 13:05 . 2014-08-12 13:05    --------    d-----w-    c:\program files\HitmanPro
2014-08-12 13:00 . 2014-08-12 13:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2014-08-12 05:03 . 2014-08-14 18:32    29160    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-08-12 05:03 . 2014-08-12 05:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\RogueKiller
2014-07-28 14:38 . 2014-08-14 13:38    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-28 14:38 . 2014-07-28 14:38    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-07-28 14:38 . 2014-05-12 11:26    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-10-19 38144]
"HW_OPENEYE_OUC_Internet ENTEL"="c:\program files\Internet ENTEL\UpdateDog\ouc.exe" [2011-10-21 110592]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-08-11 6688024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-23 198160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Launcher3040"="c:\program files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" [2011-04-19 2570752]
"DocuPrint 3040 RUN"="c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe" [2011-04-19 357376]
"StatusAutoRun3040"="c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" [2011-04-19 3658240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 13:33    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Drigo.PC785018295244^Start Menu^Programs^StartUp^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Drigo.PC785018295244\Start Menu\Programs\StartUp\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11    490952    ----a-w-    c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XAMPP"=2 (0x2)
"MySql"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\daemon.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24824:TCP"= 24824:TCP:router
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/16/2008 1:06 AM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 7:47 PM 142648]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [3/14/2011 11:27 AM 271712]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [4/30/2014 2:54 PM 5024576]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [12/18/2012 12:31 PM 73984]
R3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
S2 XRNADB;XRcnStatutsDatabase;c:\program files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [4/19/2011 8:58 AM 79872]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam  ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [7/23/2007 3:04 PM 22528]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [11/3/2009 7:28 PM 282112]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [11/3/2009 8:55 PM 51712]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [12/18/2012 12:31 PM 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [12/18/2012 12:31 PM 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [12/18/2012 12:31 PM 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [12/18/2012 12:31 PM 66688]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [12/18/2012 12:31 PM 26624]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600]
S3 Rockusb;Driver for Rockusb Device;c:\windows\system32\drivers\rockusb.sys [3/25/2014 5:43 PM 45040]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/16/2008 12:33 AM 717296]
S4 XAMPP;XAMPP Service;c:\xampp\service.exe [11/2/2012 2:14 PM 60928]
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-15 00:48]
.
2014-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-15 00:48]
.
2014-08-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task aa214093-5c8b-46c7-b3f3-97cf9af86c84.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-08-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e4893958-36a0-4522-8afa-8557ffcd3f33.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DD6E832D-9646-45ED-BF96-ABBA96252F9B}: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F31DCAE1-64EE-422C-8B38-A49DB2182558}: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\
FF - ExtSQL: !HIDDEN! 2009-09-02 08:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-25 11:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????k??????`?@?????L?@
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\06\05\08\02\132?"
.
Completion time: 2014-08-25  11:28:13
ComboFix-quarantined-files.txt  2014-08-25 15:27
ComboFix2.txt  2014-08-14 16:17
ComboFix3.txt  2014-08-14 06:36
ComboFix4.txt  2014-08-12 15:56
ComboFix5.txt  2014-08-25 14:56
.
Pre-Run: 9,685,557,248 bytes free
Post-Run: 9,702,559,744 bytes free
.
- - End Of File - - 242F35BE5391CFDDF15134BE3A1B7DD9
8F558EB6672622401DA993E1E865C861
 



#4 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 26 August 2014 - 10:28 AM

Hi legion2013 :)

 

There is one more log I need to see. It should be located here:

C:\Qoobox\ComboFix-quarantined-files.txt

 

Please copy and paste it into your next reply to me.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#5 legion2013

legion2013
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 27 August 2014 - 08:44 AM

I had other software detect other spyware, not just comboFix

 

2014-08-12 15:56:01 . 2014-08-12 15:56:01              650 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Gkaxad.reg.dat
2014-07-28 14:18:31 . 2014-07-28 14:18:31              157 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}.reg.dat
2013-09-03 13:51:39 . 2014-08-25 15:03:22              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-04-30 14:58:52 . 2013-04-30 14:58:52              261 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Desktop Software.reg.dat
2013-04-30 14:51:17 . 2013-04-30 14:51:17              283 ----a-w-  C:\Qoobox\Quarantine\D\av13.zip
2013-04-30 14:51:17 . 2012-12-19 02:11:46               90 ----a-w-  C:\Qoobox\Quarantine\D\AUTORUN.INF.vir
2013-01-22 01:04:42 . 2013-01-22 01:04:42              294 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Drigo.PC785018295244\Application Data\6A3.tmp.vir
2013-01-19 16:09:29 . 2013-01-19 16:09:29              294 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Drigo.PC785018295244\Application Data\2.tmp.vir
2012-12-19 02:13:14 . 2012-12-19 02:15:14              375 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\hosts.ics.vir
2012-06-08 03:43:44 . 2014-07-28 14:18:31              157 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\BHO-{9D425283-D487-4337-BAB6-AB8354A81457}.reg.dat
2012-06-08 03:22:53 . 2014-08-25 15:21:50           17,009 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-06-08 02:51:20 . 2014-08-25 15:06:13            1,479 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-04-25 18:18:19 . 2012-04-25 18:18:27        1,901,056 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Brand Affinity Technologies\Fantapper Updater\Fantapper.msi.vir
2012-04-25 13:05:32 . 2012-04-25 13:05:36          587,776 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Brand Affinity Technologies\Fantapper Updater\Updater.msi.vir
2011-12-04 01:08:31 . 2011-12-04 01:08:31               58 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\My.ini.vir
2010-09-10 17:20:32 . 2010-09-10 17:20:32              686 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Drigo.PC785018295244\Start Menu\Programs\Startup\WinMySQLadmin.lnk.vir
2009-02-27 16:29:11 . 2009-02-27 16:36:55            1,024 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\pdfxls2.dll.vir
2009-01-13 14:37:59 . 2005-10-20 22:20:03        1,082,368 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET17B.tmp.vir
2008-09-17 21:39:55 . 2008-04-14 00:12:19        1,033,728 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\SET4AE.tmp.vir
2006-12-17 12:03:12 . 2006-09-12 07:30:31            1,719 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk.vir
2006-09-12 07:30:31 . 2006-09-12 07:30:31            1,719 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk.vir
2006-06-29 18:46:56 . 2009-09-24 14:14:54            1,020 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\wininit.ini.vir
2006-06-29 18:20:24 . 2006-06-29 18:20:24                0 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2006-03-16 04:00:00 . 2009-06-22 11:48:44           91,776 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\mqac.sys.vir
2006-03-16 04:00:00 . 2008-04-13 18:39:44           92,544 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\mqac.sys.vir_
2003-02-21 20:16:08 . 2003-02-21 20:16:08           49,152 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir
2003-02-21 19:42:22 . 2003-02-21 19:42:22          348,160 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2003-02-21 10:09:18 . 2003-02-21 10:09:18           77,824 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2003-02-21 10:08:32 . 2003-02-21 10:08:32        2,482,176 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2003-02-21 10:06:24 . 2003-02-21 10:06:24          155,648 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2003-02-21 10:06:20 . 2003-02-21 10:06:20          282,624 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir



#6 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 27 August 2014 - 11:17 AM

Hi legion2013,
 
Good job posting the logs. :thumbup2:
 
Next:
Please download the 32-bit version of the Farbar Recovery Scan Tool and save it to your Desktop.

  • Double-click the file. Then click run after receipt of Windows Security Warning - Open File. When the tool opens, click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory from where the tool is run (usually your desktop) .
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

Let me know if you have any questions.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#7 legion2013

legion2013
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 27 August 2014 - 07:57 PM

first.txt below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Drigo (administrator) on PC7850 on 27-08-2014 20:53:09
Running from C:\Documents and Settings\Drigo.PC785018295244\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-06] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-22] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-22] (Intel Corporation)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\CHDAudPropShortcut.exe [61952 2006-06-02] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [794713 2006-06-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [102400 2006-07-19] (CyberLink Corp.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [Cpqset] => C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [40960 2006-06-19] ()
HKLM\...\Run: [RecGuard] => C:\Windows\SMINST\RecGuard.exe [1187840 2005-10-11] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2006-03-15] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] => C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2006-03-15] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2006-03-15] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2006-03-15] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2006-03-15] (Microsoft Corporation)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-04-23] (RealNetworks, Inc.)
HKLM\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-05-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [458752 2006-05-04] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Launcher3040] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-19] (Xerox)
HKLM\...\Run: [DocuPrint 3040 RUN] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [357376 2011-04-19] ()
HKLM\...\Run: [StatusAutoRun3040] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [3658240 2011-04-19] ()
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe [256280 2010-01-26] (Adobe Systems, Inc.)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1005\...\Run: [RCHotKey] => C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe [38144 2010-10-19] (RingCentral, Inc.)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1005\...\Run: [HW_OPENEYE_OUC_Internet ENTEL] => C:\Program Files\Internet ENTEL\UpdateDog\ouc.exe [110592 2011-10-21] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1005\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6688024 2014-08-11] (SUPERAntiSpyware)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: SmartFTP Drop -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope Comcast URL = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKCU - Comcast URL = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @skyhookwireless.com/LokiPlugin,version=3.1.0.05 -> C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF Plugin: @stamps.com/Web client plug-in,version=1.0 -> C:\Program Files\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvideoegg-loader.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Drigo.PC785018295244\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Drigo.PC785018295244\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: TVU Web Player - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\firefox@tvunetworks.com [2009-11-12]
FF Extension: Garmin Communicator - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-21]
FF Extension: VIXPA - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{68CE046A-B77F-4b58-BE16-49D165CA1106} [2008-11-10]
FF Extension: Taskforce - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\developers@tyrantinc.com.xpi [2012-10-24]
FF Extension: Firebug - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-25]
FF Extension: Reddit Enhancement Suite - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-04-30]
FF Extension: JSOff - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\jsoff@jsoff.com.xpi [2013-11-27]
FF Extension: RankChecker - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\rankchecker@seobook.com.xpi [2011-06-30]
FF Extension: Save Session - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\savesession@noasobi.net.xpi [2012-05-14]
FF Extension: AVG PrivacyFix - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2012-11-25]
FF Extension: JS Switch - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{88c7b321-2eb8-11da-8cd6-0800200c9a66}.xpi [2013-11-27]
FF Extension: Web Developer - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-11-27]
FF Extension: Adblock Plus - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-01]
FF Extension: User Agent Switcher - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-11-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-10]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-02]
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}
FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files\Fiddler2\FiddlerHook [2014-07-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks [2008-10-21]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (BitTorrent) - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (VideoEgg Publisher) - C:\Program Files\Mozilla Firefox\plugins\npvideoegg-loader.dll ( )
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Loki Plugin) - C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
CHR Plugin: (Stamps.com Web Client NPAPI Plug-in) - C:\Program Files\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (TVU Web Player for FireFox) - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
CHR CustomProfile: C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Web Developer) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-04-07]
CHR Extension: (Session Buddy) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-02-04]
CHR Extension: (Poppit!) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (PR Checker) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc [2011-12-04]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\DRIGO~1.PC7\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-20]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-12] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2006-12-16] (Adobe Systems) [File not signed]
S2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2001-11-23] (brother Industries Ltd)
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-05-21] (Sun Microsystems, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-05-18] (Hewlett-Packard Company) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-06] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2009-06-22] (Microsoft Corporation) [File not signed]
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2009-06-22] (Microsoft Corporation) [File not signed]
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2007-10-12] ()
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2008-10-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R3 QuickBooksDB19; C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe [131072 2008-07-09] (Intuit, Inc.) [File not signed]
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation) [File not signed]
S4 XAMPP; C:\xampp\service.exe [60928 2012-04-16] () [File not signed]
S2 XRNADB; C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [79872 2011-04-19] () [File not signed]
S2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 5U870CAP_VID_1262&PID_25FD; C:\WINDOWS\System32\Drivers\5U870CAP.sys [61952 2006-06-06] (Ricoh)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
S3 audiobridge; C:\WINDOWS\System32\DRIVERS\aubridge.sys [22528 2007-07-23] (SoundGenetics) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [335240 2009-08-28] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [27784 2009-08-28] (AVG Technologies CZ, s.r.o.)
S3 bcm; C:\WINDOWS\System32\DRIVERS\drxvi314.sys [282112 2009-11-03] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\WINDOWS\System32\DRIVERS\BcmBusCtr.sys [51712 2009-11-03] (Beceem communications pvt ltd.)
S2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57320 2006-05-12] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [572928 2006-06-02] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208000 2006-04-20] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-04-20] (Conexant Systems, Inc.)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 Rockusb; C:\WINDOWS\System32\DRIVERS\rockusb.sys [45040 2012-08-20] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-10-16] (Duplex Secure Ltd.)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-03-28] (AnchorFree Inc)
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-21] (Intel® Corporation)
S3 Bcim; system32\DRIVERS\bcim.sys [X]
R3 catchme; \??\C:\DOCUME~1\DRIGO~1.PC7\LOCALS~1\Temp\catchme.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [239488 2011-10-24] (Huawei Technologies Co., Ltd.)
U1 irxewtiqmbexrien; \systemroot\system32\drivers\irxewtiqmbexrien.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
U3 mbr; \??\C:\DOCUME~1\DRIGO~1.PC7\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 20:49 - 2014-08-27 20:53 - 00036037 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST.txt
2014-08-27 20:49 - 2014-08-27 20:53 - 00000000 ____D () C:\FRST
2014-08-27 20:47 - 2014-08-27 20:48 - 01095168 _____ (Farbar) C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST.exe
2014-08-25 11:28 - 2014-08-25 11:28 - 00018879 _____ () C:\ComboFix.txt
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-25 10:56 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-25 10:56 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-25 10:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-25 10:55 - 2014-08-25 10:55 - 00000990 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Shortcut to ComboFix.exe.lnk
2014-08-19 15:11 - 2014-08-19 15:11 - 00000902 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\JRT.txt
2014-08-19 13:07 - 2014-08-19 13:07 - 00020061 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\attach.txt
2014-08-19 13:07 - 2014-08-19 13:07 - 00015637 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\dds.txt
2014-08-18 13:00 - 2014-08-18 13:00 - 00688992 ____R (Swearware) C:\Documents and Settings\Drigo.PC785018295244\Desktop\dds.com
2014-08-14 09:27 - 2014-08-14 09:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-13 23:30 - 2014-08-27 02:00 - 00000510 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e4893958-36a0-4522-8afa-8557ffcd3f33.job
2014-08-13 23:30 - 2014-08-21 07:30 - 00000510 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task aa214093-5c8b-46c7-b3f3-97cf9af86c84.job
2014-08-13 23:30 - 2014-08-13 23:30 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-13 23:30 - 2014-08-13 23:30 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\SUPERAntiSpyware.com
2014-08-13 23:30 - 2014-08-13 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-08-13 23:29 - 2014-08-18 23:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-13 23:29 - 2014-08-13 23:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-08-13 23:17 - 2014-08-13 23:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Drigo.PC785018295244\Desktop\OTL.exe
2014-08-13 21:57 - 2014-08-13 21:57 - 00014312 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\hijackthis.log
2014-08-13 10:22 - 2014-08-13 10:22 - 01016261 _____ (Thisisu) C:\Documents and Settings\Drigo.PC785018295244\Desktop\JRT.exe
2014-08-13 09:25 - 2014-08-13 09:25 - 00000000 ____D () C:\Program Files\ESET
2014-08-13 09:04 - 2014-08-13 09:04 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\FixZeroAccess
2014-08-13 08:22 - 2014-08-13 08:22 - 00106496 _____ () C:\WINDOWS\Minidump\Mini081314-01.dmp
2014-08-12 11:31 - 2008-04-13 14:39 - 00092544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2014-08-12 11:25 - 2014-08-12 11:25 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-12 11:25 - 2014-08-12 11:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-12 11:17 - 2014-08-19 15:01 - 00002118 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Rkill.txt
2014-08-12 11:17 - 2014-08-12 11:17 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Drigo.PC785018295244\Desktop\rkill.exe
2014-08-12 10:59 - 2014-08-12 11:11 - 00003842 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\SystemLook.txt
2014-08-12 10:59 - 2014-08-12 10:59 - 00139264 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\SystemLook.exe
2014-08-12 10:29 - 2014-08-12 10:29 - 00380416 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\wyi6g9ez.exe
2014-08-12 10:25 - 2014-08-12 10:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 10:04 - 2014-08-12 10:04 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Desktop\backups
2014-08-12 10:00 - 2014-08-12 10:00 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Drigo.PC785018295244\Desktop\HijackThis.exe
2014-08-12 09:19 - 2014-08-12 09:19 - 00004428 _____ () C:\WINDOWS\system32\.crusader
2014-08-12 09:05 - 2014-08-12 09:05 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-12 09:05 - 2014-08-12 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-08-12 09:00 - 2014-08-12 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-08-12 09:00 - 2014-08-12 09:04 - 10279264 _____ (SurfRight B.V.) C:\Documents and Settings\Drigo.PC785018295244\Desktop\HitmanPro.exe
2014-08-12 01:03 - 2014-08-14 14:32 - 00029160 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-12 01:03 - 2014-08-12 01:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-11 23:47 - 2014-08-11 23:49 - 04817496 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\RogueKiller.exe
2014-08-11 23:42 - 2014-08-11 23:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Drigo.PC785018295244\Desktop\iexplore.exe
2014-08-06 14:10 - 2014-08-06 14:10 - 00857700 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\PriceList.xlsx
2014-08-04 23:11 - 2014-08-08 09:32 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\My Documents\Japanase Tattoo Design
2014-07-28 10:38 - 2014-08-14 09:38 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 10:38 - 2014-07-28 10:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-28 10:38 - 2014-07-28 10:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 10:38 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 20:53 - 2014-08-27 20:49 - 00036037 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST.txt
2014-08-27 20:53 - 2014-08-27 20:49 - 00000000 ____D () C:\FRST
2014-08-27 20:53 - 2008-10-16 01:23 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Temp
2014-08-27 20:48 - 2014-08-27 20:47 - 01095168 _____ (Farbar) C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST.exe
2014-08-27 09:45 - 2009-03-15 11:34 - 01097688 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-27 02:17 - 2013-01-15 18:16 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 02:00 - 2014-08-13 23:30 - 00000510 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e4893958-36a0-4522-8afa-8557ffcd3f33.job
2014-08-25 11:28 - 2014-08-25 11:28 - 00018879 _____ () C:\ComboFix.txt
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-25 11:28 - 2012-06-07 22:51 - 00000000 ____D () C:\Qoobox
2014-08-25 11:28 - 2006-09-12 02:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-25 11:28 - 2006-06-29 15:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-25 11:25 - 2006-06-29 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-25 11:06 - 2013-01-15 18:16 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 11:06 - 2006-06-29 15:18 - 00032638 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-25 11:05 - 2006-09-12 01:33 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-25 11:05 - 2006-06-29 07:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-25 11:05 - 2006-06-29 07:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-25 11:03 - 2008-10-16 01:23 - 00000178 ___SH () C:\Documents and Settings\Drigo.PC785018295244\ntuser.ini
2014-08-25 10:55 - 2014-08-25 10:55 - 00000990 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Shortcut to ComboFix.exe.lnk
2014-08-25 10:05 - 2010-04-16 20:58 - 00000178 ___SH () C:\Documents and Settings\QBDataServiceUser19\ntuser.ini
2014-08-25 10:02 - 2006-09-12 03:12 - 00001591 _____ () C:\hpqp.ini
2014-08-25 10:02 - 2006-09-12 03:12 - 00000039 _____ () C:\XP_TV.ini
2014-08-25 09:53 - 2006-06-29 15:18 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-21 07:30 - 2014-08-13 23:30 - 00000510 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task aa214093-5c8b-46c7-b3f3-97cf9af86c84.job
2014-08-20 02:57 - 2014-03-15 11:20 - 00000000 ____D () C:\ATI
2014-08-19 15:11 - 2014-08-19 15:11 - 00000902 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\JRT.txt
2014-08-19 15:01 - 2014-08-12 11:17 - 00002118 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Rkill.txt
2014-08-19 13:07 - 2014-08-19 13:07 - 00020061 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\attach.txt
2014-08-19 13:07 - 2014-08-19 13:07 - 00015637 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\dds.txt
2014-08-19 00:06 - 2013-01-15 18:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-08-18 23:37 - 2014-08-13 23:29 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-18 13:00 - 2014-08-18 13:00 - 00688992 ____R (Swearware) C:\Documents and Settings\Drigo.PC785018295244\Desktop\dds.com
2014-08-18 12:53 - 2014-06-07 11:19 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Mariana
2014-08-14 14:32 - 2014-08-12 01:03 - 00029160 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-14 14:27 - 2013-01-15 18:33 - 00000000 ___RD () C:\Documents and Settings\Drigo.PC785018295244\My Documents\Google Drive
2014-08-14 09:38 - 2014-07-28 10:38 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 09:27 - 2014-08-14 09:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-13 23:30 - 2014-08-13 23:30 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-13 23:30 - 2014-08-13 23:30 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\SUPERAntiSpyware.com
2014-08-13 23:30 - 2014-08-13 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-08-13 23:29 - 2014-08-13 23:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-08-13 23:17 - 2014-08-13 23:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Drigo.PC785018295244\Desktop\OTL.exe
2014-08-13 23:17 - 2006-12-16 20:20 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-08-13 23:17 - 2006-12-16 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-08-13 21:57 - 2014-08-13 21:57 - 00014312 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\hijackthis.log
2014-08-13 11:24 - 2009-10-16 11:21 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\My Documents\Mortgage Payments
2014-08-13 10:22 - 2014-08-13 10:22 - 01016261 _____ (Thisisu) C:\Documents and Settings\Drigo.PC785018295244\Desktop\JRT.exe
2014-08-13 09:25 - 2014-08-13 09:25 - 00000000 ____D () C:\Program Files\ESET
2014-08-13 09:10 - 2006-09-12 01:33 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-13 09:04 - 2014-08-13 09:04 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\FixZeroAccess
2014-08-13 08:22 - 2014-08-13 08:22 - 00106496 _____ () C:\WINDOWS\Minidump\Mini081314-01.dmp
2014-08-13 08:22 - 2006-12-29 14:59 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-13 00:41 - 2014-07-24 11:01 - 00000000 ____D () C:\Program Files\Fiddler2
2014-08-12 12:29 - 2006-09-12 02:37 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-12 12:28 - 2006-06-29 15:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-12 12:22 - 2008-10-15 23:14 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-08-12 11:35 - 2009-09-24 19:39 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-08-12 11:33 - 2009-09-24 20:03 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-08-12 11:33 - 2006-06-29 15:18 - 50331648 _____ () C:\WINDOWS\system32\config\software.bak
2014-08-12 11:33 - 2006-06-29 15:18 - 09699328 _____ () C:\WINDOWS\system32\config\system.bak
2014-08-12 11:33 - 2006-06-29 15:18 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-08-12 11:33 - 2006-06-29 15:18 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-08-12 11:25 - 2014-08-12 11:25 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-12 11:25 - 2014-08-12 11:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-12 11:25 - 2006-09-12 01:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-12 11:22 - 2012-05-02 18:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-12 11:22 - 2006-06-29 15:18 - 02097152 _____ () C:\WINDOWS\system32\config\default.bak
2014-08-12 11:17 - 2014-08-12 11:17 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Drigo.PC785018295244\Desktop\rkill.exe
2014-08-12 11:11 - 2014-08-12 10:59 - 00003842 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\SystemLook.txt
2014-08-12 10:59 - 2014-08-12 10:59 - 00139264 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\SystemLook.exe
2014-08-12 10:29 - 2014-08-12 10:29 - 00380416 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\wyi6g9ez.exe
2014-08-12 10:26 - 2014-08-12 10:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 10:04 - 2014-08-12 10:04 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Desktop\backups
2014-08-12 10:00 - 2014-08-12 10:00 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Drigo.PC785018295244\Desktop\HijackThis.exe
2014-08-12 09:19 - 2014-08-12 09:19 - 00004428 _____ () C:\WINDOWS\system32\.crusader
2014-08-12 09:19 - 2014-08-12 09:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-08-12 09:05 - 2014-08-12 09:05 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-12 09:05 - 2014-08-12 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-08-12 09:04 - 2014-08-12 09:00 - 10279264 _____ (SurfRight B.V.) C:\Documents and Settings\Drigo.PC785018295244\Desktop\HitmanPro.exe
2014-08-12 08:52 - 2008-06-11 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950760$
2014-08-12 08:51 - 2014-03-15 11:21 - 00000000 ____D () C:\Documents and Settings\All Users\Local Settings\Temp
2014-08-12 01:03 - 2014-08-12 01:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-11 23:49 - 2014-08-11 23:47 - 04817496 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\RogueKiller.exe
2014-08-11 23:43 - 2014-08-11 23:42 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Drigo.PC785018295244\Desktop\iexplore.exe
2014-08-10 23:41 - 2010-02-22 20:52 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\Skype
2014-08-08 09:32 - 2014-08-04 23:11 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\My Documents\Japanase Tattoo Design
2014-08-06 17:03 - 2008-10-16 11:29 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\Azureus
2014-08-06 14:10 - 2014-08-06 14:10 - 00857700 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\PriceList.xlsx
2014-07-29 21:17 - 2013-11-11 23:35 - 00247553 _____ () C:\WINDOWS\setupapi.log
2014-07-28 16:50 - 2011-12-06 18:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2014-07-28 10:38 - 2014-07-28 10:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-28 10:38 - 2014-07-28 10:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 10:38 - 2009-12-22 01:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-28 10:38 - 2009-03-07 19:59 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\Malwarebytes
2014-07-28 10:38 - 2009-03-07 19:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-28 10:32 - 2008-06-20 03:50 - 00000000 ____D () C:\Program Files\iTunes
2014-07-28 10:32 - 2007-10-02 14:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-28 10:31 - 2008-06-20 03:50 - 00000000 ____D () C:\Program Files\iPod
2014-07-28 10:28 - 2007-10-02 14:54 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-28 09:39 - 2013-11-27 18:08 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\.ScreamingFrogSEOSpider
2014-07-28 09:37 - 2013-11-17 12:23 - 00000000 ____D () C:\Program Files\Samsung

Files to move or delete:
====================
C:\Documents and Settings\Drigo.PC785018295244\WSSEMAPHORES.dat


Some content of TEMP:
====================
C:\Documents and Settings\Drigo\Local Settings\Temp\5990.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\binkw32.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\BitTorrent-5.0.4.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\BitTorrent-5.0.5.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\BitTorrent-5.0.7.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\d2l_Install.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\d2l_PlayD2.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\dblgen8.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\dblib8.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\GoogleInstall.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\i4jdel0.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\INST01.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\Install_Messenger.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\jre-6u2-windows-i586-p-iftw_7070c3f7.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\jwpce.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\KUIU.EXE
C:\Documents and Settings\Drigo\Local Settings\Temp\launch.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\MFC71.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\MFPL7014.DLL
C:\Documents and Settings\Drigo\Local Settings\Temp\mPlayer.cu.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\msvcp71.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\msvcr71.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Drigo\Local Settings\Temp\QBFirwal.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\qbinstal.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\stlport_vc746.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\StopQBServer.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\swt-awt-win32-3346.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\swt-gdip-win32-3346.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\swt-gdip-win32-3430.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\swt-win32-3346.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\swt-win32-3430.dll
C:\Documents and Settings\Drigo\Local Settings\Temp\SymLCSVC.EXE
C:\Documents and Settings\Drigo\Local Settings\Temp\Update.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Addition.txt below

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by Drigo at 2014-08-27 20:54:08
Running from C:\Documents and Settings\Drigo.PC785018295244\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother 1440 (HKLM\...\Brother 1440) (Version:  - )
Brownie (HKLM\...\BROWNIE) (Version:  - )
calibre (HKLM\...\{4B76F79D-7FC9-4007-9EE4-27B4A84477D6}) (Version: 1.29.0 - Kovid Goyal)
Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 2.28 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.4.1255 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Fiddler (HKLM\...\Fiddler2) (Version: 2.4.9.2 - Telerik)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Garmin WebUpdater (HKLM\...\{2FD94FBC-07AE-475C-B522-BFE899B9048E}) (Version: 2.4 - GARMIN)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.2.0013 - HPQ)
HP Quick Launch Buttons 6.10 A2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.10 A2 - Hewlett-Packard Company)
HP QuickPlay 2.3 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HP User Guides 0035 (HKLM\...\{BE247E71-C143-40BB-ADF2-A465DF062BAB}) (Version: 1.03.0000 - Hewlett-Packard)
HP Wireless Assistant 2.00 G2 (HKLM\...\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}) (Version: 2.00 G2 - Hewlett-Packard Company)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
Human Japanese 2.0 (HKLM\...\{61174B54-26FC-48F3-AF5C-7C9B9A9E9A8C}) (Version: 2.0.2 - Brak Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.2.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Internet ENTEL (HKLM\...\Internet ENTEL) (Version: 16.002.15.10.825 - Huawei Technologies Co.,Ltd)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java™ 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216010FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
LightScribe  1.4.97.1 (Version: 1.4.97.1 - http://www.lightscribe.com) Hidden
Loki ActiveX Control (HKLM\...\Loki ActiveX Control) (Version: 3.1.0.05 - SkyhookWireless)
Macromedia Dreamweaver 8 (HKLM\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Fireworks 8 (HKLM\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (HKLM\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Shockwave Player (HKLM\...\{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}) (Version: 10.1.1.016 - Macromedia, Inc.)
Magic ISO Maker v5.5 (build 0276) (HKLM\...\Magic ISO Maker v5.5 (build 0276)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1054 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.33 - BVRP Software, Inc)
NiceLabel Suite (HKLM\...\NiceSuite3) (Version: 3.6.5 - Euro Plus d.o.o.)
Office 2003 Trial Assistant (HKLM\...\{47D2103B-FD51-4017-9C20-DD408B17D726}) (Version: 1.0.0 - Microsoft)
OKI Colour Correct Utility (HKLM\...\{5D729200-F340-4A74-A1E9-32387CDC63EF}) (Version:  - )
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
QuickBooks Premier: Mfg and Whsle Edition 2009 (HKLM\...\{9A2F0810-3636-4E86-9072-973FBE1679C5}) (Version: 19.0.4003.703 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
RingCentral Call Controller (HKLM\...\RingCentral) (Version:  - RingCentral, Inc.)
Screaming Frog SEO Spider (HKLM\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{6F23C1A3-9F62-470C-BD12-B83F04E67865}) (Version: 3.0.1023.4 - SmartSoft)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m) (Version:  - )
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
SonicAC3Encoder (HKLM\...\{52FBAE98-D389-4281-8C14-21B4046CCB4E}) (Version: 1.00.0000 - Sonic Solutions)
SonicMPEGEncoder (HKLM\...\{B16AF568-A644-483C-A6DA-5028CD019C8C}) (Version: 1.00.0000 - Sonic Solutions)
Stamps.com (HKLM\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (Version: 9.5.4.2264 - Stamps.com, Inc.) Hidden
Stamps.com Web Postage Plug-in (HKLM\...\Stamps.com Web Postage Plug-in) (Version:  - Stamps.com, Inc.)
Stamps.com Web Postage Plug-in (Version: 1.0.0.27 - Stamps.com) Hidden
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.3.8.0 - Synaptics)
TablEdit 2.69 (HKLM\...\TablEdit_is1) (Version:  - TablEdit)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{11C9B057-27FF-4BC1-82F6-DC4B15E70A2E}) (Version:  - Microsoft)
Update for Windows Media Player 10 (KB910393) (HKLM\...\KB910393) (Version:  - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (HKLM\...\KB913800) (Version:  - Microsoft Corporation)
Update for Windows Media Player 10 (KB926251) (HKLM\...\KB926251) (Version:  - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
VLC media player 0.9.9 (HKLM\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
Vongo (HKLM\...\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}) (Version: 1.31.02 - Starz)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}) (Version: 5.2.70 - Microsoft)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB912067 (HKLM\...\KB912067) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB915381 (HKLM\...\KB915381) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinMerge 2.10.0.0 (HKLM\...\WinMerge_is1) (Version: 2.10.0.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wireless Home Network Setup (HKLM\...\{09D8492A-C8E2-421E-927D-46800FB327A3}) (Version: 1.1.154.1 - Hewlett-Packard)
Wireshark 1.10.8 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.8 - The Wireshark developer community, http://www.wireshark.org)
Xerox Phaser 3040 (HKLM\...\InstallShield_{C7338ABF-D6B4-47DF-9DF1-B18F02770BAD}) (Version: 1.003.00 - Xerox)
Xerox Phaser 3040 (Version: 1.003.00 - Xerox) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{043F1BA6-973E-4997-92C5-F88173B22884}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{0D16C51F-5EFC-4F75-87EF-70EE976F200C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll (Adobe Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{17DD823A-E65B-4BCA-B34C-4A527075BBDD}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{25BD7A05-6019-4A85-9440-8CE2BA86F8A4}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.2.183 (the data entry has 24 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.2.131 (the data entry has 24 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.23. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{45355A42-3AD4-43F8-A4BC-B592BC1D56F6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> "C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe" No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.22. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{B46F576E-D613-44F2-A1A9-0D32BBC1903A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{C2032928-7638-464C-8400-9602905C2EFC}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.22. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 -> c:\WINDOWS\system32\macromed\Director\SwDir.dll (Macromedia, Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{362296A1-BA71-4f15-BFC8-849426DF39E4}\localserver32 -> C:\Program Files\Vongo\VongoPortable.exe No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points  =========================

13-08-2014 13:11:10 System Checkpoint
14-08-2014 14:43:55 System Checkpoint
21-08-2014 07:17:26 System Checkpoint
25-08-2014 14:21:04 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-12-03 20:42 - 2014-08-12 11:51 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task aa214093-5c8b-46c7-b3f3-97cf9af86c84.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e4893958-36a0-4522-8afa-8557ffcd3f33.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2009-02-27 13:16 - 2008-09-18 17:45 - 00488448 _____ () C:\WINDOWS\system32\apdfprintmon.dll
2009-02-27 12:22 - 2001-10-29 02:42 - 00116224 _____ () C:\WINDOWS\system32\pdfmonnt.dll
2014-06-30 22:34 - 2011-03-31 07:47 - 00019456 _____ () C:\WINDOWS\system32\xrhr2alm.dll
2006-03-16 00:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-08-30 08:13 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-03-16 00:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-03-16 00:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2011-03-14 11:27 - 2011-03-14 11:27 - 00271712 _____ () C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
2007-12-03 00:22 - 2007-10-12 09:34 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2006-12-17 10:49 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB62280$:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\WINDOWS\pss\UPS WorldShip Messaging Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\WINDOWS\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Drigo.PC785018295244^Start Menu^Programs^StartUp^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 00:40:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2047

Error: (07/28/2014 00:40:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2047

Error: (07/28/2014 00:40:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 11:23:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 126484

Error: (07/28/2014 11:23:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 126484

Error: (07/28/2014 11:23:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 11:21:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10578

Error: (07/28/2014 11:21:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10578

Error: (07/28/2014 11:21:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 11:21:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8609


System errors:
=============
Error: (06/13/2014 07:59:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (06/13/2014 07:59:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Free8 WatchDog service failed to start due to the following error:
%%3

Error: (06/13/2014 07:59:36 AM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (06/12/2014 11:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At24.job command failed to start due to the following error:
%%2147943555

Error: (06/12/2014 10:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At22.job command failed to start due to the following error:
%%2147943555

Error: (06/12/2014 09:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At20.job command failed to start due to the following error:
%%2147943555

Error: (06/11/2014 09:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At44.job command failed to start due to the following error:
%%2147943555

Error: (06/11/2014 08:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At42.job command failed to start due to the following error:
%%2147943555

Error: (06/11/2014 07:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At40.job command failed to start due to the following error:
%%2147943555

Error: (06/11/2014 06:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At38.job command failed to start due to the following error:
%%2147943555


Microsoft Office Sessions:
=========================
Error: (07/25/2013 00:03:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1132119 seconds with 11460 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU T5200 @ 1.60GHz
Percentage of memory in use: 34%
Total physical RAM: 2037.98 MB
Available physical RAM: 1334.37 MB
Total Pagefile: 3929.51 MB
Available Pagefile: 3488.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.09 GB) (Free:8.97 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.67 GB) (Free:1.38 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 282D282D)
Partition 1: (Active) - (Size=99.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=1 GB) - (Type=D7)

==================== End Of Log ============================



#8 legion2013

legion2013
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 27 August 2014 - 08:01 PM

Forgot to tell you. I had to run FRST like three times because it kept giving and error and the program would close.  Can you please explain to me what we are looking for if it's not too much trouble.

 

Thank you :wink:



#9 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 27 August 2014 - 11:58 PM

Hi legion2013 :)

 

The FRST scan gives me an overall picture of the registry, the installed programs, and the files on your computer. As you can see by the number of lines of output, there is a lot to review. I will report back as soon as I can.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#10 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 29 August 2014 - 01:01 AM

Hi legion2013 :)
 
Let's continue with our search for malware. Please follow the instructions below:
 
We need to search for a few things with SystemLook:

  • Please download SystemLook (32-bit) by jpshortstuff and save it to your desktop
  • Double-click the program to run it, then paste the entire text below into the main text box:
     
    :filefind
    irxewtiqmbexrien.sys
    
    :regfind
    irxewtiqmbexrien.sys
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Let me know if you have any questions.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#11 legion2013

legion2013
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 29 August 2014 - 08:49 AM

The software is not able to complete the scan. After it runs for a while, it tells me the software has encounter and problem and needs to shut down. This is all I get on the output file. Can we use another program that will do the job??

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:39 on 29/08/2014 by Drigo
Administrator - Elevation successful

========== filefind ==========

Searching for "irxewtiqmbexrien.sys"
No files found.

========== regfind ==========

Searching for "irxewtiqmbexrien.sys"
 


Edited by legion2013, 29 August 2014 - 08:50 AM.


#12 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 30 August 2014 - 09:45 AM

Hi legion2013 :)
 
Yes, we can use another program to do the job.

 

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished, FRST will generate a log on the Desktop, Fixlog.txt  Please copy and paste it into your next reply to me.

 

polskamachina

Attached Files


Member of the Bleeping Computer A.I.I. early response team!

#13 legion2013

legion2013
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 30 August 2014 - 11:39 AM

Fixlog.txt results

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-08-2014 01
Ran by Drigo at 2014-08-30 12:37:53 Run:2
Running from C:\Documents and Settings\Drigo.PC785018295244\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
File: C:\Windows\system32\drivers\irxewtiqmbexrien.sys

*****************


========================= File: C:\Windows\system32\drivers\irxewtiqmbexrien.sys ========================

"C:\Windows\system32\drivers\irxewtiqmbexrien.sys" not found.
====== End Of File: ======


==== End of Fixlog ====



#14 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,833 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 31 August 2014 - 10:27 AM

Hi legion2013 :)
 
We need to remove programs using "Add/Remove Programs"

Click "Start" on the taskbar and then click on the "Control Panel" icon.
Please double-click the "Add or Remove Programs" icon.
A list of programs installed will be "populated" (this may take a bit of time).
If it exists, uninstall the following by clicking on the entry below and select, "Remove":

  • Vuze

Additional instructions can be found here if needed.
 
Next:
 
We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now

More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
 
Next:
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile into your next reply to me.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Finally:
 
Please perform another FRST scan. Before clicking on Scan, make sure the box for addition.txt is checked. Please post the logs when it's finished.
 
If all goes well, you should post the logs from, AdwCleaner and the two logs from FRST.
 
Let me know if you have any questions.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#15 legion2013

legion2013
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 31 August 2014 - 05:51 PM

Here are the logs. For AdwCleaner I didn't do any clean up, I just posted the Report and Closed the program.

 

AdwCleaner[R0].txt

 

# AdwCleaner v3.308 - Report created 31/08/2014 at 11:49:37
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Drigo - PC7850
# Running from : C:\Documents and Settings\Drigo.PC785018295244\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files\VideoEgg

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\OCS
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-00B2-0409-0000-0000000FF1CE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Key Found : HKLM\SOFTWARE\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1606 octets] - [31/08/2014 11:49:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1666 octets] ##########
 

------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Drigo (administrator) on PC7850 on 31-08-2014 18:46:05
Running from C:\Documents and Settings\Drigo.PC785018295244\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-06] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-22] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-22] (Intel Corporation)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\CHDAudPropShortcut.exe [61952 2006-06-02] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [794713 2006-06-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [102400 2006-07-19] (CyberLink Corp.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [Cpqset] => C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [40960 2006-06-19] ()
HKLM\...\Run: [RecGuard] => C:\Windows\SMINST\RecGuard.exe [1187840 2005-10-11] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2006-03-15] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] => C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2006-03-15] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2006-03-15] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2006-03-15] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2006-03-15] (Microsoft Corporation)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-04-23] (RealNetworks, Inc.)
HKLM\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-05-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [458752 2006-05-04] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Launcher3040] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-19] (Xerox)
HKLM\...\Run: [DocuPrint 3040 RUN] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [357376 2011-04-19] ()
HKLM\...\Run: [StatusAutoRun3040] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [3658240 2011-04-19] ()
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe [256280 2010-01-26] (Adobe Systems, Inc.)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1005\...\Run: [RCHotKey] => C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe [38144 2010-10-19] (RingCentral, Inc.)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1005\...\Run: [HW_OPENEYE_OUC_Internet ENTEL] => C:\Program Files\Internet ENTEL\UpdateDog\ouc.exe [110592 2011-10-21] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1005\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6688024 2014-08-11] (SUPERAntiSpyware)
HKU\S-1-5-21-4019840175-4059186491-2486747170-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: SmartFTP Drop -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope Comcast URL = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKCU - Comcast URL = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @skyhookwireless.com/LokiPlugin,version=3.1.0.05 -> C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF Plugin: @stamps.com/Web client plug-in,version=1.0 -> C:\Program Files\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvideoegg-loader.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Drigo.PC785018295244\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Drigo.PC785018295244\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: TVU Web Player - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\firefox@tvunetworks.com [2009-11-12]
FF Extension: Garmin Communicator - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-21]
FF Extension: VIXPA - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{68CE046A-B77F-4b58-BE16-49D165CA1106} [2008-11-10]
FF Extension: Taskforce - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\developers@tyrantinc.com.xpi [2012-10-24]
FF Extension: Firebug - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-25]
FF Extension: Reddit Enhancement Suite - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-04-30]
FF Extension: JSOff - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\jsoff@jsoff.com.xpi [2013-11-27]
FF Extension: RankChecker - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\rankchecker@seobook.com.xpi [2011-06-30]
FF Extension: Save Session - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\savesession@noasobi.net.xpi [2012-05-14]
FF Extension: AVG PrivacyFix - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2012-11-25]
FF Extension: JS Switch - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{88c7b321-2eb8-11da-8cd6-0800200c9a66}.xpi [2013-11-27]
FF Extension: Web Developer - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-11-27]
FF Extension: Adblock Plus - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-01]
FF Extension: User Agent Switcher - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Mozilla\Firefox\Profiles\jsqh8fit.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-11-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-10]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-02]
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}
FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files\Fiddler2\FiddlerHook [2014-07-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks [2008-10-21]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (BitTorrent) - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (VideoEgg Publisher) - C:\Program Files\Mozilla Firefox\plugins\npvideoegg-loader.dll ( )
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Loki Plugin) - C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
CHR Plugin: (Stamps.com Web Client NPAPI Plug-in) - C:\Program Files\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (TVU Web Player for FireFox) - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
CHR CustomProfile: C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Web Developer) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-04-07]
CHR Extension: (Session Buddy) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-02-04]
CHR Extension: (Poppit!) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (PR Checker) - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc [2011-12-04]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\DRIGO~1.PC7\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-20]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-12] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2006-12-16] (Adobe Systems) [File not signed]
S2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2001-11-23] (brother Industries Ltd)
S2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-05-21] (Sun Microsystems, Inc.)
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-05-18] (Hewlett-Packard Company) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-06] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2009-06-22] (Microsoft Corporation) [File not signed]
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2009-06-22] (Microsoft Corporation) [File not signed]
S2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2007-10-12] ()
S2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2008-10-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R3 QuickBooksDB19; C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe [131072 2008-07-09] (Intuit, Inc.) [File not signed]
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation) [File not signed]
S4 XAMPP; C:\xampp\service.exe [60928 2012-04-16] () [File not signed]
S2 XRNADB; C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [79872 2011-04-19] () [File not signed]
S2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 5U870CAP_VID_1262&PID_25FD; C:\WINDOWS\System32\Drivers\5U870CAP.sys [61952 2006-06-06] (Ricoh)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
S3 audiobridge; C:\WINDOWS\System32\DRIVERS\aubridge.sys [22528 2007-07-23] (SoundGenetics) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [335240 2009-08-28] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [27784 2009-08-28] (AVG Technologies CZ, s.r.o.)
S3 bcm; C:\WINDOWS\System32\DRIVERS\drxvi314.sys [282112 2009-11-03] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\WINDOWS\System32\DRIVERS\BcmBusCtr.sys [51712 2009-11-03] (Beceem communications pvt ltd.)
S2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57320 2006-05-12] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [572928 2006-06-02] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208000 2006-04-20] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-04-20] (Conexant Systems, Inc.)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 Rockusb; C:\WINDOWS\System32\DRIVERS\rockusb.sys [45040 2012-08-20] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-10-16] (Duplex Secure Ltd.)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-03-28] (AnchorFree Inc)
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-21] (Intel® Corporation)
S3 Bcim; system32\DRIVERS\bcim.sys [X]
S3 catchme; \??\C:\DOCUME~1\DRIGO~1.PC7\LOCALS~1\Temp\catchme.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [239488 2011-10-24] (Huawei Technologies Co., Ltd.)
U1 irxewtiqmbexrien; \systemroot\system32\drivers\irxewtiqmbexrien.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 11:49 - 2014-08-31 11:51 - 00000000 ____D () C:\AdwCleaner
2014-08-31 11:49 - 2014-08-31 11:49 - 00001117 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Scanning.txt
2014-08-31 11:38 - 2014-08-31 11:38 - 01364531 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\AdwCleaner.exe
2014-08-31 11:34 - 2014-08-31 11:34 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Drigo.PC785018295244\Desktop\TFC.exe
2014-08-30 12:35 - 2014-08-31 18:45 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST-OlderVersion
2014-08-29 09:11 - 2014-08-29 09:40 - 00000568 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\SystemLook.txt
2014-08-27 20:54 - 2014-08-27 20:54 - 00063337 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Addition.txt
2014-08-27 20:49 - 2014-08-31 18:46 - 00035344 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST.txt
2014-08-27 20:49 - 2014-08-31 18:46 - 00000000 ____D () C:\FRST
2014-08-27 20:47 - 2014-08-31 18:45 - 01096704 _____ (Farbar) C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST.exe
2014-08-25 11:28 - 2014-08-25 11:28 - 00018879 _____ () C:\ComboFix.txt
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-25 10:56 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-25 10:56 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-25 10:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-25 10:56 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-25 10:55 - 2014-08-25 10:55 - 00000990 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Shortcut to ComboFix.exe.lnk
2014-08-19 15:11 - 2014-08-19 15:11 - 00000902 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\JRT.txt
2014-08-19 13:07 - 2014-08-19 13:07 - 00020061 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\attach.txt
2014-08-19 13:07 - 2014-08-19 13:07 - 00015637 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\dds.txt
2014-08-18 13:00 - 2014-08-18 13:00 - 00688992 ____R (Swearware) C:\Documents and Settings\Drigo.PC785018295244\Desktop\dds.com
2014-08-14 09:27 - 2014-08-14 09:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-13 23:30 - 2014-08-28 02:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-08-13 23:30 - 2014-08-13 23:30 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-13 23:30 - 2014-08-13 23:30 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\SUPERAntiSpyware.com
2014-08-13 23:29 - 2014-08-31 11:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-13 23:29 - 2014-08-13 23:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-08-13 23:17 - 2014-08-13 23:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Drigo.PC785018295244\Desktop\OTL.exe
2014-08-13 21:57 - 2014-08-13 21:57 - 00014312 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\hijackthis.log
2014-08-13 10:22 - 2014-08-13 10:22 - 01016261 _____ (Thisisu) C:\Documents and Settings\Drigo.PC785018295244\Desktop\JRT.exe
2014-08-13 09:25 - 2014-08-13 09:25 - 00000000 ____D () C:\Program Files\ESET
2014-08-13 09:04 - 2014-08-13 09:04 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\FixZeroAccess
2014-08-13 08:22 - 2014-08-13 08:22 - 00106496 _____ () C:\WINDOWS\Minidump\Mini081314-01.dmp
2014-08-12 11:31 - 2008-04-13 14:39 - 00092544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2014-08-12 11:25 - 2014-08-12 11:25 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-12 11:25 - 2014-08-12 11:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-12 11:17 - 2014-08-19 15:01 - 00002118 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Rkill.txt
2014-08-12 11:17 - 2014-08-12 11:17 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Drigo.PC785018295244\Desktop\rkill.exe
2014-08-12 10:59 - 2014-08-12 10:59 - 00139264 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\SystemLook.exe
2014-08-12 10:29 - 2014-08-12 10:29 - 00380416 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\wyi6g9ez.exe
2014-08-12 10:25 - 2014-08-12 10:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 10:04 - 2014-08-12 10:04 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Desktop\backups
2014-08-12 10:00 - 2014-08-12 10:00 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Drigo.PC785018295244\Desktop\HijackThis.exe
2014-08-12 09:19 - 2014-08-12 09:19 - 00004428 _____ () C:\WINDOWS\system32\.crusader
2014-08-12 09:05 - 2014-08-12 09:05 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-12 09:05 - 2014-08-12 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-08-12 09:00 - 2014-08-12 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-08-12 09:00 - 2014-08-12 09:04 - 10279264 _____ (SurfRight B.V.) C:\Documents and Settings\Drigo.PC785018295244\Desktop\HitmanPro.exe
2014-08-12 01:03 - 2014-08-14 14:32 - 00029160 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-12 01:03 - 2014-08-12 01:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-11 23:47 - 2014-08-11 23:49 - 04817496 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\RogueKiller.exe
2014-08-11 23:42 - 2014-08-11 23:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Drigo.PC785018295244\Desktop\iexplore.exe
2014-08-06 14:10 - 2014-08-06 14:10 - 00857700 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\PriceList.xlsx
2014-08-04 23:11 - 2014-08-08 09:32 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\My Documents\Japanase Tattoo Design

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 18:46 - 2014-08-27 20:49 - 00035344 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST.txt
2014-08-31 18:46 - 2014-08-27 20:49 - 00000000 ____D () C:\FRST
2014-08-31 18:46 - 2008-10-16 01:23 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Temp
2014-08-31 18:45 - 2014-08-30 12:35 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST-OlderVersion
2014-08-31 18:45 - 2014-08-27 20:47 - 01096704 _____ (Farbar) C:\Documents and Settings\Drigo.PC785018295244\Desktop\FRST.exe
2014-08-31 18:17 - 2013-01-15 18:16 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 11:51 - 2014-08-31 11:49 - 00000000 ____D () C:\AdwCleaner
2014-08-31 11:49 - 2014-08-31 11:49 - 00001117 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Scanning.txt
2014-08-31 11:42 - 2006-12-17 08:04 - 00000000 ____D () C:\Documents and Settings\Drigo\Local Settings\Temp
2014-08-31 11:38 - 2014-08-31 11:38 - 01364531 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\AdwCleaner.exe
2014-08-31 11:38 - 2009-03-15 11:34 - 01118320 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-31 11:38 - 2008-10-16 11:28 - 00000000 ____D () C:\Program Files\Vuze
2014-08-31 11:34 - 2014-08-31 11:34 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Drigo.PC785018295244\Desktop\TFC.exe
2014-08-31 11:32 - 2013-01-15 18:33 - 00000000 ___RD () C:\Documents and Settings\Drigo.PC785018295244\My Documents\Google Drive
2014-08-31 11:31 - 2014-08-13 23:29 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-31 11:30 - 2013-01-15 18:16 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-31 11:30 - 2006-09-12 03:12 - 00001591 _____ () C:\hpqp.ini
2014-08-31 11:30 - 2006-09-12 03:12 - 00000039 _____ () C:\XP_TV.ini
2014-08-31 11:29 - 2006-09-12 01:33 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-31 11:29 - 2006-06-29 07:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-31 11:29 - 2006-06-29 07:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-31 11:28 - 2006-06-29 15:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-30 14:20 - 2008-10-16 01:23 - 00000178 ___SH () C:\Documents and Settings\Drigo.PC785018295244\ntuser.ini
2014-08-30 14:20 - 2006-06-29 15:18 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-30 12:29 - 2006-06-29 15:18 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-29 09:50 - 2010-04-16 20:58 - 00000000 ____D () C:\Documents and Settings\QBDataServiceUser19\Local Settings\Temp
2014-08-29 09:40 - 2014-08-29 09:11 - 00000568 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\SystemLook.txt
2014-08-28 12:14 - 2013-11-11 23:35 - 00252145 _____ () C:\WINDOWS\setupapi.log
2014-08-28 11:50 - 2008-10-16 11:29 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\Azureus
2014-08-28 02:00 - 2014-08-13 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-08-27 20:54 - 2014-08-27 20:54 - 00063337 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Addition.txt
2014-08-25 11:28 - 2014-08-25 11:28 - 00018879 _____ () C:\ComboFix.txt
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-25 11:28 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-25 11:28 - 2012-06-07 22:51 - 00000000 ____D () C:\Qoobox
2014-08-25 11:28 - 2006-09-12 02:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-25 11:25 - 2006-06-29 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-25 10:55 - 2014-08-25 10:55 - 00000990 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Shortcut to ComboFix.exe.lnk
2014-08-25 10:05 - 2010-04-16 20:58 - 00000178 ___SH () C:\Documents and Settings\QBDataServiceUser19\ntuser.ini
2014-08-20 02:57 - 2014-03-15 11:20 - 00000000 ____D () C:\ATI
2014-08-19 15:11 - 2014-08-19 15:11 - 00000902 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\JRT.txt
2014-08-19 15:01 - 2014-08-12 11:17 - 00002118 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Rkill.txt
2014-08-19 13:07 - 2014-08-19 13:07 - 00020061 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\attach.txt
2014-08-19 13:07 - 2014-08-19 13:07 - 00015637 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\dds.txt
2014-08-19 00:06 - 2013-01-15 18:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-08-18 13:00 - 2014-08-18 13:00 - 00688992 ____R (Swearware) C:\Documents and Settings\Drigo.PC785018295244\Desktop\dds.com
2014-08-18 12:53 - 2014-06-07 11:19 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Desktop\Mariana
2014-08-14 14:32 - 2014-08-12 01:03 - 00029160 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-14 09:38 - 2014-07-28 10:38 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 09:27 - 2014-08-14 09:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-13 23:30 - 2014-08-13 23:30 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-13 23:30 - 2014-08-13 23:30 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\SUPERAntiSpyware.com
2014-08-13 23:29 - 2014-08-13 23:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-08-13 23:17 - 2014-08-13 23:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Drigo.PC785018295244\Desktop\OTL.exe
2014-08-13 23:17 - 2006-12-16 20:20 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-08-13 23:17 - 2006-12-16 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-08-13 21:57 - 2014-08-13 21:57 - 00014312 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\hijackthis.log
2014-08-13 11:24 - 2009-10-16 11:21 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\My Documents\Mortgage Payments
2014-08-13 10:22 - 2014-08-13 10:22 - 01016261 _____ (Thisisu) C:\Documents and Settings\Drigo.PC785018295244\Desktop\JRT.exe
2014-08-13 09:25 - 2014-08-13 09:25 - 00000000 ____D () C:\Program Files\ESET
2014-08-13 09:10 - 2006-09-12 01:33 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-13 09:04 - 2014-08-13 09:04 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\FixZeroAccess
2014-08-13 08:22 - 2014-08-13 08:22 - 00106496 _____ () C:\WINDOWS\Minidump\Mini081314-01.dmp
2014-08-13 08:22 - 2006-12-29 14:59 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-13 00:41 - 2014-07-24 11:01 - 00000000 ____D () C:\Program Files\Fiddler2
2014-08-12 12:29 - 2006-09-12 02:37 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-12 12:28 - 2006-06-29 15:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-12 12:22 - 2008-10-15 23:14 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-08-12 11:35 - 2009-09-24 19:39 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-08-12 11:33 - 2009-09-24 20:03 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-08-12 11:33 - 2006-06-29 15:18 - 50331648 _____ () C:\WINDOWS\system32\config\software.bak
2014-08-12 11:33 - 2006-06-29 15:18 - 09699328 _____ () C:\WINDOWS\system32\config\system.bak
2014-08-12 11:33 - 2006-06-29 15:18 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-08-12 11:33 - 2006-06-29 15:18 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-08-12 11:25 - 2014-08-12 11:25 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-12 11:25 - 2014-08-12 11:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-12 11:25 - 2006-09-12 01:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-12 11:22 - 2012-05-02 18:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-12 11:22 - 2006-06-29 15:18 - 02097152 _____ () C:\WINDOWS\system32\config\default.bak
2014-08-12 11:17 - 2014-08-12 11:17 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Drigo.PC785018295244\Desktop\rkill.exe
2014-08-12 10:59 - 2014-08-12 10:59 - 00139264 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\SystemLook.exe
2014-08-12 10:29 - 2014-08-12 10:29 - 00380416 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\wyi6g9ez.exe
2014-08-12 10:26 - 2014-08-12 10:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 10:04 - 2014-08-12 10:04 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Desktop\backups
2014-08-12 10:00 - 2014-08-12 10:00 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Drigo.PC785018295244\Desktop\HijackThis.exe
2014-08-12 09:19 - 2014-08-12 09:19 - 00004428 _____ () C:\WINDOWS\system32\.crusader
2014-08-12 09:19 - 2014-08-12 09:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-08-12 09:05 - 2014-08-12 09:05 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-12 09:05 - 2014-08-12 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-08-12 09:04 - 2014-08-12 09:00 - 10279264 _____ (SurfRight B.V.) C:\Documents and Settings\Drigo.PC785018295244\Desktop\HitmanPro.exe
2014-08-12 08:52 - 2008-06-11 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950760$
2014-08-12 08:51 - 2014-03-15 11:21 - 00000000 ____D () C:\Documents and Settings\All Users\Local Settings\Temp
2014-08-12 01:03 - 2014-08-12 01:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-11 23:49 - 2014-08-11 23:47 - 04817496 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\RogueKiller.exe
2014-08-11 23:43 - 2014-08-11 23:42 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Drigo.PC785018295244\Desktop\iexplore.exe
2014-08-10 23:41 - 2010-02-22 20:52 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\Application Data\Skype
2014-08-08 09:32 - 2014-08-04 23:11 - 00000000 ____D () C:\Documents and Settings\Drigo.PC785018295244\My Documents\Japanase Tattoo Design
2014-08-06 14:10 - 2014-08-06 14:10 - 00857700 _____ () C:\Documents and Settings\Drigo.PC785018295244\Desktop\PriceList.xlsx

Files to move or delete:
====================
C:\Documents and Settings\Drigo.PC785018295244\WSSEMAPHORES.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

--------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by Drigo at 2014-08-31 18:47:42
Running from C:\Documents and Settings\Drigo.PC785018295244\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother 1440 (HKLM\...\Brother 1440) (Version:  - )
Brownie (HKLM\...\BROWNIE) (Version:  - )
calibre (HKLM\...\{4B76F79D-7FC9-4007-9EE4-27B4A84477D6}) (Version: 1.29.0 - Kovid Goyal)
Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 2.28 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.4.1255 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Fiddler (HKLM\...\Fiddler2) (Version: 2.4.9.2 - Telerik)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Garmin WebUpdater (HKLM\...\{2FD94FBC-07AE-475C-B522-BFE899B9048E}) (Version: 2.4 - GARMIN)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.2.0013 - HPQ)
HP Quick Launch Buttons 6.10 A2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.10 A2 - Hewlett-Packard Company)
HP QuickPlay 2.3 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HP User Guides 0035 (HKLM\...\{BE247E71-C143-40BB-ADF2-A465DF062BAB}) (Version: 1.03.0000 - Hewlett-Packard)
HP Wireless Assistant 2.00 G2 (HKLM\...\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}) (Version: 2.00 G2 - Hewlett-Packard Company)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
Human Japanese 2.0 (HKLM\...\{61174B54-26FC-48F3-AF5C-7C9B9A9E9A8C}) (Version: 2.0.2 - Brak Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.2.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Internet ENTEL (HKLM\...\Internet ENTEL) (Version: 16.002.15.10.825 - Huawei Technologies Co.,Ltd)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java™ 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216010FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
LightScribe  1.4.97.1 (Version: 1.4.97.1 - http://www.lightscribe.com) Hidden
Loki ActiveX Control (HKLM\...\Loki ActiveX Control) (Version: 3.1.0.05 - SkyhookWireless)
Macromedia Dreamweaver 8 (HKLM\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Fireworks 8 (HKLM\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (HKLM\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Shockwave Player (HKLM\...\{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}) (Version: 10.1.1.016 - Macromedia, Inc.)
Magic ISO Maker v5.5 (build 0276) (HKLM\...\Magic ISO Maker v5.5 (build 0276)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1054 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.33 - BVRP Software, Inc)
NiceLabel Suite (HKLM\...\NiceSuite3) (Version: 3.6.5 - Euro Plus d.o.o.)
Office 2003 Trial Assistant (HKLM\...\{47D2103B-FD51-4017-9C20-DD408B17D726}) (Version: 1.0.0 - Microsoft)
OKI Colour Correct Utility (HKLM\...\{5D729200-F340-4A74-A1E9-32387CDC63EF}) (Version:  - )
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
QuickBooks Premier: Mfg and Whsle Edition 2009 (HKLM\...\{9A2F0810-3636-4E86-9072-973FBE1679C5}) (Version: 19.0.4003.703 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
RingCentral Call Controller (HKLM\...\RingCentral) (Version:  - RingCentral, Inc.)
Screaming Frog SEO Spider (HKLM\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{6F23C1A3-9F62-470C-BD12-B83F04E67865}) (Version: 3.0.1023.4 - SmartSoft)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m) (Version:  - )
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
SonicAC3Encoder (HKLM\...\{52FBAE98-D389-4281-8C14-21B4046CCB4E}) (Version: 1.00.0000 - Sonic Solutions)
SonicMPEGEncoder (HKLM\...\{B16AF568-A644-483C-A6DA-5028CD019C8C}) (Version: 1.00.0000 - Sonic Solutions)
Stamps.com (HKLM\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (Version: 9.5.4.2264 - Stamps.com, Inc.) Hidden
Stamps.com Web Postage Plug-in (HKLM\...\Stamps.com Web Postage Plug-in) (Version:  - Stamps.com, Inc.)
Stamps.com Web Postage Plug-in (Version: 1.0.0.27 - Stamps.com) Hidden
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.3.8.0 - Synaptics)
TablEdit 2.69 (HKLM\...\TablEdit_is1) (Version:  - TablEdit)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{11C9B057-27FF-4BC1-82F6-DC4B15E70A2E}) (Version:  - Microsoft)
Update for Windows Media Player 10 (KB910393) (HKLM\...\KB910393) (Version:  - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (HKLM\...\KB913800) (Version:  - Microsoft Corporation)
Update for Windows Media Player 10 (KB926251) (HKLM\...\KB926251) (Version:  - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
VLC media player 0.9.9 (HKLM\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
Vongo (HKLM\...\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}) (Version: 1.31.02 - Starz)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}) (Version: 5.2.70 - Microsoft)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB912067 (HKLM\...\KB912067) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB915381 (HKLM\...\KB915381) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinMerge 2.10.0.0 (HKLM\...\WinMerge_is1) (Version: 2.10.0.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wireless Home Network Setup (HKLM\...\{09D8492A-C8E2-421E-927D-46800FB327A3}) (Version: 1.1.154.1 - Hewlett-Packard)
Wireshark 1.10.8 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.8 - The Wireshark developer community, http://www.wireshark.org)
Xerox Phaser 3040 (HKLM\...\InstallShield_{C7338ABF-D6B4-47DF-9DF1-B18F02770BAD}) (Version: 1.003.00 - Xerox)
Xerox Phaser 3040 (Version: 1.003.00 - Xerox) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{043F1BA6-973E-4997-92C5-F88173B22884}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{0D16C51F-5EFC-4F75-87EF-70EE976F200C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll (Adobe Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{17DD823A-E65B-4BCA-B34C-4A527075BBDD}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{25BD7A05-6019-4A85-9440-8CE2BA86F8A4}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.2.183 (the data entry has 24 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.2.131 (the data entry has 24 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.23. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{45355A42-3AD4-43F8-A4BC-B592BC1D56F6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> "C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe" No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.22. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{B46F576E-D613-44F2-A1A9-0D32BBC1903A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{C2032928-7638-464C-8400-9602905C2EFC}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.22. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Drigo.PC785018295244\Local Settings\Application Data\Google\Update\1.3.24. (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1005_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 -> c:\WINDOWS\system32\macromed\Director\SwDir.dll (Macromedia, Inc.)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{362296A1-BA71-4f15-BFC8-849426DF39E4}\localserver32 -> C:\Program Files\Vongo\VongoPortable.exe No File
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-4019840175-4059186491-2486747170-1007_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points  =========================

13-08-2014 13:11:10 System Checkpoint
14-08-2014 14:43:55 System Checkpoint
21-08-2014 07:17:26 System Checkpoint
25-08-2014 14:21:04 System Checkpoint
28-08-2014 13:53:20 System Checkpoint
30-08-2014 17:45:20 System Checkpoint
31-08-2014 18:32:53 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-12-03 20:42 - 2014-08-12 11:51 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-02-27 13:16 - 2008-09-18 17:45 - 00488448 _____ () C:\WINDOWS\system32\apdfprintmon.dll
2009-02-27 12:22 - 2001-10-29 02:42 - 00116224 _____ () C:\WINDOWS\system32\pdfmonnt.dll
2014-06-30 22:34 - 2011-03-31 07:47 - 00019456 _____ () C:\WINDOWS\system32\xrhr2alm.dll
2005-08-30 08:13 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-03-16 00:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2006-03-16 00:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-03-16 00:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB62280$:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\WINDOWS\pss\UPS WorldShip Messaging Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\WINDOWS\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Drigo.PC785018295244^Start Menu^Programs^StartUp^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 00:40:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2047

Error: (07/28/2014 00:40:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2047

Error: (07/28/2014 00:40:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 11:23:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 126484

Error: (07/28/2014 11:23:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 126484

Error: (07/28/2014 11:23:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 11:21:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10578

Error: (07/28/2014 11:21:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10578

Error: (07/28/2014 11:21:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 11:21:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8609


System errors:
=============
Error: (06/13/2014 07:59:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (06/13/2014 07:59:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Free8 WatchDog service failed to start due to the following error:
%%3

Error: (06/13/2014 07:59:36 AM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (06/12/2014 11:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At24.job command failed to start due to the following error:
%%2147943555

Error: (06/12/2014 10:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At22.job command failed to start due to the following error:
%%2147943555

Error: (06/12/2014 09:27:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At20.job command failed to start due to the following error:
%%2147943555

Error: (06/11/2014 09:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At44.job command failed to start due to the following error:
%%2147943555

Error: (06/11/2014 08:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At42.job command failed to start due to the following error:
%%2147943555

Error: (06/11/2014 07:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At40.job command failed to start due to the following error:
%%2147943555

Error: (06/11/2014 06:27:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At38.job command failed to start due to the following error:
%%2147943555


Microsoft Office Sessions:
=========================
Error: (07/25/2013 00:03:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1132119 seconds with 11460 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU T5200 @ 1.60GHz
Percentage of memory in use: 31%
Total physical RAM: 2037.98 MB
Available physical RAM: 1405.8 MB
Total Pagefile: 3929.51 MB
Available Pagefile: 3519.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.09 GB) (Free:11.43 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.67 GB) (Free:1.38 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 282D282D)
Partition 1: (Active) - (Size=99.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=1 GB) - (Type=D7)

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users