Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Web Pages Slow to Load, but no Redirects


  • This topic is locked This topic is locked

#1
Jackpine

Jackpine

    Member

  • Member
  • PipPipPip
  • 490 posts

Hi, my desktop computer otherwise works fine, except that web pages have recently been very slow to load.  However, there are no redirects.  Your assistance to fix this situation would be greatly appreciated.  Thank you.

 

FRST logs are shown below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2017
Ran by Robert (administrator) on FIRSTBUILD (19-11-2017 11:17:42)
Running from C:\Documents and Settings\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & UpdatusUser & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\ DisallowedCertificates: 0DA4BF5A428C444A209EC3720EB7A9EE28C3CF9B (U)
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-299502267-789336058-725345543-1004 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1292380760937
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1420669599859
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} hxxp://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default [2017-11-19]
FF Extension: (Advertising Cookie Opt-out) - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\Extensions\optout@google.com.xpi [2015-08-16] [Lagacy] [not signed]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25] [Lagacy] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll [2009-04-23] ( )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2017-02-14] (ESET)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2008-12-23] (Macrovision Europe Ltd.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2234160 2014-11-12] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2247472 2014-11-12] (Raxco Software, Inc.)
S4 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] () [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
S2 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [139216 2016-07-11] (RedFox)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] () [File not signed]
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] () [File not signed]
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206472 2017-02-14] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156288 2017-02-14] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [137856 2017-02-14] (ESET)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-02-12] (REALiX™)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
S3 KLIF; C:\WINDOWS\system32\drivers\klif.sys [700616 2014-11-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-11-19] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-08-22] (VSO Software) [File not signed]
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298752 2015-02-12] ()
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; no ImagePath
S3 GMSIPCI; no ImagePath
S4 IntelIde; no ImagePath
S3 NTACCESS; no ImagePath
U2 RemoteRegistry; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-08] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-19 11:17 - 2017-11-19 11:18 - 000015160 _____ C:\Documents and Settings\Robert\Desktop\FRST.txt
2017-11-19 11:17 - 2017-11-19 11:17 - 000000000 ____D C:\FRST
2017-11-19 11:16 - 2017-11-19 11:17 - 001787904 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2017-11-18 19:08 - 2017-11-18 19:08 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\ERS Game Studios
2017-11-17 21:54 - 2017-11-17 21:54 - 000000837 _____ C:\Documents and Settings\Robert\Desktop\Shortcut to RC9_NightTerrors_CE.lnk
2017-11-17 21:29 - 2017-11-17 21:29 - 000002174 _____ C:\Documents and Settings\Robert\Desktop\Redemption Cemetery 6 - The Island of the Lost BETA.lnk
2017-11-17 21:29 - 2017-11-17 21:29 - 000000000 ____D C:\Documents and Settings\Robert\Start Menu\Programs\Redemption Cemetery 6 - The Island of the Lost BETA
2017-11-17 16:55 - 2017-11-17 16:55 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\AMAX Interactive
2017-11-17 16:55 - 2017-11-17 16:55 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Redemption Cemetery 9 Night Terrors CE
2017-11-17 16:52 - 2017-11-17 21:54 - 000000000 ____D C:\Program Files\Redemption Cemetery 9 Night Terrors CE
2017-11-08 18:52 - 2017-11-19 11:00 - 000000282 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-11-06 10:09 - 2017-11-06 10:09 - 000013798 _____ C:\Documents and Settings\Robert\Desktop\CarHelpCanadaMembershipCard.pdf
2017-11-02 12:05 - 2017-11-02 12:05 - 000000066 _____ C:\Documents and Settings\Robert\Desktop\Account - Car Help Canada.URL
2017-10-20 22:46 - 2017-10-20 22:46 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\Boolat Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-19 11:18 - 2015-12-13 21:42 - 000000000 ____D C:\Documents and Settings\Robert\Local Settings\temp
2017-11-19 11:15 - 2017-07-06 12:38 - 000000470 _____ C:\DelFix.txt
2017-11-19 11:12 - 2008-08-16 08:32 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\uTorrent
2017-11-19 11:04 - 2010-10-30 13:18 - 000002521 _____ C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2017-11-19 11:01 - 2017-02-17 18:42 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-19 11:00 - 2017-01-27 11:03 - 000000550 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2017-11-19 11:00 - 2014-03-12 22:32 - 000000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-11-19 11:00 - 2010-03-11 22:40 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-19 11:00 - 2006-06-03 17:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-19 11:00 - 2004-08-04 07:00 - 000012054 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-18 22:53 - 2006-06-03 17:32 - 000000278 ___SH C:\Documents and Settings\Robert\ntuser.ini
2017-11-18 22:53 - 2006-06-03 17:31 - 000032630 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-18 22:36 - 2010-03-11 22:40 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-18 19:59 - 2016-03-28 11:48 - 000000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2017-11-17 21:26 - 2017-08-18 22:38 - 000000000 ____D C:\Program Files\Foxy Games
2017-11-17 21:18 - 2014-02-11 16:16 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\MPC-HC
2017-11-15 21:14 - 2012-08-13 15:23 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-15 21:14 - 2012-08-13 15:23 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-11-15 21:14 - 2006-06-03 17:05 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 21:13 - 2006-06-10 07:50 - 000000000 ____D C:\Documents and Settings\Robert\Local Settings\Application Data\Adobe
2017-11-14 21:47 - 2017-09-28 21:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-14 21:47 - 2017-02-17 11:29 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-13 16:28 - 2010-10-30 13:30 - 000002515 _____ C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2017-11-10 20:08 - 2014-04-08 19:23 - 000065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-11-10 20:08 - 2011-03-26 10:30 - 000065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-11-10 20:08 - 2007-01-13 17:05 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2017-11-10 20:08 - 2006-12-11 17:02 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-11-08 18:54 - 2006-06-03 17:32 - 000000000 ____D C:\Documents and Settings\Robert
2017-11-08 18:52 - 2006-06-11 10:24 - 000000000 ____D C:\Program Files\CCleaner
2017-11-08 15:00 - 2014-03-12 22:32 - 000000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-11-08 12:52 - 2014-04-17 20:09 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Elephant Games
2017-11-02 16:33 - 2017-09-19 21:20 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\Elephant Games
2017-10-29 19:45 - 2006-06-03 12:49 - 000724282 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2006-07-26 16:35 - 2006-10-06 21:19 - 000000024 _____ () C:\Documents and Settings\Robert\mylist.dat
2016-06-22 18:40 - 2016-06-22 18:40 - 000003072 _____ () C:\Documents and Settings\Robert\Application Data\.spark_db
2014-04-02 21:28 - 2014-04-02 21:30 - 000009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2017-02-06 15:25 - 2017-02-06 15:25 - 000087608 _____ () C:\Documents and Settings\Robert\Application Data\ezpinst.exe
2017-08-28 15:38 - 2017-08-28 15:38 - 000000000 _____ () C:\Documents and Settings\Robert\Application Data\KAooy.txt
2017-02-06 15:25 - 2017-02-06 15:25 - 000000108 _____ () C:\Documents and Settings\Robert\Application Data\netstat.bat
2007-03-23 16:38 - 2011-04-10 14:47 - 000007887 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.cat
2007-03-23 16:38 - 2011-04-10 14:47 - 000001144 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.inf
2007-03-23 16:38 - 2011-04-10 14:48 - 000000033 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.log
2017-02-06 15:25 - 2017-02-06 15:25 - 000047360 _____ (VSO Software) C:\Documents and Settings\Robert\Application Data\pcouffin.sys
2008-07-05 10:41 - 2008-07-05 10:41 - 000002494 _____ () C:\Documents and Settings\Robert\Application Data\sldIMLog_20080-40000-1100_00002.txt
2010-10-24 16:36 - 2010-10-24 16:36 - 000000036 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
2009-09-24 17:41 - 2009-09-24 17:41 - 005257216 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
2007-08-25 13:19 - 2007-08-25 13:19 - 000002108 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
2007-01-25 22:46 - 2007-12-03 19:42 - 001462572 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
2007-11-25 22:46 - 2016-10-31 17:27 - 000000123 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2013-09-14 19:49 - 2013-09-14 19:49 - 000000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2008-03-02 15:30 - 2008-08-29 17:51 - 000110892 _____ () C:\Documents and Settings\All Users\Application Data\Svclog.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
Ran by Robert (19-11-2017 11:18:44)
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2015-01-06 17:20:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-789336058-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-789336058-725345543-1013 - Limited - Enabled)
Guest (S-1-5-21-299502267-789336058-725345543-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-299502267-789336058-725345543-1000 - Limited - Disabled)
Robert (S-1-5-21-299502267-789336058-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Robert
SUPPORT_388945a0 (S-1-5-21-299502267-789336058-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-299502267-789336058-725345543-1014 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.408.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Amnesia - The Dark Descent  (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.1.0.0 - RedFox)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
Beyond Compare Version 2.4.3 (HKLM\...\BC2_is1) (Version:  - Scooter Software)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreFLAC Audio Decoder+Source Filter (remove only) (HKLM\...\CoreFLAC Audio Decoder+Source Filter) (Version:  - )
Corel Painter X (HKLM\...\{05D60953-9012-44DF-A1A6-9DD97AD6580A}) (Version: 10.1 - Corel Corporation) Hidden
COSMOSMotion 2008 SP0 (HKLM\...\{8876F541-F374-4375-BF2A-8FD9FA8141C4}) (Version: 16.00.9035 - SolidWorks Corporation)
COSMOSWorks 2008 SP03 (HKLM\...\{0C631AC5-3AA0-418F-B132-29F8432F1C19}) (Version: 16.30.41 - SolidWorks Corporation)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Rebuilder (HKLM\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.09 - jdobbs softworks and rockas association)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.2.0.2 (10/06/2015) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDInfoPro (HKLM\...\{32611C62-474D-47B1-B347-06453D430A28}) (Version: 4.36.0000 - Nic Wilson)
DWGeditor (HKLM\...\{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}) (Version: 16.00.9034 - SolidWorks)
Easy CD-DA Extractor 2011 (HKLM\...\Easy CD-DA Extractor 2011) (Version: 2011 - Poikosoft)
eDrawings 2008 (HKLM\...\{40345A8F-3B72-44DE-814F-72E8A52B1161}) (Version: 8.0.708 - SolidWorks)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{5D24DE25-DD99-42DB-8A57-252C1ACA1056}) (Version: 9.0.375.0 - ESET, spol. s r.o.)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
GoldWave v5.13 (HKLM\...\GoldWave v5.13) (Version:  - )
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version:  - fCoder, Ltd.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
IsoBuster 3.6 (HKLM\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
K-Lite Mega Codec Pack 10.9.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maple 12 (HKLM\...\Maple 12) (Version: 12.0.0.0 - Maplesoft)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.20.10.3 - Marvell)
MathType 5 (HKLM\...\DSMT5) (Version: 5.2 - Design Science, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0.6520 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (HKLM\...\{32343DB6-9A52-40C9-87E4-5E7C79791C87}) (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up  (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version:  - )
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (HKLM\...\NOD32 v3.x FiX 1.1 by TemDono_is1) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OJ4620FWUpdateAlert (HKLM\...\{5F252E10-C3CA-4686-8AB8-1FE09703ADFF}) (Version: 1.00.0000 - HP) Hidden
OriginPro 7.5 (HKLM\...\{ECE12161-B445-48FA-9056-FD54D8A72459}) (Version:  - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.00.43 - )
PDF Settings (HKLM\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - )
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.0.02.02130 - Sony Corporation)
Portforward Static IP Address 1.0.47 (HKLM\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
ProShow Producer (HKLM\...\ProShow Producer) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
Redemption Cemetery 6 - The Island of the Lost BETA (HKLM\...\Redemption Cemetery 6 - The Island of the Lost BETA1.1) (Version: 1.1 - Foxy Games)
Redemption Cemetery 9 Night Terrors CE 1.0 (HKLM\...\Redemption Cemetery 9 Night Terrors CE_is1) (Version: 1.0 - Big Fish Games)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
River Past Audio Converter Pro (HKLM\...\Audio Converter Pro) (Version: 7.7.1 - River Past)
SigmaPlot 10.0 (HKLM\...\{43224D30-5941-47A4-9AD7-9250EE794396}) (Version: 10.0.0 - Systat Software, Inc.)
SolidWorks 2008 SP03 (HKLM\...\{266EB766-9ABB-40D0-AB9F-41EE46D23876}) (Version: 16.1.0303 - SolidWorks)
SolidWorks Explorer 2008 sp0 (HKLM\...\{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}) (Version: 16.00.9034 - SolidWorks Corporation)
Spy Sweeper Updater 2.0.0 Alpha 4000 (HKLM\...\Spy Sweeper Updater 2.0.0 Alpha 4000) (Version: 2.0.0 Alpha 4000 - BigScott27)
Sudoku Works (HKLM\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.35 - Crystal Office Systems)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.24 - Tweaking.com)
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VBA (2627.01) (HKLM\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC 9.0 Runtime (HKLM\...\{A040AC77-C1AA-4CC9-8931-9F648AF178F6}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (HKLM\...\{767CC44C-9BBC-438D-BAD3-FD4595DD148B}) (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version:  - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\System32\ComCt232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\System32\ComCt232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\System32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2008-02-09] (Autodesk, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\WINDOWS\system32\cnvshell.dll [2008-01-26] (fCoder Group International)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-02-28] (Nero AG)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers1: [Washer] -> {6EE51AA0-77A0-11D7-B4E1-000347126E46} => C:\Program Files\Common Files\Webroot Shared\ShellWash.dll [2007-11-26] (Webroot Software)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-03-08] ()
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [Washer] -> {6EE51AA0-77A0-11D7-B4E1-000347126E46} => C:\Program Files\Common Files\Webroot Shared\ShellWash.dll [2007-11-26] (Webroot Software)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2013-01-31] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2013-01-31] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\WINDOWS\system32\cnvshell.dll [2008-01-26] (fCoder Group International)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-03-08] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Robert\Start Menu\Programs\AVIcodec\Website.lnk -> hxxp://avicodec.duby.inf
Shortcut: C:\Documents and Settings\Robert\Desktop\Аmnеsiа.lnk -> C:\Program Files\Amnesia - The Dark Descent\redist\Launcher.bat ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Amnesia - The Dark Descent\Аmnеsiа.lnk -> C:\Program Files\Amnesia - The Dark Descent\redist\Launcher.bat ()

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 [173]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:28BEC2EC [115]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 [94]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BD34FFC5 [286]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\scrfile: "%1" /S <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\.cmd: cmdfile =>  <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\.reg: regfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7832 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4190 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4190 more sites.

IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2017-05-08 19:13 - 000000886 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 serius.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-789336058-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zSC2.tmp\SymNRT.exe] => Enabled:Norton Removal Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS2FC2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS333D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS352D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS0DA0\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS71B5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS5311\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1A7F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A19\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7CF2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1717\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS18B2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS47BD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS4802\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS6464\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS67D6\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS05C3\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS2B9F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Popcorn Time\Updater.exe] => Enabled:Updater.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

21-08-2017 16:09:46 System Checkpoint
21-08-2017 18:13:22 JRT Pre-Junkware Removal
22-08-2017 18:37:25 System Checkpoint
24-08-2017 09:43:34 System Checkpoint
25-08-2017 11:16:16 System Checkpoint
26-08-2017 11:46:35 System Checkpoint
27-08-2017 13:05:54 System Checkpoint
28-08-2017 13:43:01 System Checkpoint
29-08-2017 16:41:58 System Checkpoint
30-08-2017 17:34:16 System Checkpoint
31-08-2017 18:13:06 System Checkpoint
01-09-2017 19:42:58 System Checkpoint
02-09-2017 21:10:23 System Checkpoint
04-09-2017 08:28:37 System Checkpoint
05-09-2017 10:05:18 System Checkpoint
06-09-2017 19:08:32 System Checkpoint
07-09-2017 19:48:02 System Checkpoint
09-09-2017 08:09:29 System Checkpoint
17-09-2017 19:31:43 System Checkpoint
18-09-2017 19:58:10 System Checkpoint
20-09-2017 18:47:16 System Checkpoint
20-09-2017 21:17:02 JRT Pre-Junkware Removal
24-09-2017 14:28:37 System Checkpoint
25-09-2017 14:45:43 System Checkpoint
26-09-2017 19:11:37 System Checkpoint
28-09-2017 10:15:16 System Checkpoint
29-09-2017 11:52:40 System Checkpoint
01-10-2017 11:39:17 System Checkpoint
02-10-2017 17:29:37 System Checkpoint
03-10-2017 18:03:42 System Checkpoint
04-10-2017 18:56:00 System Checkpoint
06-10-2017 07:58:29 System Checkpoint
09-10-2017 18:29:28 System Checkpoint
14-10-2017 17:56:01 System Checkpoint
15-10-2017 22:08:03 System Checkpoint
17-10-2017 14:41:26 System Checkpoint
18-10-2017 15:23:57 System Checkpoint
19-10-2017 15:24:55 System Checkpoint
20-10-2017 15:35:51 System Checkpoint
23-10-2017 08:56:24 System Checkpoint
24-10-2017 14:40:17 System Checkpoint
29-10-2017 20:31:06 System Checkpoint
30-10-2017 20:38:43 System Checkpoint
01-11-2017 08:51:02 System Checkpoint
02-11-2017 08:51:17 System Checkpoint
03-11-2017 10:01:57 System Checkpoint
05-11-2017 14:44:12 System Checkpoint
07-11-2017 02:44:28 System Checkpoint
07-11-2017 21:45:28 JRT Pre-Junkware Removal
08-11-2017 23:32:50 System Checkpoint
10-11-2017 02:36:53 System Checkpoint
12-11-2017 16:10:08 System Checkpoint
13-11-2017 16:47:09 System Checkpoint
17-11-2017 17:23:03 System Checkpoint
18-11-2017 19:37:21 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: 1394 Net Adapter - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/19/2017 11:00:48 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311

Error: (11/19/2017 11:00:43 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/18/2017 12:54:06 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311

Error: (11/18/2017 12:54:02 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/17/2017 01:33:02 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311

Error: (11/17/2017 01:32:57 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/16/2017 08:04:37 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311

Error: (11/16/2017 08:04:32 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/15/2017 09:11:27 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311

Error: (11/15/2017 09:11:23 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 3071.04 MB
Available physical RAM: 2203.43 MB
Total Virtual: 4959.2 MB
Available Virtual: 4356.73 MB

==================== Drives ================================

Drive c: (Boot Drive) (Fixed) (Total:298.09 GB) (Free:202.44 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:136.73 GB) NTFS
Drive z: (Data Drive) (Fixed) (Total:465.76 GB) (Free:364.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7975DF18)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F0128678)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0143820D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
Next
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; no ImagePath
S3 GMSIPCI; no ImagePath
S4 IntelIde; no ImagePath
S3 NTACCESS; no ImagePath
U2 RemoteRegistry; no ImagePath
U3 TlntSvr; no ImagePath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 [173]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:28BEC2EC [115]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 [94]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BD34FFC5 [286]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


  • 0

#3
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Thanks for looking at this zep516!

 

When I went to download AdwCleaner, the page said it only works on Windows 7 and higher.  I have Windows XP. Still, I tried it, but it wouldn't run.

 

I ran the fix.  The Fixlog.txt is shown below.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
Ran by Robert (30-11-2017 17:53:32) Run:1
Running from C:\Documents and Settings\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & UpdatusUser & Administrator & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; no ImagePath
S3 GMSIPCI; no ImagePath
S4 IntelIde; no ImagePath
S3 NTACCESS; no ImagePath
U2 RemoteRegistry; no ImagePath
U3 TlntSvr; no ImagePath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 [173]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:28BEC2EC [115]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 [94]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BD34FFC5 [286]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\System\CurrentControlSet\Services\Roxio UPnP Renderer 9 => key removed successfully.
Roxio UPnP Renderer 9 => service removed successfully.
HKLM\System\CurrentControlSet\Services\RoxLiveShare9 => key removed successfully.
RoxLiveShare9 => service removed successfully.
HKLM\System\CurrentControlSet\Services\EagleNT => key removed successfully.
EagleNT => service removed successfully.
HKLM\System\CurrentControlSet\Services\FLASHSYS => key removed successfully.
FLASHSYS => service removed successfully.
HKLM\System\CurrentControlSet\Services\GMSIPCI => key removed successfully.
GMSIPCI => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\NTACCESS => key removed successfully.
NTACCESS => service removed successfully.
HKLM\System\CurrentControlSet\Services\RemoteRegistry => key removed successfully.
RemoteRegistry => service removed successfully.
HKLM\System\CurrentControlSet\Services\TlntSvr => key removed successfully.
TlntSvr => service removed successfully.
HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => key removed successfully.
HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6} => key removed successfully.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => key removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => key removed successfully.
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => key removed successfully.
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found
C:\Documents and Settings\All Users\Application Data\TEMP => ":1CE11B51" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":28BEC2EC" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5D351BC6" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":BD34FFC5" ADS removed successfully.

========= bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10337 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 70734 B
Java, Flash, Steam htmlcache => 4662 B
Windows/system/dllcache/drivers => 16800 B
Edge => 0 B
Chrome => 0 B
Firefox => 412424770 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 0 B
All Users => 0 B
systemprofile => 0 B
LocalService => 21983 B
NetworkService => 2303036 B
Robert => 119104600 B
UpdatusUser => 0 B
Administrator => 0 B
Guest => 0 B

RecycleBin => 0 B
EmptyTemp: => 509.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:55:08 ====


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

I'd consider resetting all your browsers

https://www.howtogee...fault-settings/
  • 0

#5
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

OK, I reset Firefox.  Is anything more to be done?


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Your logs look good ! Time to move away from XP as it's an unsupported operating system and does not receive windows up dates. Otherwise I don't see anything else.

Thanks
Joe :)
  • 0

#7
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Web browsing is much faster now!  No complaints.

 

(My laptop has Windows 8.1.  The desktop that had the slow browsing has XP. I understand that it's an unsupported operating system without updates, but I don't do any banking or serious stuff like that on it.  That's what the laptop is for.)

 

Thank you very much for your help!


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
I missed this post no e mail confirmation.

You're welcome !

Thanks
Joe :)
  • 0

#9
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Hi zep516.

 

After I reset my browser, I noticed that AdBlock Plus had been removed.  I reinstalled it and noticed that the browsing had really slowed down again.  I removed AdBlock Plus, but the web page loading remained really slow.  I don't know if the same problem is back or if there is a different cause, but I ran FRST again.  Both logs are posted below.

 

  Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2017
Ran by Robert (administrator) on FIRSTBUILD (03-12-2017 10:56:27)
Running from C:\Documents and Settings\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & UpdatusUser & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4359280 2009-01-20] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960536 2009-01-20] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377232 2009-01-20] (Acronis)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\ DisallowedCertificates: 0DA4BF5A428C444A209EC3720EB7A9EE28C3CF9B (U)
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-299502267-789336058-725345543-1004 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1292380760937
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1420669599859
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} hxxp://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ieiztbqd.default-1512086190687 [2017-12-03]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\ieiztbqd.default-1512086190687\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25] [Lagacy] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll [2009-04-23] ( )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618936 2009-01-20] (Acronis)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2017-02-14] (ESET)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2008-12-23] (Macrovision Europe Ltd.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2234160 2014-11-12] (Raxco Software, Inc.)
R2 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2247472 2014-11-12] (Raxco Software, Inc.)
S4 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] () [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [139216 2016-07-11] (RedFox)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] () [File not signed]
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] () [File not signed]
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206472 2017-02-14] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156288 2017-02-14] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [137856 2017-02-14] (ESET)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-02-12] (REALiX™)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
S3 KLIF; C:\WINDOWS\system32\drivers\klif.sys [700616 2014-11-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-12-02] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-08-22] (VSO Software) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2017-12-02] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298752 2015-02-12] ()
R5 PDFSFilter; C:\Windows\System32\Drivers\PDFSFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-08] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 10:56 - 2017-12-03 10:56 - 000015046 _____ C:\Documents and Settings\Robert\Desktop\FRST.txt
2017-12-03 10:56 - 2017-12-03 10:56 - 000000000 ____D C:\FRST
2017-12-03 10:55 - 2017-12-03 10:56 - 001752064 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2017-12-02 22:00 - 2017-12-02 22:00 - 000001784 _____ C:\Documents and Settings\All Users\Start Menu\Programs\PerfectDisk.lnk
2017-12-02 20:40 - 2017-12-02 20:40 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\Eipix
2017-12-02 20:36 - 2017-12-02 20:36 - 000002217 _____ C:\Documents and Settings\Robert\Desktop\Danse Macabre 2- Moulin Rouge Collectors Edition.lnk
2017-12-02 20:36 - 2017-12-02 20:36 - 000000000 ____D C:\Documents and Settings\Robert\Start Menu\Programs\Danse Macabre 2- Moulin Rouge Collectors Edition
2017-11-30 18:56 - 2017-11-30 18:56 - 000000000 ____D C:\Documents and Settings\Robert\Desktop\Old Firefox Data
2017-11-24 10:57 - 2017-11-24 10:57 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\Alawar Stargaze
2017-11-24 10:55 - 2017-11-24 10:55 - 000001318 _____ C:\Documents and Settings\Robert\Start Menu\MyPlayCity Games.lnk
2017-11-23 20:27 - 2017-11-23 20:27 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\Mad Head Games
2017-11-22 16:00 - 2017-11-22 16:00 - 037482792 _____ C:\Documents and Settings\Robert\Desktop\2018 Honda CR-V Owner's Manual.pdf
2017-11-20 17:16 - 2017-11-20 17:16 - 000000085 _____ C:\Documents and Settings\Robert\Desktop\Coursera Online Courses From Top Universities. Join for Free Coursera.URL
2017-11-19 12:09 - 2017-11-19 12:09 - 000000096 _____ C:\Documents and Settings\Robert\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forum.URL
2017-11-18 19:08 - 2017-11-18 19:08 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\ERS Game Studios
2017-11-17 16:55 - 2017-11-17 16:55 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\AMAX Interactive
2017-11-08 18:52 - 2017-12-03 06:52 - 000000282 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-11-06 10:09 - 2017-11-06 10:09 - 000013798 _____ C:\Documents and Settings\Robert\Desktop\CarHelpCanadaMembershipCard.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 10:56 - 2015-12-13 21:42 - 000000000 ____D C:\Documents and Settings\Robert\Local Settings\temp
2017-12-03 10:55 - 2008-08-16 08:32 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\uTorrent
2017-12-03 10:36 - 2010-03-11 22:40 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-03 09:56 - 2013-07-05 02:25 - 000000062 _____ C:\Documents and Settings\Robert\Desktop\Cinematik.URL
2017-12-02 22:00 - 2015-02-24 17:03 - 000000000 ____D C:\Program Files\Raxco
2017-12-02 22:00 - 2007-07-21 09:25 - 000000000 ____D C:\Program Files\Common Files\Raxco
2017-12-02 21:36 - 2010-03-11 22:40 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-12-02 20:34 - 2017-08-18 22:38 - 000000000 ____D C:\Program Files\Foxy Games
2017-12-02 20:11 - 2017-07-06 12:38 - 000003935 _____ C:\DelFix.txt
2017-12-02 19:59 - 2016-03-28 11:48 - 000000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2017-12-02 16:21 - 2017-02-17 18:42 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-02 16:21 - 2017-01-27 11:03 - 000000550 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2017-12-02 16:21 - 2014-03-12 22:32 - 000000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-12-02 16:21 - 2006-06-03 17:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-02 16:21 - 2004-08-04 07:00 - 000012054 _____ C:\WINDOWS\system32\wpa.dbl
2017-12-02 16:19 - 2009-10-24 22:17 - 000971552 _____ (Acronis) C:\WINDOWS\system32\Drivers\tdrpm174.sys
2017-12-02 16:19 - 2006-06-03 17:32 - 000000278 ___SH C:\Documents and Settings\Robert\ntuser.ini
2017-12-02 16:19 - 2006-06-03 17:31 - 000032518 _____ C:\WINDOWS\SchedLgU.Txt
2017-12-01 23:26 - 2010-10-30 13:18 - 000002521 _____ C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2017-11-27 20:08 - 2010-10-30 13:30 - 000002515 _____ C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2017-11-27 07:30 - 2013-12-19 13:34 - 000000000 ____D C:\Documents and Settings\Robert\Scans
2017-11-22 22:59 - 2014-04-08 19:23 - 000065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-11-22 22:59 - 2011-03-26 10:30 - 000065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-11-22 22:59 - 2007-01-13 17:05 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2017-11-22 22:59 - 2006-12-11 17:02 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-11-22 17:25 - 2006-06-03 17:05 - 000000000 ____D C:\WINDOWS\Registration
2017-11-22 09:43 - 2014-02-11 16:16 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\MPC-HC
2017-11-22 09:43 - 2006-06-03 17:32 - 000000000 ____D C:\Documents and Settings\Robert
2017-11-20 08:45 - 2006-06-03 12:47 - 000000281 ___SH C:\boot.ini
2017-11-20 08:45 - 2004-08-04 07:00 - 000000855 _____ C:\WINDOWS\win.ini
2017-11-20 08:45 - 2004-08-04 07:00 - 000000227 _____ C:\WINDOWS\system.ini
2017-11-15 21:14 - 2012-08-13 15:23 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-15 21:14 - 2012-08-13 15:23 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-11-15 21:14 - 2006-06-03 17:05 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 21:13 - 2006-06-10 07:50 - 000000000 ____D C:\Documents and Settings\Robert\Local Settings\Application Data\Adobe
2017-11-14 21:47 - 2017-09-28 21:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-14 21:47 - 2017-02-17 11:29 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-08 18:52 - 2006-06-11 10:24 - 000000000 ____D C:\Program Files\CCleaner
2017-11-08 15:00 - 2014-03-12 22:32 - 000000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-11-08 12:52 - 2014-04-17 20:09 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Elephant Games

==================== Files in the root of some directories =======

2006-07-26 16:35 - 2006-10-06 21:19 - 000000024 _____ () C:\Documents and Settings\Robert\mylist.dat
2016-06-22 18:40 - 2016-06-22 18:40 - 000003072 _____ () C:\Documents and Settings\Robert\Application Data\.spark_db
2014-04-02 21:28 - 2014-04-02 21:30 - 000009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2017-02-06 15:25 - 2017-02-06 15:25 - 000087608 _____ () C:\Documents and Settings\Robert\Application Data\ezpinst.exe
2017-08-28 15:38 - 2017-08-28 15:38 - 000000000 _____ () C:\Documents and Settings\Robert\Application Data\KAooy.txt
2017-02-06 15:25 - 2017-02-06 15:25 - 000000108 _____ () C:\Documents and Settings\Robert\Application Data\netstat.bat
2007-03-23 16:38 - 2011-04-10 14:47 - 000007887 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.cat
2007-03-23 16:38 - 2011-04-10 14:47 - 000001144 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.inf
2007-03-23 16:38 - 2011-04-10 14:48 - 000000033 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.log
2017-02-06 15:25 - 2017-02-06 15:25 - 000047360 _____ (VSO Software) C:\Documents and Settings\Robert\Application Data\pcouffin.sys
2008-07-05 10:41 - 2008-07-05 10:41 - 000002494 _____ () C:\Documents and Settings\Robert\Application Data\sldIMLog_20080-40000-1100_00002.txt
2010-10-24 16:36 - 2010-10-24 16:36 - 000000036 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
2009-09-24 17:41 - 2009-09-24 17:41 - 005257216 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
2007-08-25 13:19 - 2007-08-25 13:19 - 000002108 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
2007-01-25 22:46 - 2007-12-03 19:42 - 001462572 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
2007-11-25 22:46 - 2016-10-31 17:27 - 000000123 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2013-09-14 19:49 - 2013-09-14 19:49 - 000000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2008-03-02 15:30 - 2008-08-29 17:51 - 000110892 _____ () C:\Documents and Settings\All Users\Application Data\Svclog.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
Ran by Robert (03-12-2017 10:57:15)
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2015-01-06 17:20:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-789336058-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-789336058-725345543-1013 - Limited - Enabled)
Guest (S-1-5-21-299502267-789336058-725345543-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-299502267-789336058-725345543-1000 - Limited - Disabled)
Robert (S-1-5-21-299502267-789336058-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Robert
SUPPORT_388945a0 (S-1-5-21-299502267-789336058-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-299502267-789336058-725345543-1014 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.408.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Amnesia - The Dark Descent  (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.1.0.0 - RedFox)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
Beyond Compare Version 2.4.3 (HKLM\...\BC2_is1) (Version:  - Scooter Software)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreFLAC Audio Decoder+Source Filter (remove only) (HKLM\...\CoreFLAC Audio Decoder+Source Filter) (Version:  - )
Corel Painter X (HKLM\...\{05D60953-9012-44DF-A1A6-9DD97AD6580A}) (Version: 10.1 - Corel Corporation) Hidden
COSMOSMotion 2008 SP0 (HKLM\...\{8876F541-F374-4375-BF2A-8FD9FA8141C4}) (Version: 16.00.9035 - SolidWorks Corporation)
COSMOSWorks 2008 SP03 (HKLM\...\{0C631AC5-3AA0-418F-B132-29F8432F1C19}) (Version: 16.30.41 - SolidWorks Corporation)
Danse Macabre 2- Moulin Rouge Collectors Edition (HKLM\...\Danse Macabre 2- Moulin Rouge Collectors Edition1.1) (Version: 1.1 - Foxy Games)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Rebuilder (HKLM\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.09 - jdobbs softworks and rockas association)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.2.0.2 (10/06/2015) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDInfoPro (HKLM\...\{32611C62-474D-47B1-B347-06453D430A28}) (Version: 4.36.0000 - Nic Wilson)
DWGeditor (HKLM\...\{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}) (Version: 16.00.9034 - SolidWorks)
Easy CD-DA Extractor 2011 (HKLM\...\Easy CD-DA Extractor 2011) (Version: 2011 - Poikosoft)
eDrawings 2008 (HKLM\...\{40345A8F-3B72-44DE-814F-72E8A52B1161}) (Version: 8.0.708 - SolidWorks)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{5D24DE25-DD99-42DB-8A57-252C1ACA1056}) (Version: 9.0.375.0 - ESET, spol. s r.o.)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
GoldWave v5.13 (HKLM\...\GoldWave v5.13) (Version:  - )
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version:  - fCoder, Ltd.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
IsoBuster 3.6 (HKLM\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
K-Lite Mega Codec Pack 10.9.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maple 12 (HKLM\...\Maple 12) (Version: 12.0.0.0 - Maplesoft)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.20.10.3 - Marvell)
MathType 5 (HKLM\...\DSMT5) (Version: 5.2 - Design Science, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0.6520 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (HKLM\...\{32343DB6-9A52-40C9-87E4-5E7C79791C87}) (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up  (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version:  - )
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (HKLM\...\NOD32 v3.x FiX 1.1 by TemDono_is1) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OJ4620FWUpdateAlert (HKLM\...\{5F252E10-C3CA-4686-8AB8-1FE09703ADFF}) (Version: 1.00.0000 - HP) Hidden
OriginPro 7.5 (HKLM\...\{ECE12161-B445-48FA-9056-FD54D8A72459}) (Version:  - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.00.43 - )
PDF Settings (HKLM\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - )
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.0.02.02130 - Sony Corporation)
Portforward Static IP Address 1.0.47 (HKLM\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
ProShow Producer (HKLM\...\ProShow Producer) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
River Past Audio Converter Pro (HKLM\...\Audio Converter Pro) (Version: 7.7.1 - River Past)
SigmaPlot 10.0 (HKLM\...\{43224D30-5941-47A4-9AD7-9250EE794396}) (Version: 10.0.0 - Systat Software, Inc.)
SolidWorks 2008 SP03 (HKLM\...\{266EB766-9ABB-40D0-AB9F-41EE46D23876}) (Version: 16.1.0303 - SolidWorks)
SolidWorks Explorer 2008 sp0 (HKLM\...\{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}) (Version: 16.00.9034 - SolidWorks Corporation)
Spy Sweeper Updater 2.0.0 Alpha 4000 (HKLM\...\Spy Sweeper Updater 2.0.0 Alpha 4000) (Version: 2.0.0 Alpha 4000 - BigScott27)
Sudoku Works (HKLM\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.35 - Crystal Office Systems)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.24 - Tweaking.com)
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VBA (2627.01) (HKLM\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC 9.0 Runtime (HKLM\...\{A040AC77-C1AA-4CC9-8931-9F648AF178F6}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (HKLM\...\{767CC44C-9BBC-438D-BAD3-FD4595DD148B}) (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version:  - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\System32\ComCt232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\System32\ComCt232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\System32\msvbvm60.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2008-02-09] (Autodesk, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\WINDOWS\system32\cnvshell.dll [2008-01-26] (fCoder Group International)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-02-28] (Nero AG)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers1: [Washer] -> {6EE51AA0-77A0-11D7-B4E1-000347126E46} => C:\Program Files\Common Files\Webroot Shared\ShellWash.dll [2007-11-26] (Webroot Software)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-03-08] ()
ContextMenuHandlers4: [Washer] -> {6EE51AA0-77A0-11D7-B4E1-000347126E46} => C:\Program Files\Common Files\Webroot Shared\ShellWash.dll [2007-11-26] (Webroot Software)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2013-01-31] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2013-01-31] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\WINDOWS\system32\cnvshell.dll [2008-01-26] (fCoder Group International)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-03-08] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Robert\Start Menu\Programs\Danse Macabre 2- Moulin Rouge Collectors Edition\Danse Macabre 2- Moulin Rouge Collectors Edition.lnk -> C:\Program Files\Foxy Games\Danse Macabre 2- Moulin Rouge Collectors Edition\Start_Game.bat ()
Shortcut: C:\Documents and Settings\Robert\Start Menu\Programs\AVIcodec\Website.lnk -> hxxp://avicodec.duby.inf
Shortcut: C:\Documents and Settings\Robert\Desktop\Аmnеsiа.lnk -> C:\Program Files\Amnesia - The Dark Descent\redist\Launcher.bat ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Amnesia - The Dark Descent\Аmnеsiа.lnk -> C:\Program Files\Amnesia - The Dark Descent\redist\Launcher.bat ()

==================== Loaded Modules (Whitelisted) ==============

2010-03-08 21:55 - 2010-03-08 21:55 - 000010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2006-06-05 22:04 - 2005-10-07 14:05 - 000125440 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-16 17:03 - 2013-01-31 06:22 - 000357224 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\scrfile: "%1" /S <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\.cmd: cmdfile =>  <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\.reg: regfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7832 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4190 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4190 more sites.

IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2017-11-30 17:54 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-789336058-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zSC2.tmp\SymNRT.exe] => Enabled:Norton Removal Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS2FC2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS333D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS352D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS0DA0\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS71B5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS5311\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1A7F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A19\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7CF2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1717\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS18B2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS47BD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS4802\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS6464\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS67D6\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS05C3\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS2B9F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Popcorn Time\Updater.exe] => Enabled:Updater.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

02-12-2017 20:11:31 System Checkpoint
02-12-2017 20:11:32 System Checkpoint
02-12-2017 20:11:32 System Checkpoint
02-12-2017 20:11:32 System Checkpoint
02-12-2017 20:11:32 System Checkpoint
02-12-2017 20:11:32 System Checkpoint
02-12-2017 20:11:32 System Checkpoint
02-12-2017 20:11:32 System Checkpoint
02-12-2017 20:11:32 JRT Pre-Junkware Removal
02-12-2017 20:11:33 System Checkpoint
02-12-2017 20:11:33 System Checkpoint
02-12-2017 20:11:33 System Checkpoint
02-12-2017 20:11:33 System Checkpoint
02-12-2017 20:11:33 System Checkpoint
02-12-2017 20:11:33 System Checkpoint
02-12-2017 20:11:34 System Checkpoint
02-12-2017 20:11:34 System Checkpoint
02-12-2017 20:11:34 System Checkpoint
02-12-2017 20:11:34 System Checkpoint
02-12-2017 20:11:34 System Checkpoint
02-12-2017 20:11:34 System Checkpoint
02-12-2017 20:11:34 System Checkpoint
02-12-2017 20:11:35 System Checkpoint
02-12-2017 20:11:35 System Checkpoint
02-12-2017 20:11:35 System Checkpoint
02-12-2017 20:11:35 System Checkpoint
02-12-2017 20:11:35 System Checkpoint
02-12-2017 20:11:35 System Checkpoint
02-12-2017 20:11:35 System Checkpoint
02-12-2017 20:11:35 System Checkpoint
02-12-2017 20:11:36 System Checkpoint
02-12-2017 20:11:36 System Checkpoint
02-12-2017 20:11:36 System Checkpoint
02-12-2017 20:11:36 System Checkpoint
02-12-2017 20:11:36 System Checkpoint
02-12-2017 20:11:37 JRT Pre-Junkware Removal
02-12-2017 20:11:37 System Checkpoint
02-12-2017 20:11:37 System Checkpoint
02-12-2017 20:11:37 System Checkpoint
02-12-2017 20:11:37 System Checkpoint
02-12-2017 20:11:37 System Checkpoint
02-12-2017 20:11:38 System Checkpoint
02-12-2017 20:11:38 Restore Operation
02-12-2017 20:11:38 System Checkpoint
02-12-2017 20:11:38 System Checkpoint
02-12-2017 20:11:38 System Checkpoint
02-12-2017 20:11:38 System Checkpoint
02-12-2017 20:11:38 JRT Pre-Junkware Removal
02-12-2017 20:11:39 System Checkpoint
02-12-2017 20:11:39 Restore Point Created by FRST
02-12-2017 20:11:39 System Checkpoint
02-12-2017 20:11:39 Revo Uninstaller's restore point - Cadenza 4 Fame Theft and Murder CE 1.0
02-12-2017 20:11:47 End of disinfection
02-12-2017 21:49:47 Removed PerfectDisk Professional Business.
02-12-2017 22:00:05 Installed PerfectDisk Professional Business.

==================== Faulty Device Manager Devices =============

Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: 1394 Net Adapter - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2017 08:05:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 30.11.2017.0, faulting module frst.exe, version 30.11.2017.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]

Error: (11/29/2017 05:11:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.5.0.6520, faulting module mozglue.dll, version 52.5.0.6520, fault address 0x0000f3de.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (12/03/2017 10:36:37 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/03/2017 05:36:04 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/03/2017 12:36:06 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/02/2017 09:51:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (12/02/2017 09:51:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (12/02/2017 09:51:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (12/02/2017 09:51:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (12/02/2017 09:51:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (12/02/2017 09:51:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (12/02/2017 09:51:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3071.04 MB
Available physical RAM: 1983.57 MB
Total Virtual: 4959.2 MB
Available Virtual: 4191.34 MB

==================== Drives ================================

Drive c: (Boot Drive) (Fixed) (Total:298.09 GB) (Free:205.82 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:145.36 GB) NTFS
Drive z: (Data Drive) (Fixed) (Total:465.76 GB) (Free:337.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7975DF18)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F0128678)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0143820D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

What browser are we using ? Perhaps we should reinstall it.
  • 0

Advertisements


#11
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Hi zep516.

 

I'm using Firefox ESR, version 52.5.0 (up to date version.)


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Try reinstalling Firefox and see some suggestions here

https://support.mozi...irefox-problems
  • 0

#13
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

I cleared Firefox cookies and history, as well as starting it in Safe Mode.  No improvement in browsing speed.  (Loading pages and scrolling, etc., takes a long time.)

 

I then uninstalled Firefox and reinstalled it.  Still lagging,but some slight improvement.  By the way, I have not reinstalled AdBlock Plus.  Is it OK to do so, or will this slow things down?

 

Are the FRST logs from post #9 OK?


Edited by Jackpine, 05 December 2017 - 09:25 AM.

  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

FRST logs are ok in post #9

I have had trouble with Firefox also since the great up date.

Also give palemoon a try. I'm not asking you to change browsers but just to try it.

https://www.palemoon.org/
  • 0

#15
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Hi zep516,

 

I tried installing palemoon, but was unable to do so.  A message came up saying that Windows Vista and higher is needed.  My desktop has Windows XP.

 

I also installed Google Chrome.  It works, but is no longer supported for Windows XP.  The main drawback I found is that although I tried to import my bookmarks from Firefox, the bookmarks did not appear on the bookmark bar at the top of the page.  Not sure if that is because Chrome no longer being supported for XP, or because I'm doing something wrong.  (I made sure to select the option to keep the bookmark bar always displayed at the top of the page.)

 

But where are my bookmarks?  They don't even appear on the Chrome Menu.  Any idea how this could be fixed?

 

Thanks.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP