Hi, my desktop computer otherwise works fine, except that web pages have recently been very slow to load. However, there are no redirects. Your assistance to fix this situation would be greatly appreciated. Thank you.
FRST logs are shown below.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2017
Ran by Robert (administrator) on FIRSTBUILD (19-11-2017 11:17:42)
Running from C:\Documents and Settings\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & UpdatusUser & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\ DisallowedCertificates: 0DA4BF5A428C444A209EC3720EB7A9EE28C3CF9B (U)
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
BootExecute: PDBoot.exeautocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-299502267-789336058-725345543-1004 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1292380760937
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1420669599859
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} hxxp://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default [2017-11-19]
FF Extension: (Advertising Cookie Opt-out) - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\Extensions\optout@google.com.xpi [2015-08-16] [Lagacy] [not signed]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25] [Lagacy] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll [2009-04-23] ( )
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2017-02-14] (ESET)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2008-12-23] (Macrovision Europe Ltd.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2234160 2014-11-12] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2247472 2014-11-12] (Raxco Software, Inc.)
S4 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] () [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
S2 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [139216 2016-07-11] (RedFox)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] () [File not signed]
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] () [File not signed]
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206472 2017-02-14] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156288 2017-02-14] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [137856 2017-02-14] (ESET)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-02-12] (REALiX)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
S3 KLIF; C:\WINDOWS\system32\drivers\klif.sys [700616 2014-11-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-11-19] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-08-22] (VSO Software) [File not signed]
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298752 2015-02-12] ()
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; no ImagePath
S3 GMSIPCI; no ImagePath
S4 IntelIde; no ImagePath
S3 NTACCESS; no ImagePath
U2 RemoteRegistry; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-08] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-19 11:17 - 2017-11-19 11:18 - 000015160 _____ C:\Documents and Settings\Robert\Desktop\FRST.txt
2017-11-19 11:17 - 2017-11-19 11:17 - 000000000 ____D C:\FRST
2017-11-19 11:16 - 2017-11-19 11:17 - 001787904 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2017-11-18 19:08 - 2017-11-18 19:08 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\ERS Game Studios
2017-11-17 21:54 - 2017-11-17 21:54 - 000000837 _____ C:\Documents and Settings\Robert\Desktop\Shortcut to RC9_NightTerrors_CE.lnk
2017-11-17 21:29 - 2017-11-17 21:29 - 000002174 _____ C:\Documents and Settings\Robert\Desktop\Redemption Cemetery 6 - The Island of the Lost BETA.lnk
2017-11-17 21:29 - 2017-11-17 21:29 - 000000000 ____D C:\Documents and Settings\Robert\Start Menu\Programs\Redemption Cemetery 6 - The Island of the Lost BETA
2017-11-17 16:55 - 2017-11-17 16:55 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\AMAX Interactive
2017-11-17 16:55 - 2017-11-17 16:55 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Redemption Cemetery 9 Night Terrors CE
2017-11-17 16:52 - 2017-11-17 21:54 - 000000000 ____D C:\Program Files\Redemption Cemetery 9 Night Terrors CE
2017-11-08 18:52 - 2017-11-19 11:00 - 000000282 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-11-06 10:09 - 2017-11-06 10:09 - 000013798 _____ C:\Documents and Settings\Robert\Desktop\CarHelpCanadaMembershipCard.pdf
2017-11-02 12:05 - 2017-11-02 12:05 - 000000066 _____ C:\Documents and Settings\Robert\Desktop\Account - Car Help Canada.URL
2017-10-20 22:46 - 2017-10-20 22:46 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\Boolat Games
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-19 11:18 - 2015-12-13 21:42 - 000000000 ____D C:\Documents and Settings\Robert\Local Settings\temp
2017-11-19 11:15 - 2017-07-06 12:38 - 000000470 _____ C:\DelFix.txt
2017-11-19 11:12 - 2008-08-16 08:32 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\uTorrent
2017-11-19 11:04 - 2010-10-30 13:18 - 000002521 _____ C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2017-11-19 11:01 - 2017-02-17 18:42 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-19 11:00 - 2017-01-27 11:03 - 000000550 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2017-11-19 11:00 - 2014-03-12 22:32 - 000000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-11-19 11:00 - 2010-03-11 22:40 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-19 11:00 - 2006-06-03 17:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-19 11:00 - 2004-08-04 07:00 - 000012054 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-18 22:53 - 2006-06-03 17:32 - 000000278 ___SH C:\Documents and Settings\Robert\ntuser.ini
2017-11-18 22:53 - 2006-06-03 17:31 - 000032630 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-18 22:36 - 2010-03-11 22:40 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-18 19:59 - 2016-03-28 11:48 - 000000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2017-11-17 21:26 - 2017-08-18 22:38 - 000000000 ____D C:\Program Files\Foxy Games
2017-11-17 21:18 - 2014-02-11 16:16 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\MPC-HC
2017-11-15 21:14 - 2012-08-13 15:23 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-15 21:14 - 2012-08-13 15:23 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-11-15 21:14 - 2006-06-03 17:05 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 21:13 - 2006-06-10 07:50 - 000000000 ____D C:\Documents and Settings\Robert\Local Settings\Application Data\Adobe
2017-11-14 21:47 - 2017-09-28 21:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-14 21:47 - 2017-02-17 11:29 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-13 16:28 - 2010-10-30 13:30 - 000002515 _____ C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2017-11-10 20:08 - 2014-04-08 19:23 - 000065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-11-10 20:08 - 2011-03-26 10:30 - 000065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-11-10 20:08 - 2007-01-13 17:05 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2017-11-10 20:08 - 2006-12-11 17:02 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-11-08 18:54 - 2006-06-03 17:32 - 000000000 ____D C:\Documents and Settings\Robert
2017-11-08 18:52 - 2006-06-11 10:24 - 000000000 ____D C:\Program Files\CCleaner
2017-11-08 15:00 - 2014-03-12 22:32 - 000000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-11-08 12:52 - 2014-04-17 20:09 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Elephant Games
2017-11-02 16:33 - 2017-09-19 21:20 - 000000000 ____D C:\Documents and Settings\Robert\Application Data\Elephant Games
2017-10-29 19:45 - 2006-06-03 12:49 - 000724282 _____ C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2006-07-26 16:35 - 2006-10-06 21:19 - 000000024 _____ () C:\Documents and Settings\Robert\mylist.dat
2016-06-22 18:40 - 2016-06-22 18:40 - 000003072 _____ () C:\Documents and Settings\Robert\Application Data\.spark_db
2014-04-02 21:28 - 2014-04-02 21:30 - 000009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2017-02-06 15:25 - 2017-02-06 15:25 - 000087608 _____ () C:\Documents and Settings\Robert\Application Data\ezpinst.exe
2017-08-28 15:38 - 2017-08-28 15:38 - 000000000 _____ () C:\Documents and Settings\Robert\Application Data\KAooy.txt
2017-02-06 15:25 - 2017-02-06 15:25 - 000000108 _____ () C:\Documents and Settings\Robert\Application Data\netstat.bat
2007-03-23 16:38 - 2011-04-10 14:47 - 000007887 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.cat
2007-03-23 16:38 - 2011-04-10 14:47 - 000001144 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.inf
2007-03-23 16:38 - 2011-04-10 14:48 - 000000033 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.log
2017-02-06 15:25 - 2017-02-06 15:25 - 000047360 _____ (VSO Software) C:\Documents and Settings\Robert\Application Data\pcouffin.sys
2008-07-05 10:41 - 2008-07-05 10:41 - 000002494 _____ () C:\Documents and Settings\Robert\Application Data\sldIMLog_20080-40000-1100_00002.txt
2010-10-24 16:36 - 2010-10-24 16:36 - 000000036 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
2009-09-24 17:41 - 2009-09-24 17:41 - 005257216 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
2007-08-25 13:19 - 2007-08-25 13:19 - 000002108 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
2007-01-25 22:46 - 2007-12-03 19:42 - 001462572 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
2007-11-25 22:46 - 2016-10-31 17:27 - 000000123 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2013-09-14 19:49 - 2013-09-14 19:49 - 000000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2008-03-02 15:30 - 2008-08-29 17:51 - 000110892 _____ () C:\Documents and Settings\All Users\Application Data\Svclog.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
Ran by Robert (19-11-2017 11:18:44)
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2015-01-06 17:20:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-299502267-789336058-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-789336058-725345543-1013 - Limited - Enabled)
Guest (S-1-5-21-299502267-789336058-725345543-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-299502267-789336058-725345543-1000 - Limited - Disabled)
Robert (S-1-5-21-299502267-789336058-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Robert
SUPPORT_388945a0 (S-1-5-21-299502267-789336058-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-299502267-789336058-725345543-1014 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 9.0.408.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Amnesia - The Dark Descent (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.1.0.0 - RedFox)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version: - )
Beyond Compare Version 2.4.3 (HKLM\...\BC2_is1) (Version: - Scooter Software)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: - Elaborate Bytes)
Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreFLAC Audio Decoder+Source Filter (remove only) (HKLM\...\CoreFLAC Audio Decoder+Source Filter) (Version: - )
Corel Painter X (HKLM\...\{05D60953-9012-44DF-A1A6-9DD97AD6580A}) (Version: 10.1 - Corel Corporation) Hidden
COSMOSMotion 2008 SP0 (HKLM\...\{8876F541-F374-4375-BF2A-8FD9FA8141C4}) (Version: 16.00.9035 - SolidWorks Corporation)
COSMOSWorks 2008 SP03 (HKLM\...\{0C631AC5-3AA0-418F-B132-29F8432F1C19}) (Version: 16.30.41 - SolidWorks Corporation)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
DVD Rebuilder (HKLM\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.09 - jdobbs softworks and rockas association)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
DVDFab 9.2.0.2 (10/06/2015) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
DVDInfoPro (HKLM\...\{32611C62-474D-47B1-B347-06453D430A28}) (Version: 4.36.0000 - Nic Wilson)
DWGeditor (HKLM\...\{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}) (Version: 16.00.9034 - SolidWorks)
Easy CD-DA Extractor 2011 (HKLM\...\Easy CD-DA Extractor 2011) (Version: 2011 - Poikosoft)
eDrawings 2008 (HKLM\...\{40345A8F-3B72-44DE-814F-72E8A52B1161}) (Version: 8.0.708 - SolidWorks)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESET NOD32 Antivirus (HKLM\...\{5D24DE25-DD99-42DB-8A57-252C1ACA1056}) (Version: 9.0.375.0 - ESET, spol. s r.o.)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
GoldWave v5.13 (HKLM\...\GoldWave v5.13) (Version: - )
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version: - fCoder, Ltd.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
IsoBuster 3.6 (HKLM\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
K-Lite Mega Codec Pack 10.9.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version: - Rene-Gilles Deberdt)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maple 12 (HKLM\...\Maple 12) (Version: 12.0.0.0 - Maplesoft)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.20.10.3 - Marvell)
MathType 5 (HKLM\...\DSMT5) (Version: 5.2 - Design Science, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version: - Collectorz.com)
Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0.6520 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version: - Virtuoza)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (HKLM\...\{32343DB6-9A52-40C9-87E4-5E7C79791C87}) (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version: - )
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (HKLM\...\NOD32 v3.x FiX 1.1 by TemDono_is1) (Version: - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OJ4620FWUpdateAlert (HKLM\...\{5F252E10-C3CA-4686-8AB8-1FE09703ADFF}) (Version: 1.00.0000 - HP) Hidden
OriginPro 7.5 (HKLM\...\{ECE12161-B445-48FA-9056-FD54D8A72459}) (Version: - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.00.43 - )
PDF Settings (HKLM\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version: - )
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.0.02.02130 - Sony Corporation)
Portforward Static IP Address 1.0.47 (HKLM\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
ProShow Producer (HKLM\...\ProShow Producer) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
Redemption Cemetery 6 - The Island of the Lost BETA (HKLM\...\Redemption Cemetery 6 - The Island of the Lost BETA1.1) (Version: 1.1 - Foxy Games)
Redemption Cemetery 9 Night Terrors CE 1.0 (HKLM\...\Redemption Cemetery 9 Night Terrors CE_is1) (Version: 1.0 - Big Fish Games)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
River Past Audio Converter Pro (HKLM\...\Audio Converter Pro) (Version: 7.7.1 - River Past)
SigmaPlot 10.0 (HKLM\...\{43224D30-5941-47A4-9AD7-9250EE794396}) (Version: 10.0.0 - Systat Software, Inc.)
SolidWorks 2008 SP03 (HKLM\...\{266EB766-9ABB-40D0-AB9F-41EE46D23876}) (Version: 16.1.0303 - SolidWorks)
SolidWorks Explorer 2008 sp0 (HKLM\...\{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}) (Version: 16.00.9034 - SolidWorks Corporation)
Spy Sweeper Updater 2.0.0 Alpha 4000 (HKLM\...\Spy Sweeper Updater 2.0.0 Alpha 4000) (Version: 2.0.0 Alpha 4000 - BigScott27)
Sudoku Works (HKLM\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.35 - Crystal Office Systems)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.24 - Tweaking.com)
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VBA (2627.01) (HKLM\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC 9.0 Runtime (HKLM\...\{A040AC77-C1AA-4CC9-8931-9F648AF178F6}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (HKLM\...\{767CC44C-9BBC-438D-BAD3-FD4595DD148B}) (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version: - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\System32\ComCt232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\System32\ComCt232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\System32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2008-02-09] (Autodesk, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\WINDOWS\system32\cnvshell.dll [2008-01-26] (fCoder Group International)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-02-28] (Nero AG)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers1: [Washer] -> {6EE51AA0-77A0-11D7-B4E1-000347126E46} => C:\Program Files\Common Files\Webroot Shared\ShellWash.dll [2007-11-26] (Webroot Software)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-03-08] ()
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers4: [Washer] -> {6EE51AA0-77A0-11D7-B4E1-000347126E46} => C:\Program Files\Common Files\Webroot Shared\ShellWash.dll [2007-11-26] (Webroot Software)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2013-01-31] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2013-01-31] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\WINDOWS\system32\cnvshell.dll [2008-01-26] (fCoder Group International)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-02-14] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-03-08] ()
==================== Scheduled Tasks=============================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\Robert\Start Menu\Programs\AVIcodec\Website.lnk -> hxxp://avicodec.duby.inf
Shortcut: C:\Documents and Settings\Robert\Desktop\Аmnеsiа.lnk -> C:\Program Files\Amnesia - The Dark Descent\redist\Launcher.bat ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Amnesia - The Dark Descent\Аmnеsiа.lnk -> C:\Program Files\Amnesia - The Dark Descent\redist\Launcher.bat ()
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 [173]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:28BEC2EC [115]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 [94]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BD34FFC5 [286]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\scrfile: "%1" /S <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\.cmd: cmdfile => <==== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\.reg: regfile => <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7832 more sites.
IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
There are 4190 more sites.
IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
There are 4190 more sites.
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123simsen.com -> www.123simsen.com
There are 7794 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 07:00 - 2017-05-08 19:13 - 000000886 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 serius.mwbsys.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-299502267-789336058-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zSC2.tmp\SymNRT.exe] => Enabled:Norton Removal Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS2FC2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS333D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS352D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS0DA0\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS71B5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS5311\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1A7F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A19\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7CF2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1717\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS18B2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS47BD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS4802\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS6464\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS67D6\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS05C3\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS2B9F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Popcorn Time\Updater.exe] => Enabled:Updater.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
==================== Restore Points =========================
21-08-2017 16:09:46 System Checkpoint
21-08-2017 18:13:22 JRT Pre-Junkware Removal
22-08-2017 18:37:25 System Checkpoint
24-08-2017 09:43:34 System Checkpoint
25-08-2017 11:16:16 System Checkpoint
26-08-2017 11:46:35 System Checkpoint
27-08-2017 13:05:54 System Checkpoint
28-08-2017 13:43:01 System Checkpoint
29-08-2017 16:41:58 System Checkpoint
30-08-2017 17:34:16 System Checkpoint
31-08-2017 18:13:06 System Checkpoint
01-09-2017 19:42:58 System Checkpoint
02-09-2017 21:10:23 System Checkpoint
04-09-2017 08:28:37 System Checkpoint
05-09-2017 10:05:18 System Checkpoint
06-09-2017 19:08:32 System Checkpoint
07-09-2017 19:48:02 System Checkpoint
09-09-2017 08:09:29 System Checkpoint
17-09-2017 19:31:43 System Checkpoint
18-09-2017 19:58:10 System Checkpoint
20-09-2017 18:47:16 System Checkpoint
20-09-2017 21:17:02 JRT Pre-Junkware Removal
24-09-2017 14:28:37 System Checkpoint
25-09-2017 14:45:43 System Checkpoint
26-09-2017 19:11:37 System Checkpoint
28-09-2017 10:15:16 System Checkpoint
29-09-2017 11:52:40 System Checkpoint
01-10-2017 11:39:17 System Checkpoint
02-10-2017 17:29:37 System Checkpoint
03-10-2017 18:03:42 System Checkpoint
04-10-2017 18:56:00 System Checkpoint
06-10-2017 07:58:29 System Checkpoint
09-10-2017 18:29:28 System Checkpoint
14-10-2017 17:56:01 System Checkpoint
15-10-2017 22:08:03 System Checkpoint
17-10-2017 14:41:26 System Checkpoint
18-10-2017 15:23:57 System Checkpoint
19-10-2017 15:24:55 System Checkpoint
20-10-2017 15:35:51 System Checkpoint
23-10-2017 08:56:24 System Checkpoint
24-10-2017 14:40:17 System Checkpoint
29-10-2017 20:31:06 System Checkpoint
30-10-2017 20:38:43 System Checkpoint
01-11-2017 08:51:02 System Checkpoint
02-11-2017 08:51:17 System Checkpoint
03-11-2017 10:01:57 System Checkpoint
05-11-2017 14:44:12 System Checkpoint
07-11-2017 02:44:28 System Checkpoint
07-11-2017 21:45:28 JRT Pre-Junkware Removal
08-11-2017 23:32:50 System Checkpoint
10-11-2017 02:36:53 System Checkpoint
12-11-2017 16:10:08 System Checkpoint
13-11-2017 16:47:09 System Checkpoint
17-11-2017 17:23:03 System Checkpoint
18-11-2017 19:37:21 System Checkpoint
==================== Faulty Device Manager Devices =============
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: 1394 Net Adapter - Kaspersky Anti-Virus NDIS Miniport
Description: Kaspersky Anti-Virus NDIS Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Kaspersky Lab
Service: klim5
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (11/19/2017 11:00:48 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (11/19/2017 11:00:43 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (11/18/2017 12:54:06 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (11/18/2017 12:54:02 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (11/17/2017 01:33:02 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (11/17/2017 01:32:57 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (11/16/2017 08:04:37 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (11/16/2017 08:04:32 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (11/15/2017 09:11:27 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (11/15/2017 09:11:23 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 3071.04 MB
Available physical RAM: 2203.43 MB
Total Virtual: 4959.2 MB
Available Virtual: 4356.73 MB
==================== Drives ================================
Drive c: (Boot Drive) (Fixed) (Total:298.09 GB) (Free:202.44 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:136.73 GB) NTFS
Drive z: (Data Drive) (Fixed) (Total:465.76 GB) (Free:364.61 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7975DF18)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F0128678)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0143820D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================