Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017 Ran by Administrator (09-03-2017 19:30:39) Running from C:\Documents and Settings\Administrator\Desktop Microsoft Windows XP Service Pack 2 (X64) (2015-02-02 00:10:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2049699319-3081317485-938346843-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator Guest (S-1-5-21-2049699319-3081317485-938346843-501 - Limited - Disabled) HelpAssistant (S-1-5-21-2049699319-3081317485-938346843-1004 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-2049699319-3081317485-938346843-1001 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated) Adobe Flash Player 23 ActiveX (HKLM-x32\...\{559A2FA4-4858-46E7-BD02-68C15A31DF98}) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\{68E93C1A-9585-4C06-B294-1123FD7929BE}) (Version: 24.0.0.221 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.) AiO_Scan (x32 Version: 50.0.206.000 - Hewlett-Packard) Hidden Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation) Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.) ATI - Software Uninstall Utility (HKLM-x32\...\All ATI Software) (Version: 6.14.10.1022 - ) ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0317.2130 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.60-090316a1-079188C-Asus - ) Auto Gordian Knot 2.45 (HKLM-x32\...\AutoGK) (Version: 2.45 - len0x) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - ) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Brother MFL-Pro Suite MFC-J450DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.) ccc-core-preinstall (x32 Version: 2009.0317.2131.36802 - ATI) Hidden ccc-core-static (x32 Version: 2009.0317.2131.36802 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) Corel WordPerfect Suite 8 (HKLM-x32\...\Corel WordPerfect Suite 8) (Version: - ) DirectX 9.0c Extra Files (x86) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation) DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HP Beta Printer Drivers for Windows XP x64 (5.64.0.17) (HKLM\...\{25E0F2BA-399C-4cf8-A654-53797016CB77}) (Version: 5.64.0.10 - HP) HPProductAssistant (x32 Version: 53.0.13.000 - Hewlett-Packard) Hidden Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) MediaInfo 0.7.7.4 (HKLM-x32\...\MediaInfo) (Version: 0.7.7.4 - ) MGI PhotoSuite 4 (Remove Only) (HKLM-x32\...\MGI_PRISM_V4_0) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 52.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 ESR (x86 en-US)) (Version: 52.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6271 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E1B33EF1-258C-4EC0-A340-D031100FE50D}) (Version: 6.20.2016.0 - Microsoft Corporation) Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.) REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM-x32\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.) RealWorld Icon Editor (HKLM-x32\...\{4D9F6AAE-CDA4-44B6-AC20-E59B3E8CB108}) (Version: 10.1.0 - RealWorld Graphics) Revo Uninstaller 1.80 (HKLM-x32\...\Revo Uninstaller) (Version: 1.80 - VS Revo Group) Scan (x32 Version: 6.0.0.0 - Hewlett-Packard) Hidden Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia) Skins (x32 Version: 2009.0317.2131.36802 - ATI) Hidden Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform) Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH) Unlocker 1.8.5 (HKLM-x32\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb) Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2641690-v2) (HKLM\...\KB2641690-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 5 - Microsoft Corporation) Update for Windows XP (KB932596) (HKLM\...\KB932596) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - ) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140744 - Microsoft Corporation) Windows XP Service Pack 2 (HKLM\...\Windows x64 Service Pack) (Version: - ) WinMX (HKLM-x32\...\WinMX) (Version: - ) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) WinZip 16.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. ) X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.7.4 - X Codec Pack team) XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - ) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\ByteFence Scan.job => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\ByteFence.job => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\DivXUpdate.job => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\NSManager_1426198789.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\NSManager\manager.exe Task: C:\WINDOWS\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-11-02 11:46 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2007-02-18 07:00 - 2013-01-02 12:41 - 01278976 _____ () C:\WINDOWS\SysWOW64\quartz.dll 2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7931 more sites. IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\101lottery.com -> 101lottery.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2049699319-3081317485-938346843-500\...\12-26.net -> user1.12-26.net There are 8704 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2007-02-18 07:00 - 2015-03-25 08:55 - 00450626 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15461 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2049699319-3081317485-938346843-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: ) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. bfe => Firewall Service is not running. Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^StartUp^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\SpyBotS&D\SDTray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe] => Enabled:Ultra virus killer StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\SpyBotS&D\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\WinMX\WinMX.exe] => Enabled:WinMX Application StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files (x86)\Mozilla Firefox) DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 ==================== Restore Points ========================= 25-02-2017 21:47:01 System Checkpoint 26-02-2017 21:48:07 System Checkpoint 27-02-2017 22:26:21 System Checkpoint 28-02-2017 23:12:49 System Checkpoint 02-03-2017 10:25:45 System Checkpoint 03-03-2017 14:28:19 System Checkpoint 04-03-2017 15:08:36 System Checkpoint 05-03-2017 15:41:09 System Checkpoint 06-03-2017 16:21:36 System Checkpoint 07-03-2017 19:08:19 System Checkpoint 08-03-2017 22:11:51 System Checkpoint 09-03-2017 19:17:43 Revo Uninstaller's restore point - HijackThis 2.0.2 ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller #2 Description: Realtek PCIe GBE Family Controller Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Realtek Semiconductor Corp. Service: RTLE8023x64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Realtek Semiconductor Corp. Service: RTLE8023x64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Realtek PCIe GBE Family Controller #3 Description: Realtek PCIe GBE Family Controller Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Realtek Semiconductor Corp. Service: RTLE8023x64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: 1394 Net Adapter Description: 1394 Net Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: NIC1394 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: 1394 Net Adapter #2 Description: 1394 Net Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: NIC1394 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2017 07:10:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 52.0.0.6271, faulting module mozglue.dll, version 52.0.0.6271, fault address 0x0000f775. Processing media-specific event for [plugin-container.exe!ws!] Error: (03/07/2017 10:01:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 52.0.0.6263, faulting module mozglue.dll, version 52.0.0.6263, fault address 0x0000febc. Processing media-specific event for [plugin-container.exe!ws!] Error: (03/07/2017 02:30:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 52.0.0.6263, faulting module mozglue.dll, version 52.0.0.6263, fault address 0x0000febc. Processing media-specific event for [plugin-container.exe!ws!] Error: (02/25/2017 09:27:04 PM) (Source: Application Error) (EventID: 1001) (User: ) Description: Fault bucket 1386220332. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (02/25/2017 09:26:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 52.0.0.6263, faulting module mozglue.dll, version 52.0.0.6263, fault address 0x0000febc. Processing media-specific event for [plugin-container.exe!ws!] Error: (02/25/2017 05:18:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 52.0.0.6263, faulting module mozglue.dll, version 52.0.0.6263, fault address 0x0000febc. Processing media-specific event for [plugin-container.exe!ws!] Error: (02/23/2017 12:30:09 PM) (Source: Application Error) (EventID: 1001) (User: ) Description: Fault bucket 1044596868. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (02/23/2017 12:29:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application psia.exe, version 3.0.0.11005, faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x0004f0f3. Processing media-specific event for [psia.exe!ws!] Error: (02/23/2017 12:28:22 AM) (Source: Application Error) (EventID: 1001) (User: ) Description: Fault bucket 1380267804. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (02/23/2017 12:28:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 52.0.0.6260, faulting module mozglue.dll, version 52.0.0.6260, fault address 0x000102c8. Processing media-specific event for [plugin-container.exe!ws!] System errors: ============= Error: (03/09/2017 07:24:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/09/2017 07:24:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect. Error: (03/09/2017 07:23:16 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe. Reference error message: The referenced assembly is not installed on your system. . Error: (03/09/2017 07:23:16 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The referenced assembly is not installed on your system. . Error: (03/09/2017 07:23:16 PM) (Source: SideBySide) (EventID: 32) (User: ) Description: Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/09/2017 07:23:15 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe. Reference error message: The referenced assembly is not installed on your system. . Error: (03/09/2017 07:23:15 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The referenced assembly is not installed on your system. . Error: (03/09/2017 07:23:15 PM) (Source: SideBySide) (EventID: 32) (User: ) Description: Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/09/2017 10:49:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/09/2017 10:49:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Percentage of memory in use: 32% Total physical RAM: 4094 MB Available physical RAM: 2753.41 MB Total Virtual: 5883.25 MB Available Virtual: 4452.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:34.18 GB) (Free:10.66 GB) NTFS Drive d: (M 20-89, WS) (Fixed) (Total:897.33 GB) (Free:230.56 GB) NTFS Drive e: (M 90-07, TOONS, ANIMS, COM) (Fixed) (Total:1863.01 GB) (Free:582.99 GB) NTFS Drive f: (M 08-PR, MIX, DOCS U-Z) (Fixed) (Total:1863.01 GB) (Free:1077.19 GB) NTFS Drive g: (HD MOVIES, MINI-SERIES) (Fixed) (Total:1863.01 GB) (Free:339.95 GB) NTFS Drive h: (DOCUMENTARIES A-T) (Fixed) (Total:931.51 GB) (Free:89.94 GB) NTFS Drive i: (BKS DOG HOL MU P&F SF&TE) (Fixed) (Total:931.51 GB) (Free:478.65 GB) NTFS Drive j: (TV 1-D, New Format Prgms) (Fixed) (Total:931.51 GB) (Free:199.61 GB) NTFS Drive k: (TV E-I, NATGEO 100) (Fixed) (Total:1863.01 GB) (Free:297.65 GB) NTFS Drive l: (TV J-M, BIBLICAL) (Fixed) (Total:931.51 GB) (Free:352.96 GB) NTFS Drive m: (TV N-SO) (Fixed) (Total:931.51 GB) (Free:380.81 GB) NTFS Drive n: (TV SU-Z, PR, CL, SVS, H&F) (Fixed) (Total:1863.01 GB) (Free:712.01 GB) NTFS Drive z: (new tv episodes) (Fixed) (Total:931.51 GB) (Free:244.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 20643CEF) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9374) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9375) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3C1E3C1E) Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=897.3 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: CC3A108A) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A2FC6F33) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 02AD02AC) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B6370A21) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 8 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3DC003A1) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 9 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C76BC76B) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 10 (Size: 1863 GB) (Disk ID: BAB1BAB2) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 11 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9FFEDC44) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================