Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Slow plus Redirects [Solved]

Started by Jackpine , Dec 18 2015 08:04 PM

  • This topic is locked This topic is locked

#1
Jackpine
Posted 18 December 2015 - 08:04 PM

Jackpine

    Member

  • Member
  • PipPipPip
  • 490 posts

Hello there, my internet has slowed down when I want to browse to different sites, and I get various ad redirects.  Your assistance is greatly appreciated.  Logs are posted below.  Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-12-2015
Ran by Robert (administrator) on FIRSTBUILD (18-12-2015 20:52:06)
Running from C:\Documents and Settings\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & UpdatusUser & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960560 2009-01-21] (Acronis)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2008-02-09] (Autodesk, Inc.)
Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk [2015-12-18]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Script Injection Plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-299502267-789336058-725345543-1004 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1292380760937
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1420669599859
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} hxxp://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-18] ()
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll [2009-04-23] ( )
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [not signed]
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions\[email protected] [2015-08-16] [not signed]
FF Extension: Adblock Plus - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found

Chrome:
=======
CHR Profile: C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2008-12-23] (Macrovision Europe Ltd.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2234160 2014-11-12] (Raxco Software, Inc.)
R2 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2247472 2014-11-12] (Raxco Software, Inc.)
S4 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2014-04-22] (Paramount Software UK Ltd)
S4 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] () [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
S4 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [X]
S4 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S4 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] () [File not signed]
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] () [File not signed]
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-11-18] ()
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-02-12] (REALiX™)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-10-02] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
S3 KLIF; C:\WINDOWS\system32\drivers\klif.sys [700616 2014-11-18] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-18] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-08-22] (VSO Software) [File not signed]
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298752 2015-02-12] ()
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; no ImagePath
S3 GMSIPCI; no ImagePath
S4 IntelIde; no ImagePath
S0 kl1; system32\DRIVERS\kl1.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\mfe_rr.sys [X]
S3 NTACCESS; no ImagePath
U2 RemoteRegistry; no ImagePath
S3 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SpyEmrg; no ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-08] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 20:52 - 2015-12-18 20:52 - 00022735 _____ C:\Documents and Settings\Robert\Desktop\FRST.txt
2015-12-18 20:31 - 2015-12-18 20:52 - 00000000 ____D C:\FRST
2015-12-18 20:29 - 2015-12-18 20:29 - 01721344 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2015-12-17 17:25 - 2015-12-17 17:25 - 00090112 _____ C:\WINDOWS\Minidump\Mini121715-01.dmp
2015-12-15 22:34 - 2015-12-15 22:34 - 00091872 _____ C:\Documents and Settings\Robert\Desktop\19546502114-478683959-ticket.pdf
2015-12-15 22:19 - 2015-12-15 22:19 - 00000000 _____ C:\Documents and Settings\Robert\ntuser.tmp
2015-12-14 17:31 - 2015-12-14 17:31 - 00002172 _____ C:\Documents and Settings\Robert\Desktop\Fear for Sale - City of the Past Collectors Edition.lnk
2015-12-14 17:31 - 2015-12-14 17:31 - 00000000 ____D C:\Documents and Settings\Robert\Start Menu\Programs\Fear for Sale - City of the Past Collectors Edition
2015-12-14 16:54 - 2015-12-14 16:54 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2015-12-14 16:51 - 2015-12-14 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-12-13 21:42 - 2015-12-18 20:52 - 00000000 ____D C:\Documents and Settings\Robert\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-12-13 11:04 - 2015-12-13 11:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-12-04 19:47 - 2015-12-13 00:17 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\EleFun Games
2015-12-04 16:27 - 2015-12-04 16:27 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\Freeze Tag
2015-12-01 16:07 - 2015-12-01 16:07 - 00000000 ____D C:\Program Files\Iso Buster 3.5.5
2015-12-01 16:07 - 2015-12-01 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
2015-11-20 22:40 - 2015-11-20 22:40 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\PlataGames
2015-11-19 22:56 - 2015-11-19 22:56 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\The Dark Hills of Cherai2GUIDE
2015-11-19 22:56 - 2015-11-19 22:56 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\Chayowo Games
2015-11-19 17:11 - 2015-12-14 17:26 - 00000000 ____D C:\Program Files\Game
2015-11-18 19:51 - 2015-12-14 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-11-18 19:51 - 2015-11-23 13:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2015-11-18 19:51 - 2015-11-23 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 20:43 - 2006-06-03 17:32 - 00000000 ____D C:\Documents and Settings\Robert
2015-12-18 20:31 - 2006-06-03 12:41 - 00000000 ____D C:\WINDOWS
2015-12-18 20:30 - 2008-08-16 08:32 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\uTorrent
2015-12-18 20:24 - 2010-10-30 13:18 - 00002521 _____ C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2015-12-18 20:08 - 2014-03-28 21:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-18 20:07 - 2010-03-11 22:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-18 16:57 - 2012-08-13 15:23 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-18 16:57 - 2012-08-13 15:23 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-18 16:54 - 2014-03-12 22:32 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-12-18 16:54 - 2010-03-11 22:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-18 16:54 - 2006-06-03 17:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-18 16:54 - 2004-08-04 07:00 - 00012054 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-17 22:19 - 2006-06-03 17:32 - 00000278 ___SH C:\Documents and Settings\Robert\ntuser.ini
2015-12-17 22:19 - 2006-06-03 17:31 - 00032406 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-17 17:09 - 2014-03-14 15:16 - 00000470 _____ C:\DelFix.txt
2015-12-16 21:59 - 2010-10-30 13:30 - 00002515 _____ C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2015-12-15 23:29 - 2014-04-08 19:23 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-12-15 23:29 - 2011-03-26 10:30 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-12-15 23:29 - 2007-01-13 17:05 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-12-15 23:29 - 2006-12-11 17:02 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-12-15 05:51 - 2006-06-03 17:09 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-12-14 17:13 - 2013-08-07 14:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-14 17:00 - 2006-06-05 15:35 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-14 16:55 - 2015-01-16 17:03 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2015-12-14 16:55 - 2011-03-31 17:57 - 00000000 ____D C:\Documents and Settings\Administrator
2015-12-14 16:55 - 2006-09-03 14:13 - 00000000 ____D C:\Documents and Settings\Guest
2015-12-14 16:55 - 2006-06-03 17:31 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-12-14 16:55 - 2006-06-03 17:05 - 00000000 ____D C:\WINDOWS\Registration
2015-12-13 21:39 - 2004-08-04 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-13 21:26 - 2011-04-26 07:36 - 00000000 ____D C:\WINDOWS\ERDNT
2015-12-13 14:41 - 2014-02-11 16:16 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\MPC-HC
2015-12-08 19:53 - 2012-01-05 18:09 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\IObit
2015-12-08 19:46 - 2006-12-11 17:01 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2015-12-08 17:12 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents\My Pictures
2015-12-08 17:12 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents\My Music
2015-12-08 17:12 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents
2015-12-08 17:09 - 2009-04-28 22:29 - 00000000 ____D C:\WINDOWS\ie8updates
2015-12-04 09:36 - 2014-02-24 16:50 - 00000000 ____D C:\HP Scans
2015-12-04 08:07 - 2007-02-16 20:05 - 00000000 ____D C:\Documents and Settings\Robert\My Documents\Movie Collector
2015-11-30 21:42 - 2007-12-07 18:56 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2015-11-19 17:10 - 2015-11-06 20:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Big Fish
2015-11-19 17:10 - 2015-11-06 20:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache

==================== Files in the root of some directories =======

2014-04-02 21:28 - 2014-04-02 21:30 - 0009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2007-03-23 16:38 - 2007-07-21 12:39 - 0087608 _____ () C:\Documents and Settings\Robert\Application Data\ezpinst.exe
2008-08-30 11:14 - 2010-01-03 19:51 - 0000108 _____ () C:\Documents and Settings\Robert\Application Data\netstat.bat
2007-03-23 16:38 - 2011-04-10 14:47 - 0007887 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.cat
2007-03-23 16:38 - 2011-04-10 14:47 - 0001144 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.inf
2007-03-23 16:38 - 2011-04-10 14:48 - 0000033 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.log
2007-03-23 16:38 - 2011-04-10 14:47 - 0047360 _____ (VSO Software) C:\Documents and Settings\Robert\Application Data\pcouffin.sys
2008-07-05 10:41 - 2008-07-05 10:41 - 0002494 _____ () C:\Documents and Settings\Robert\Application Data\sldIMLog_20080-40000-1100_00002.txt
2010-10-24 16:36 - 2010-10-24 16:36 - 0000036 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
2009-09-24 17:41 - 2009-09-24 17:41 - 5257216 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
2007-08-25 13:19 - 2007-08-25 13:19 - 0002108 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
2007-01-25 22:46 - 2007-12-03 19:42 - 1462572 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
2007-11-25 22:46 - 2015-06-13 11:38 - 0000123 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2013-09-14 19:49 - 2013-09-14 19:49 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2008-03-02 15:30 - 2008-08-29 17:51 - 0110892 _____ () C:\Documents and Settings\All Users\Application Data\Svclog.log

Files to move or delete:
====================
C:\Documents and Settings\Robert\mylist.dat
C:\Documents and Settings\Robert\utorrent.exe


Some files in TEMP:
====================
C:\Documents and Settings\Robert\Local Settings\temp\0927BA7B.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-12-2015
Ran by Robert (2015-12-18 20:52:48)
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2015-01-06 17:20:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-789336058-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-789336058-725345543-1013 - Limited - Enabled)
Guest (S-1-5-21-299502267-789336058-725345543-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-299502267-789336058-725345543-1000 - Limited - Disabled)
Robert (S-1-5-21-299502267-789336058-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Robert
SUPPORT_388945a0 (S-1-5-21-299502267-789336058-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-299502267-789336058-725345543-1014 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Amnesia - The Dark Descent  (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.6.0.0 - SlySoft)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
Beyond Compare Version 2.4.3 (HKLM\...\BC2_is1) (Version:  - Scooter Software)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreFLAC Audio Decoder+Source Filter (remove only) (HKLM\...\CoreFLAC Audio Decoder+Source Filter) (Version:  - )
Corel Painter X (Version: 10.1 - Corel Corporation) Hidden
COSMOSMotion 2008 SP0 (HKLM\...\{8876F541-F374-4375-BF2A-8FD9FA8141C4}) (Version: 16.00.9035 - SolidWorks Corporation)
COSMOSWorks 2008 SP03 (HKLM\...\{0C631AC5-3AA0-418F-B132-29F8432F1C19}) (Version: 16.30.41 - SolidWorks Corporation)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dropbox (HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Rebuilder (HKLM\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.09 - jdobbs softworks and rockas association)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.2.0.2 (10/06/2015) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDInfoPro (HKLM\...\{32611C62-474D-47B1-B347-06453D430A28}) (Version: 4.36.0000 - Nic Wilson)
DWGeditor (HKLM\...\{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}) (Version: 16.00.9034 - SolidWorks)
Easy CD-DA Extractor 2011 (HKLM\...\Easy CD-DA Extractor 2011) (Version: 2011 - Poikosoft)
eDrawings 2008 (HKLM\...\{40345A8F-3B72-44DE-814F-72E8A52B1161}) (Version: 8.0.708 - SolidWorks)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
EVEREST Ultimate Edition v4.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
Fear for Sale - City of the Past Collectors Edition (HKLM\...\Fear for Sale - City of the Past Collectors EditionFinal) (Version: Final - Game-Owl.com)
GoldWave v5.13 (HKLM\...\GoldWave v5.13) (Version:  - )
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version:  - fCoder, Ltd.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
IsoBuster 3.6 (HKLM\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
K-Lite Mega Codec Pack 10.9.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
Macrium Reflect Professional Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Professional Edition (Version: 5.2.6526 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maple 12 (HKLM\...\Maple 12) (Version: 12.0.0.0 - Maplesoft)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.20.10.3 - Marvell)
MathType 5 (HKLM\...\DSMT5) (Version: 5.2 - Design Science, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up  (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version:  - )
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (HKLM\...\NOD32 v3.x FiX 1.1 by TemDono_is1) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OriginPro 7.5 (HKLM\...\{ECE12161-B445-48FA-9056-FD54D8A72459}) (Version:  - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.00.43 - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - )
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.0.02.02130 - Sony Corporation)
Portforward Static IP Address 1.0.47 (HKLM\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
ProShow Producer (HKLM\...\ProShow Producer) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
River Past Audio Converter Pro (HKLM\...\Audio Converter Pro) (Version: 7.7.1 - River Past)
SigmaPlot 10.0 (HKLM\...\{43224D30-5941-47A4-9AD7-9250EE794396}) (Version: 10.0.0 - Systat Software, Inc.)
SolidWorks 2008 SP03 (HKLM\...\{266EB766-9ABB-40D0-AB9F-41EE46D23876}) (Version: 16.1.0303 - SolidWorks)
SolidWorks Explorer 2008 sp0 (HKLM\...\{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}) (Version: 16.00.9034 - SolidWorks Corporation)
Spy Sweeper Updater 2.0.0 Alpha 4000 (HKLM\...\Spy Sweeper Updater 2.0.0 Alpha 4000) (Version: 2.0.0 Alpha 4000 - BigScott27)
Sudoku Works (HKLM\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.35 - Crystal Office Systems)
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE (HKLM\...\Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE1.1) (Version: 1.1 - Foxy Games)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version:  - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-09-2015 09:07:38 System Checkpoint
21-09-2015 17:16:59 System Checkpoint
22-09-2015 21:16:15 System Checkpoint
23-09-2015 16:53:43 JRT Pre-Junkware Removal
23-09-2015 16:56:42 JRT Pre-Junkware Removal
23-09-2015 17:09:39 JRT Pre-Junkware Removal
23-09-2015 17:13:11 JRT Pre-Junkware Removal
25-09-2015 18:36:47 System Checkpoint
26-09-2015 19:57:23 System Checkpoint
28-09-2015 20:25:33 System Checkpoint
30-09-2015 23:03:56 System Checkpoint
05-10-2015 19:02:54 System Checkpoint
06-10-2015 20:52:14 System Checkpoint
08-10-2015 17:29:26 System Checkpoint
09-10-2015 18:16:44 System Checkpoint
12-10-2015 21:10:20 System Checkpoint
13-10-2015 21:17:00 Software Distribution Service 3.0
15-10-2015 21:31:20 System Checkpoint
16-10-2015 21:44:27 System Checkpoint
17-10-2015 23:39:16 System Checkpoint
19-10-2015 19:19:29 System Checkpoint
20-10-2015 21:21:32 System Checkpoint
28-10-2015 18:41:43 System Checkpoint
29-10-2015 19:12:17 System Checkpoint
30-10-2015 19:49:53 System Checkpoint
01-11-2015 21:12:42 System Checkpoint
02-11-2015 23:34:11 System Checkpoint
05-11-2015 19:54:21 Installed AVG 2015
05-11-2015 19:54:47 Installed AVG 2015
05-11-2015 21:28:37 Removed AVG 2015
05-11-2015 21:30:05 Removed AVG 2015
05-11-2015 21:38:38 Restore Operation
07-11-2015 18:27:36 System Checkpoint
09-11-2015 17:20:05 System Checkpoint
10-11-2015 17:18:17 Software Distribution Service 3.0
13-11-2015 20:58:42 System Checkpoint
15-11-2015 00:47:01 System Checkpoint
16-11-2015 18:03:05 System Checkpoint
17-11-2015 18:30:13 System Checkpoint
18-11-2015 21:23:56 System Checkpoint
19-11-2015 21:41:20 System Checkpoint
19-11-2015 21:49:48 Installed Microsoft Fix it 50027
21-11-2015 10:41:37 System Checkpoint
22-11-2015 13:56:08 System Checkpoint
23-11-2015 14:17:28 System Checkpoint
24-11-2015 16:58:29 System Checkpoint
25-11-2015 17:22:01 System Checkpoint
26-11-2015 18:59:37 System Checkpoint
28-11-2015 13:46:01 System Checkpoint
29-11-2015 15:46:48 System Checkpoint
30-11-2015 18:11:05 System Checkpoint
01-12-2015 20:03:52 System Checkpoint
03-12-2015 21:46:14 System Checkpoint
06-12-2015 17:42:24 System Checkpoint
07-12-2015 17:59:14 System Checkpoint
08-12-2015 17:17:12 Software Distribution Service 3.0
08-12-2015 19:52:36 JRT Pre-Junkware Removal
12-12-2015 14:12:10 System Checkpoint
13-12-2015 15:19:19 System Checkpoint
13-12-2015 21:01:22 Restore Operation
13-12-2015 21:11:44 Software Distribution Service 3.0
14-12-2015 16:51:16 Restore Operation
14-12-2015 17:00:31 Software Distribution Service 3.0
15-12-2015 19:00:02 System Checkpoint
17-12-2015 17:06:13 Removed Google Earth.
18-12-2015 17:36:52 System Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2015-12-13 21:39 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-03-08 21:55 - 2010-03-08 21:55 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-06-14 13:25 - 2013-06-14 13:25 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7832 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4190 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4190 more sites.

IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-789336058-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Robert^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zSC2.tmp\SymNRT.exe] => Enabled:Norton Removal Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS2FC2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS333D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS352D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS0DA0\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS71B5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS5311\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1A7F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A19\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7CF2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1717\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS18B2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS47BD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS4802\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Faulty Device Manager Devices =============

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/18/2015 04:54:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (12/18/2015 04:54:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
kl1

Error: (12/18/2015 04:54:21 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (12/17/2015 05:26:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (12/17/2015 05:25:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
kl1

Error: (12/17/2015 05:25:43 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (12/17/2015 05:06:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/17/2015 05:06:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/17/2015 05:06:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/17/2015 05:06:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 3071.04 MB
Available physical RAM: 2138.17 MB
Total Virtual: 4959.01 MB
Available Virtual: 4319.34 MB

==================== Drives ================================

Drive c: (Boot Drive) (Fixed) (Total:298.09 GB) (Free:197.87 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:197.03 GB) NTFS
Drive z: (Data Drive) (Fixed) (Total:465.76 GB) (Free:258.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7975DF18)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F0128678)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0143820D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
Essexboy
Posted 28 December 2015 - 10:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay... What is your operative antivirus Kaspersky or ESET ?

Could I have a fresh FRST scan please also what browser is showing the redirects
  • 0

#3
Jackpine
Posted 28 December 2015 - 12:26 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Hi Essexboy, thank you for looking at my problem.  My antivirus is Malwarebytes.  I had Kaspersky and ESET a few years ago.  They don't show up in my Add/Remove Programs, so I don't understand why they appear in my previous FRST scan.  Hopefully, any remaining fragments can be removed?

 

My new FRST scans are provided below.  Firefox has the redirects.  Thanks again.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-12-2015
Ran by Robert (administrator) on FIRSTBUILD (28-12-2015 13:02:40)
Running from C:\Documents and Settings\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & UpdatusUser & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960560 2009-01-21] (Acronis)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2008-02-09] (Autodesk, Inc.)
Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk [2015-12-28]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Script Injection Plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-299502267-789336058-725345543-1004 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1292380760937
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1420669599859
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} hxxp://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-18] ()
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll [2009-04-23] ( )
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\Extensions\[email protected] [2015-08-16] [not signed]
FF Extension: Adblock Plus - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [not signed]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found

Chrome:
=======
CHR Profile: C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2008-12-23] (Macrovision Europe Ltd.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2234160 2014-11-12] (Raxco Software, Inc.)
R2 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2247472 2014-11-12] (Raxco Software, Inc.)
S4 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2014-04-22] (Paramount Software UK Ltd)
S4 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] () [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
S4 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [X]
S4 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S4 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] () [File not signed]
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] () [File not signed]
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-11-18] ()
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-02-12] (REALiX™)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-10-02] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
S3 KLIF; C:\WINDOWS\system32\drivers\klif.sys [700616 2014-11-18] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-28] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-08-22] (VSO Software) [File not signed]
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298752 2015-02-12] ()
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; no ImagePath
S3 GMSIPCI; no ImagePath
S4 IntelIde; no ImagePath
S0 kl1; system32\DRIVERS\kl1.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\mfe_rr.sys [X]
S3 NTACCESS; no ImagePath
U2 RemoteRegistry; no ImagePath
S3 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SpyEmrg; no ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-08] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 13:02 - 2015-12-28 13:03 - 00022936 _____ C:\Documents and Settings\Robert\Desktop\FRST.txt
2015-12-28 13:02 - 2015-12-28 13:02 - 00000000 ____D C:\Documents and Settings\Robert\Desktop\FRST-OlderVersion
2015-12-23 16:26 - 2015-12-23 16:26 - 00002236 _____ C:\Documents and Settings\Robert\Desktop\Haunted Legends 6 - The Dark Wishes Collector's Edition.lnk
2015-12-23 16:26 - 2015-12-23 16:26 - 00000000 ____D C:\Documents and Settings\Robert\Start Menu\Programs\Haunted Legends 6 - The Dark Wishes Collector's Edition
2015-12-23 14:47 - 2015-12-23 14:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-23 12:03 - 2015-12-23 12:03 - 00187633 _____ C:\Documents and Settings\Robert\My Documents\Scan0001.pdf
2015-12-22 17:55 - 2015-12-22 17:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-12-22 17:55 - 2012-10-17 13:31 - 02216336 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkins6412.exe
2015-12-22 17:55 - 2012-10-17 13:31 - 01979280 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrv_OJ4620.dll
2015-12-22 17:55 - 2012-10-17 13:31 - 00529808 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinksts6412.dll
2015-12-22 17:55 - 2012-10-17 13:31 - 00495504 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia1_OJ4620.dll
2015-12-22 17:55 - 2012-10-17 13:31 - 00268688 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinksts6412LM.dll
2015-12-22 17:55 - 2012-10-17 13:31 - 00220560 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoi6412.dll
2015-12-22 17:55 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM6412.dll
2015-12-18 20:31 - 2015-12-28 13:02 - 00000000 ____D C:\FRST
2015-12-18 20:29 - 2015-12-28 13:02 - 01721856 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2015-12-17 17:25 - 2015-12-17 17:25 - 00090112 _____ C:\WINDOWS\Minidump\Mini121715-01.dmp
2015-12-15 22:34 - 2015-12-15 22:34 - 00091872 _____ C:\Documents and Settings\Robert\Desktop\19546502114-478683959-ticket.pdf
2015-12-15 22:19 - 2015-12-15 22:19 - 00000000 _____ C:\Documents and Settings\Robert\ntuser.tmp
2015-12-14 16:54 - 2015-12-21 23:52 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2015-12-14 16:51 - 2015-12-14 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-12-13 21:42 - 2015-12-28 13:03 - 00000000 ____D C:\Documents and Settings\Robert\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-12-13 11:04 - 2015-12-13 11:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-12-04 19:47 - 2015-12-13 00:17 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\EleFun Games
2015-12-04 16:27 - 2015-12-04 16:27 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\Freeze Tag
2015-12-01 16:07 - 2015-12-01 16:07 - 00000000 ____D C:\Program Files\Iso Buster 3.5.5
2015-12-01 16:07 - 2015-12-01 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 12:49 - 2014-03-28 21:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-28 12:45 - 2008-08-16 08:32 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\uTorrent
2015-12-28 12:33 - 2010-10-30 13:18 - 00002521 _____ C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2015-12-28 12:07 - 2010-03-11 22:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 10:20 - 2004-08-04 07:00 - 00012054 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-28 10:19 - 2014-03-12 22:32 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-12-28 10:19 - 2010-03-11 22:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 10:19 - 2006-06-03 17:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-28 00:14 - 2006-06-03 17:32 - 00000278 ___SH C:\Documents and Settings\Robert\ntuser.ini
2015-12-28 00:14 - 2006-06-03 17:31 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-23 16:31 - 2015-02-15 09:47 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\ERS Game Studios
2015-12-23 16:03 - 2015-11-19 17:11 - 00000000 ____D C:\Program Files\Game
2015-12-23 14:47 - 2013-03-20 17:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-23 12:39 - 2006-06-03 17:32 - 00000000 ____D C:\Documents and Settings\Robert
2015-12-23 12:03 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents
2015-12-22 22:33 - 2010-10-30 13:30 - 00002515 _____ C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2015-12-22 22:32 - 2006-06-03 12:41 - 00000000 ____D C:\WINDOWS
2015-12-22 18:01 - 2015-03-14 09:35 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\HpUpdate
2015-12-22 17:55 - 2013-09-14 19:49 - 00000000 ____D C:\Program Files\HP
2015-12-22 17:55 - 2006-06-03 12:41 - 00000000 ___HD C:\WINDOWS\inf
2015-12-22 17:53 - 2013-09-14 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2015-12-21 19:58 - 2013-09-14 19:48 - 00000000 ____D C:\Documents and Settings\Robert\Local Settings\Application Data\HP
2015-12-21 10:59 - 2015-11-18 19:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-12-18 16:57 - 2012-08-13 15:23 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-18 16:57 - 2012-08-13 15:23 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-17 17:09 - 2014-03-14 15:16 - 00000470 _____ C:\DelFix.txt
2015-12-15 23:29 - 2014-04-08 19:23 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-12-15 23:29 - 2011-03-26 10:30 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-12-15 23:29 - 2007-01-13 17:05 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-12-15 23:29 - 2006-12-11 17:02 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-12-15 05:51 - 2006-06-03 17:09 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-12-14 17:13 - 2013-08-07 14:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-14 17:00 - 2006-06-05 15:35 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-14 16:55 - 2015-01-16 17:03 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2015-12-14 16:55 - 2011-03-31 17:57 - 00000000 ____D C:\Documents and Settings\Administrator
2015-12-14 16:55 - 2006-09-03 14:13 - 00000000 ____D C:\Documents and Settings\Guest
2015-12-14 16:55 - 2006-06-03 17:31 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-12-14 16:55 - 2006-06-03 17:05 - 00000000 ____D C:\WINDOWS\Registration
2015-12-13 21:39 - 2004-08-04 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-13 21:26 - 2011-04-26 07:36 - 00000000 ____D C:\WINDOWS\ERDNT
2015-12-13 14:41 - 2014-02-11 16:16 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\MPC-HC
2015-12-08 19:53 - 2012-01-05 18:09 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\IObit
2015-12-08 19:46 - 2006-12-11 17:01 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2015-12-08 17:12 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents\My Pictures
2015-12-08 17:12 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents\My Music
2015-12-08 17:09 - 2009-04-28 22:29 - 00000000 ____D C:\WINDOWS\ie8updates
2015-12-04 09:36 - 2014-02-24 16:50 - 00000000 ____D C:\HP Scans
2015-12-04 08:07 - 2007-02-16 20:05 - 00000000 ____D C:\Documents and Settings\Robert\My Documents\Movie Collector
2015-11-30 21:42 - 2007-12-07 18:56 - 00000069 _____ C:\WINDOWS\NeroDigital.ini

==================== Files in the root of some directories =======

2014-04-02 21:28 - 2014-04-02 21:30 - 0009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2007-03-23 16:38 - 2007-07-21 12:39 - 0087608 _____ () C:\Documents and Settings\Robert\Application Data\ezpinst.exe
2008-08-30 11:14 - 2010-01-03 19:51 - 0000108 _____ () C:\Documents and Settings\Robert\Application Data\netstat.bat
2007-03-23 16:38 - 2011-04-10 14:47 - 0007887 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.cat
2007-03-23 16:38 - 2011-04-10 14:47 - 0001144 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.inf
2007-03-23 16:38 - 2011-04-10 14:48 - 0000033 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.log
2007-03-23 16:38 - 2011-04-10 14:47 - 0047360 _____ (VSO Software) C:\Documents and Settings\Robert\Application Data\pcouffin.sys
2008-07-05 10:41 - 2008-07-05 10:41 - 0002494 _____ () C:\Documents and Settings\Robert\Application Data\sldIMLog_20080-40000-1100_00002.txt
2010-10-24 16:36 - 2010-10-24 16:36 - 0000036 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
2009-09-24 17:41 - 2009-09-24 17:41 - 5257216 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
2007-08-25 13:19 - 2007-08-25 13:19 - 0002108 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
2007-01-25 22:46 - 2007-12-03 19:42 - 1462572 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
2007-11-25 22:46 - 2015-06-13 11:38 - 0000123 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2013-09-14 19:49 - 2013-09-14 19:49 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2008-03-02 15:30 - 2008-08-29 17:51 - 0110892 _____ () C:\Documents and Settings\All Users\Application Data\Svclog.log

Files to move or delete:
====================
C:\Documents and Settings\Robert\mylist.dat
C:\Documents and Settings\Robert\utorrent.exe


Some files in TEMP:
====================
C:\Documents and Settings\Robert\Local Settings\temp\0927BA7B.dll
C:\Documents and Settings\Robert\Local Settings\temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-12-2015
Ran by Robert (2015-12-28 13:03:32)
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2015-01-06 17:20:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-789336058-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-789336058-725345543-1013 - Limited - Enabled)
Guest (S-1-5-21-299502267-789336058-725345543-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-299502267-789336058-725345543-1000 - Limited - Disabled)
Robert (S-1-5-21-299502267-789336058-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Robert
SUPPORT_388945a0 (S-1-5-21-299502267-789336058-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-299502267-789336058-725345543-1014 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Amnesia - The Dark Descent  (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.6.0.0 - SlySoft)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
Beyond Compare Version 2.4.3 (HKLM\...\BC2_is1) (Version:  - Scooter Software)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreFLAC Audio Decoder+Source Filter (remove only) (HKLM\...\CoreFLAC Audio Decoder+Source Filter) (Version:  - )
Corel Painter X (Version: 10.1 - Corel Corporation) Hidden
COSMOSMotion 2008 SP0 (HKLM\...\{8876F541-F374-4375-BF2A-8FD9FA8141C4}) (Version: 16.00.9035 - SolidWorks Corporation)
COSMOSWorks 2008 SP03 (HKLM\...\{0C631AC5-3AA0-418F-B132-29F8432F1C19}) (Version: 16.30.41 - SolidWorks Corporation)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dropbox (HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Rebuilder (HKLM\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.09 - jdobbs softworks and rockas association)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.2.0.2 (10/06/2015) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDInfoPro (HKLM\...\{32611C62-474D-47B1-B347-06453D430A28}) (Version: 4.36.0000 - Nic Wilson)
DWGeditor (HKLM\...\{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}) (Version: 16.00.9034 - SolidWorks)
Easy CD-DA Extractor 2011 (HKLM\...\Easy CD-DA Extractor 2011) (Version: 2011 - Poikosoft)
eDrawings 2008 (HKLM\...\{40345A8F-3B72-44DE-814F-72E8A52B1161}) (Version: 8.0.708 - SolidWorks)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
EVEREST Ultimate Edition v4.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
GoldWave v5.13 (HKLM\...\GoldWave v5.13) (Version:  - )
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Haunted Legends 6 - The Dark Wishes Collector's Edition (HKLM\...\Haunted Legends 6 - The Dark Wishes Collector's EditionFinal) (Version: Final - Game Owl)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version:  - fCoder, Ltd.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
IsoBuster 3.6 (HKLM\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
K-Lite Mega Codec Pack 10.9.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
Macrium Reflect Professional Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Professional Edition (Version: 5.2.6526 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maple 12 (HKLM\...\Maple 12) (Version: 12.0.0.0 - Maplesoft)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.20.10.3 - Marvell)
MathType 5 (HKLM\...\DSMT5) (Version: 5.2 - Design Science, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up  (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version:  - )
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (HKLM\...\NOD32 v3.x FiX 1.1 by TemDono_is1) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OJ4620FWUpdateAlert (Version: 1.00.0000 - HP) Hidden
OriginPro 7.5 (HKLM\...\{ECE12161-B445-48FA-9056-FD54D8A72459}) (Version:  - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.00.43 - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - )
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.0.02.02130 - Sony Corporation)
Portforward Static IP Address 1.0.47 (HKLM\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
ProShow Producer (HKLM\...\ProShow Producer) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
River Past Audio Converter Pro (HKLM\...\Audio Converter Pro) (Version: 7.7.1 - River Past)
SigmaPlot 10.0 (HKLM\...\{43224D30-5941-47A4-9AD7-9250EE794396}) (Version: 10.0.0 - Systat Software, Inc.)
SolidWorks 2008 SP03 (HKLM\...\{266EB766-9ABB-40D0-AB9F-41EE46D23876}) (Version: 16.1.0303 - SolidWorks)
SolidWorks Explorer 2008 sp0 (HKLM\...\{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}) (Version: 16.00.9034 - SolidWorks Corporation)
Spy Sweeper Updater 2.0.0 Alpha 4000 (HKLM\...\Spy Sweeper Updater 2.0.0 Alpha 4000) (Version: 2.0.0 Alpha 4000 - BigScott27)
Sudoku Works (HKLM\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.35 - Crystal Office Systems)
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE (HKLM\...\Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE1.1) (Version: 1.1 - Foxy Games)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version:  - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-03-08 21:55 - 2010-03-08 21:55 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-06-14 13:25 - 2013-06-14 13:25 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7832 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4190 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4190 more sites.

IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123simsen.com -> www.123simsen.com

There are 7794 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2015-12-13 21:39 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-789336058-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Robert^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zSC2.tmp\SymNRT.exe] => Enabled:Norton Removal Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS2FC2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS333D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS352D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS0DA0\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS71B5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS5311\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1A7F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A19\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7CF2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1717\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS18B2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS47BD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS4802\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS6464\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS67D6\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS05C3\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\temp\7zS2B9F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series FaxApplications
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series DigitalWizards
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series SendFaxAppExe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

23-09-2015 16:53:43 JRT Pre-Junkware Removal
23-09-2015 16:56:42 JRT Pre-Junkware Removal
23-09-2015 17:09:39 JRT Pre-Junkware Removal
23-09-2015 17:13:11 JRT Pre-Junkware Removal
25-09-2015 18:36:47 System Checkpoint
26-09-2015 19:57:23 System Checkpoint
28-09-2015 20:25:33 System Checkpoint
30-09-2015 23:03:56 System Checkpoint
05-10-2015 19:02:54 System Checkpoint
06-10-2015 20:52:14 System Checkpoint
08-10-2015 17:29:26 System Checkpoint
09-10-2015 18:16:44 System Checkpoint
12-10-2015 21:10:20 System Checkpoint
13-10-2015 21:17:00 Software Distribution Service 3.0
15-10-2015 21:31:20 System Checkpoint
16-10-2015 21:44:27 System Checkpoint
17-10-2015 23:39:16 System Checkpoint
19-10-2015 19:19:29 System Checkpoint
20-10-2015 21:21:32 System Checkpoint
28-10-2015 18:41:43 System Checkpoint
29-10-2015 19:12:17 System Checkpoint
30-10-2015 19:49:53 System Checkpoint
01-11-2015 21:12:42 System Checkpoint
02-11-2015 23:34:11 System Checkpoint
05-11-2015 19:54:21 Installed AVG 2015
05-11-2015 19:54:47 Installed AVG 2015
05-11-2015 21:28:37 Removed AVG 2015
05-11-2015 21:30:05 Removed AVG 2015
05-11-2015 21:38:38 Restore Operation
07-11-2015 18:27:36 System Checkpoint
09-11-2015 17:20:05 System Checkpoint
10-11-2015 17:18:17 Software Distribution Service 3.0
13-11-2015 20:58:42 System Checkpoint
15-11-2015 00:47:01 System Checkpoint
16-11-2015 18:03:05 System Checkpoint
17-11-2015 18:30:13 System Checkpoint
18-11-2015 21:23:56 System Checkpoint
19-11-2015 21:41:20 System Checkpoint
19-11-2015 21:49:48 Installed Microsoft Fix it 50027
21-11-2015 10:41:37 System Checkpoint
22-11-2015 13:56:08 System Checkpoint
23-11-2015 14:17:28 System Checkpoint
24-11-2015 16:58:29 System Checkpoint
25-11-2015 17:22:01 System Checkpoint
26-11-2015 18:59:37 System Checkpoint
28-11-2015 13:46:01 System Checkpoint
29-11-2015 15:46:48 System Checkpoint
30-11-2015 18:11:05 System Checkpoint
01-12-2015 20:03:52 System Checkpoint
03-12-2015 21:46:14 System Checkpoint
06-12-2015 17:42:24 System Checkpoint
07-12-2015 17:59:14 System Checkpoint
08-12-2015 17:17:12 Software Distribution Service 3.0
08-12-2015 19:52:36 JRT Pre-Junkware Removal
12-12-2015 14:12:10 System Checkpoint
13-12-2015 15:19:19 System Checkpoint
13-12-2015 21:01:22 Restore Operation
13-12-2015 21:11:44 Software Distribution Service 3.0
14-12-2015 16:51:16 Restore Operation
14-12-2015 17:00:31 Software Distribution Service 3.0
15-12-2015 19:00:02 System Checkpoint
17-12-2015 17:06:13 Removed Google Earth.
18-12-2015 17:36:52 System Checkpoint
19-12-2015 17:52:52 System Checkpoint
20-12-2015 21:54:18 System Checkpoint
21-12-2015 22:04:09 System Checkpoint
22-12-2015 11:42:08 Removed HP Officejet 4620 series Basic Device Software
22-12-2015 17:03:45 Removed HP Officejet 4620 series Basic Device Software
22-12-2015 17:05:37 Removed HP Officejet 4620 series Help
22-12-2015 17:06:19 Removed HP Update.
22-12-2015 17:06:50 Removed HP FWUpdateEDO2

==================== Faulty Device Manager Devices =============

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2015 05:04:34 PM) (Source: MsiInstaller) (EventID: 10005) (User: FIRSTBUILD)
Description: Product: HP Officejet 4620 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Officejet 4620 series' device to complete the uninstallation.

Error: (12/22/2015 11:42:29 AM) (Source: MsiInstaller) (EventID: 10005) (User: FIRSTBUILD)
Description: Product: HP Officejet 4620 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Officejet 4620 series' device to complete the uninstallation.


System errors:
=============
Error: (12/28/2015 10:20:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (12/28/2015 10:20:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
kl1

Error: (12/28/2015 10:20:02 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (12/27/2015 11:25:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (12/27/2015 11:24:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
kl1

Error: (12/27/2015 11:24:30 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (12/24/2015 10:59:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (12/24/2015 10:59:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
kl1

Error: (12/24/2015 10:59:09 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (12/24/2015 02:23:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 3071.04 MB
Available physical RAM: 2150.76 MB
Total Virtual: 4959.01 MB
Available Virtual: 4338.08 MB

==================== Drives ================================

Drive c: (Boot Drive) (Fixed) (Total:298.09 GB) (Free:196.57 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:145.84 GB) NTFS
Drive z: (Data Drive) (Fixed) (Total:465.76 GB) (Free:310.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7975DF18)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F0128678)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0143820D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
Essexboy
Posted 28 December 2015 - 01:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know how the speed is and whether the redirects still appear after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Script Injection Plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
S4 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [X]
S4 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S4 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-10-02] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
S3 KLIF; C:\WINDOWS\system32\drivers\klif.sys [700616 2014-11-18] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
S0 kl1; system32\DRIVERS\kl1.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\mfe_rr.sys [X]
S3 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
S1 SpyEmrg; no ImagePath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> no filepath
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
C:\Documents and Settings\Robert\utorrent.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
Jackpine
Posted 28 December 2015 - 01:52 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Speed is back to normal, and no more redirects!  Thank you very much. :laughing:

 

By the way, what were the services that were stopped and removed?  Was that the cause of the problems?

 

Logs posted below.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:28-12-2015
Ran by Robert (2015-12-28 14:26:09) Run:1
Running from C:\Documents and Settings\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & UpdatusUser & Administrator & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Script Injection Plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
S4 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [X]
S4 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S4 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-10-02] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
S3 KLIF; C:\WINDOWS\system32\drivers\klif.sys [700616 2014-11-18] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
S0 kl1; system32\DRIVERS\kl1.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\mfe_rr.sys [X]
S3 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
S1 SpyEmrg; no ImagePath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> no filepath
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
C:\Documents and Settings\Robert\utorrent.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358}" => key removed successfully.
"HKCR\CLSID\{03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully.
"HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5D5BB14-C8E2-478D-9C97-574AC10AF9E8}" => key removed successfully.
"HKCR\CLSID\{B5D5BB14-C8E2-478D-9C97-574AC10AF9E8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}" => key removed successfully.
"HKCR\CLSID\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3D96E85-529D-4269-AC6A-97CF9E2221E3}" => key removed successfully.
"HKCR\CLSID\{E3D96E85-529D-4269-AC6A-97CF9E2221E3}" => key removed successfully.
"HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC" => key removed successfully.
"HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB" => key removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully.
wwEngineSvc => service removed successfully.
EhttpSrv => service removed successfully.
ekrn => service removed successfully.
NOD32FiXTemDono => service removed successfully.
cm_km_w => Service stopped successfully.
cm_km_w => service removed successfully.
kldisk => Service stopped successfully.
kldisk => service removed successfully.
klflt => Unable to stop service.
klflt => service removed successfully.
klhk => Unable to stop service.
klhk => service removed successfully.
KLIF => service removed successfully.
klim5 => Unable to stop service.
klim5 => service removed successfully.
klkbdflt => service removed successfully.
klmouflt => service removed successfully.
klpd => Unable to stop service.
klpd => service removed successfully.
kltdf => Unable to stop service.
kltdf => service removed successfully.
kltdi => Unable to stop service.
kltdi => service removed successfully.
kneps => Service stopped successfully.
kneps => service removed successfully.
Ad-Watch Connect Filter => service removed successfully.
kl1 => service removed successfully.
MFE_RR => service removed successfully.
SBRE => service removed successfully.
SpyEmrg => service removed successfully.
"HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}" => key removed successfully.
"HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}" => key removed successfully.
"HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}" => key removed successfully.
"HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vsmon" => key removed successfully.
C:\Documents and Settings\Robert\utorrent.exe => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========


The operation completed successfully


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========


The operation completed successfully


========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========

The following command was not found: advfirewall reset.

========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

The following command was not found: advfirewall set allprofiles state ON.

========= End of CMD: =========


=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========



========= End of CMD: =========


=========  ipconfig /release =========



Windows IP Configuration





Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :


========= End of CMD: =========


=========  ipconfig /renew =========



Windows IP Configuration





Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : home

        IP Address. . . . . . . . . . . . : 192.168.2.19

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.2.1


========= End of CMD: =========


=========  netsh int ipv4 reset =========

The following command was not found: int ipv4 reset.

========= End of CMD: =========


=========  netsh int ipv6 reset =========

IPv6 is not installed.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => 918.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:27:49 ====

 

 

# AdwCleaner v5.026 - Logfile created 28/12/2015 at 14:37:42
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Robert - FIRSTBUILD
# Running from : C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [693 bytes] ##########
 


  • 0

#6
Essexboy
Posted 28 December 2015 - 02:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The services were related to Kaspersky, ESET, Sunbelt, Ad-aware, McAfee all were basic low level drivers/services so they take up resources that then reduce anything else that you try to run http://www.bleepingc...virus-programs/

Any further problems before I tidy up ?
  • 0

#7
Jackpine
Posted 28 December 2015 - 02:31 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Everything is running very well. Thank you again!


  • 0

#8
Essexboy
Posted 28 December 2015 - 03:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Essexboy
Posted 29 December 2015 - 08:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP