Hello there, my internet has slowed down when I want to browse to different sites, and I get various ad redirects. Your assistance is greatly appreciated. Logs are posted below. Thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-12-2015
Ran by Robert (administrator) on FIRSTBUILD (18-12-2015 20:52:06)
Running from C:\Documents and Settings\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert & UpdatusUser & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960560 2009-01-21] (Acronis)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2008-02-09] (Autodesk, Inc.)
Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk [2015-12-18]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: PDBoot.exeautocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Script Injection Plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\IEExt\ie_plugin.dll => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-299502267-789336058-725345543-1004 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1292380760937
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1420669599859
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} hxxp://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-18] ()
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll [2009-04-23] ( )
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [not signed]
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions\[email protected] [2015-08-16] [not signed]
FF Extension: Adblock Plus - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Technical Preview 15.0.2\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
Chrome:
=======
CHR Profile: C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2008-12-23] (Macrovision Europe Ltd.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2234160 2014-11-12] (Raxco Software, Inc.)
R2 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2247472 2014-11-12] (Raxco Software, Inc.)
S4 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2014-04-22] (Paramount Software UK Ltd)
S4 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] () [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
S4 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [X]
S4 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S4 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [136488 2015-04-28] (SlySoft, Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] () [File not signed]
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] () [File not signed]
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-11-18] ()
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-02-12] (REALiX)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-10-02] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
S3 KLIF; C:\WINDOWS\system32\drivers\klif.sys [700616 2014-11-18] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-18] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-08-22] (VSO Software) [File not signed]
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298752 2015-02-12] ()
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; no ImagePath
S3 GMSIPCI; no ImagePath
S4 IntelIde; no ImagePath
S0 kl1; system32\DRIVERS\kl1.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\mfe_rr.sys [X]
S3 NTACCESS; no ImagePath
U2 RemoteRegistry; no ImagePath
S3 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SpyEmrg; no ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-08] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-18 20:52 - 2015-12-18 20:52 - 00022735 _____ C:\Documents and Settings\Robert\Desktop\FRST.txt
2015-12-18 20:31 - 2015-12-18 20:52 - 00000000 ____D C:\FRST
2015-12-18 20:29 - 2015-12-18 20:29 - 01721344 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2015-12-17 17:25 - 2015-12-17 17:25 - 00090112 _____ C:\WINDOWS\Minidump\Mini121715-01.dmp
2015-12-15 22:34 - 2015-12-15 22:34 - 00091872 _____ C:\Documents and Settings\Robert\Desktop\19546502114-478683959-ticket.pdf
2015-12-15 22:19 - 2015-12-15 22:19 - 00000000 _____ C:\Documents and Settings\Robert\ntuser.tmp
2015-12-14 17:31 - 2015-12-14 17:31 - 00002172 _____ C:\Documents and Settings\Robert\Desktop\Fear for Sale - City of the Past Collectors Edition.lnk
2015-12-14 17:31 - 2015-12-14 17:31 - 00000000 ____D C:\Documents and Settings\Robert\Start Menu\Programs\Fear for Sale - City of the Past Collectors Edition
2015-12-14 16:54 - 2015-12-14 16:54 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2015-12-14 16:51 - 2015-12-14 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-12-13 21:42 - 2015-12-18 20:52 - 00000000 ____D C:\Documents and Settings\Robert\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2015-12-13 21:42 - 2015-12-13 21:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-12-13 11:04 - 2015-12-13 11:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-12-04 19:47 - 2015-12-13 00:17 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\EleFun Games
2015-12-04 16:27 - 2015-12-04 16:27 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\Freeze Tag
2015-12-01 16:07 - 2015-12-01 16:07 - 00000000 ____D C:\Program Files\Iso Buster 3.5.5
2015-12-01 16:07 - 2015-12-01 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
2015-11-20 22:40 - 2015-11-20 22:40 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\PlataGames
2015-11-19 22:56 - 2015-11-19 22:56 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\The Dark Hills of Cherai2GUIDE
2015-11-19 22:56 - 2015-11-19 22:56 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\Chayowo Games
2015-11-19 17:11 - 2015-12-14 17:26 - 00000000 ____D C:\Program Files\Game
2015-11-18 19:51 - 2015-12-14 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-11-18 19:51 - 2015-11-23 13:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2015-11-18 19:51 - 2015-11-23 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-18 20:43 - 2006-06-03 17:32 - 00000000 ____D C:\Documents and Settings\Robert
2015-12-18 20:31 - 2006-06-03 12:41 - 00000000 ____D C:\WINDOWS
2015-12-18 20:30 - 2008-08-16 08:32 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\uTorrent
2015-12-18 20:24 - 2010-10-30 13:18 - 00002521 _____ C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2015-12-18 20:08 - 2014-03-28 21:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-18 20:07 - 2010-03-11 22:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-18 16:57 - 2012-08-13 15:23 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-18 16:57 - 2012-08-13 15:23 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-18 16:54 - 2014-03-12 22:32 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-12-18 16:54 - 2010-03-11 22:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-18 16:54 - 2006-06-03 17:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-18 16:54 - 2004-08-04 07:00 - 00012054 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-17 22:19 - 2006-06-03 17:32 - 00000278 ___SH C:\Documents and Settings\Robert\ntuser.ini
2015-12-17 22:19 - 2006-06-03 17:31 - 00032406 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-17 17:09 - 2014-03-14 15:16 - 00000470 _____ C:\DelFix.txt
2015-12-16 21:59 - 2010-10-30 13:30 - 00002515 _____ C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2015-12-15 23:29 - 2014-04-08 19:23 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-12-15 23:29 - 2011-03-26 10:30 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-12-15 23:29 - 2007-01-13 17:05 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-12-15 23:29 - 2006-12-11 17:02 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-12-15 05:51 - 2006-06-03 17:09 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-12-14 17:13 - 2013-08-07 14:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-14 17:00 - 2006-06-05 15:35 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-14 16:55 - 2015-01-16 17:03 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2015-12-14 16:55 - 2011-03-31 17:57 - 00000000 ____D C:\Documents and Settings\Administrator
2015-12-14 16:55 - 2006-09-03 14:13 - 00000000 ____D C:\Documents and Settings\Guest
2015-12-14 16:55 - 2006-06-03 17:31 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-12-14 16:55 - 2006-06-03 17:05 - 00000000 ____D C:\WINDOWS\Registration
2015-12-13 21:39 - 2004-08-04 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-13 21:26 - 2011-04-26 07:36 - 00000000 ____D C:\WINDOWS\ERDNT
2015-12-13 14:41 - 2014-02-11 16:16 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\MPC-HC
2015-12-08 19:53 - 2012-01-05 18:09 - 00000000 ____D C:\Documents and Settings\Robert\Application Data\IObit
2015-12-08 19:46 - 2006-12-11 17:01 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2015-12-08 17:12 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents\My Pictures
2015-12-08 17:12 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents\My Music
2015-12-08 17:12 - 2006-06-03 17:32 - 00000000 ___RD C:\Documents and Settings\Robert\My Documents
2015-12-08 17:09 - 2009-04-28 22:29 - 00000000 ____D C:\WINDOWS\ie8updates
2015-12-04 09:36 - 2014-02-24 16:50 - 00000000 ____D C:\HP Scans
2015-12-04 08:07 - 2007-02-16 20:05 - 00000000 ____D C:\Documents and Settings\Robert\My Documents\Movie Collector
2015-11-30 21:42 - 2007-12-07 18:56 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2015-11-19 17:10 - 2015-11-06 20:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Big Fish
2015-11-19 17:10 - 2015-11-06 20:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache
==================== Files in the root of some directories =======
2014-04-02 21:28 - 2014-04-02 21:30 - 0009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2007-03-23 16:38 - 2007-07-21 12:39 - 0087608 _____ () C:\Documents and Settings\Robert\Application Data\ezpinst.exe
2008-08-30 11:14 - 2010-01-03 19:51 - 0000108 _____ () C:\Documents and Settings\Robert\Application Data\netstat.bat
2007-03-23 16:38 - 2011-04-10 14:47 - 0007887 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.cat
2007-03-23 16:38 - 2011-04-10 14:47 - 0001144 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.inf
2007-03-23 16:38 - 2011-04-10 14:48 - 0000033 _____ () C:\Documents and Settings\Robert\Application Data\pcouffin.log
2007-03-23 16:38 - 2011-04-10 14:47 - 0047360 _____ (VSO Software) C:\Documents and Settings\Robert\Application Data\pcouffin.sys
2008-07-05 10:41 - 2008-07-05 10:41 - 0002494 _____ () C:\Documents and Settings\Robert\Application Data\sldIMLog_20080-40000-1100_00002.txt
2010-10-24 16:36 - 2010-10-24 16:36 - 0000036 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
2009-09-24 17:41 - 2009-09-24 17:41 - 5257216 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
2007-08-25 13:19 - 2007-08-25 13:19 - 0002108 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
2007-01-25 22:46 - 2007-12-03 19:42 - 1462572 _____ () C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
2007-11-25 22:46 - 2015-06-13 11:38 - 0000123 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2013-09-14 19:49 - 2013-09-14 19:49 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2008-03-02 15:30 - 2008-08-29 17:51 - 0110892 _____ () C:\Documents and Settings\All Users\Application Data\Svclog.log
Files to move or delete:
====================
C:\Documents and Settings\Robert\mylist.dat
C:\Documents and Settings\Robert\utorrent.exe
Some files in TEMP:
====================
C:\Documents and Settings\Robert\Local Settings\temp\0927BA7B.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-12-2015
Ran by Robert (2015-12-18 20:52:48)
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2015-01-06 17:20:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-299502267-789336058-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-789336058-725345543-1013 - Limited - Enabled)
Guest (S-1-5-21-299502267-789336058-725345543-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-299502267-789336058-725345543-1000 - Limited - Disabled)
Robert (S-1-5-21-299502267-789336058-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Robert
SUPPORT_388945a0 (S-1-5-21-299502267-789336058-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-299502267-789336058-725345543-1014 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Amnesia - The Dark Descent (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.6.0.0 - SlySoft)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version: - )
Beyond Compare Version 2.4.3 (HKLM\...\BC2_is1) (Version: - Scooter Software)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: - Elaborate Bytes)
Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreFLAC Audio Decoder+Source Filter (remove only) (HKLM\...\CoreFLAC Audio Decoder+Source Filter) (Version: - )
Corel Painter X (Version: 10.1 - Corel Corporation) Hidden
COSMOSMotion 2008 SP0 (HKLM\...\{8876F541-F374-4375-BF2A-8FD9FA8141C4}) (Version: 16.00.9035 - SolidWorks Corporation)
COSMOSWorks 2008 SP03 (HKLM\...\{0C631AC5-3AA0-418F-B132-29F8432F1C19}) (Version: 16.30.41 - SolidWorks Corporation)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dropbox (HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
DVD Rebuilder (HKLM\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.09 - jdobbs softworks and rockas association)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
DVDFab 9.2.0.2 (10/06/2015) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
DVDInfoPro (HKLM\...\{32611C62-474D-47B1-B347-06453D430A28}) (Version: 4.36.0000 - Nic Wilson)
DWGeditor (HKLM\...\{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}) (Version: 16.00.9034 - SolidWorks)
Easy CD-DA Extractor 2011 (HKLM\...\Easy CD-DA Extractor 2011) (Version: 2011 - Poikosoft)
eDrawings 2008 (HKLM\...\{40345A8F-3B72-44DE-814F-72E8A52B1161}) (Version: 8.0.708 - SolidWorks)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
EVEREST Ultimate Edition v4.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
Fear for Sale - City of the Past Collectors Edition (HKLM\...\Fear for Sale - City of the Past Collectors EditionFinal) (Version: Final - Game-Owl.com)
GoldWave v5.13 (HKLM\...\GoldWave v5.13) (Version: - )
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version: - fCoder, Ltd.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
IsoBuster 3.6 (HKLM\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
K-Lite Mega Codec Pack 10.9.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version: - Rene-Gilles Deberdt)
Macrium Reflect Professional Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Professional Edition (Version: 5.2.6526 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maple 12 (HKLM\...\Maple 12) (Version: 12.0.0.0 - Maplesoft)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.20.10.3 - Marvell)
MathType 5 (HKLM\...\DSMT5) (Version: 5.2 - Design Science, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version: - Collectorz.com)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version: - Virtuoza)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version: - )
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (HKLM\...\NOD32 v3.x FiX 1.1 by TemDono_is1) (Version: - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OriginPro 7.5 (HKLM\...\{ECE12161-B445-48FA-9056-FD54D8A72459}) (Version: - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.00.43 - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version: - )
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.0.02.02130 - Sony Corporation)
Portforward Static IP Address 1.0.47 (HKLM\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
ProShow Producer (HKLM\...\ProShow Producer) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
River Past Audio Converter Pro (HKLM\...\Audio Converter Pro) (Version: 7.7.1 - River Past)
SigmaPlot 10.0 (HKLM\...\{43224D30-5941-47A4-9AD7-9250EE794396}) (Version: 10.0.0 - Systat Software, Inc.)
SolidWorks 2008 SP03 (HKLM\...\{266EB766-9ABB-40D0-AB9F-41EE46D23876}) (Version: 16.1.0303 - SolidWorks)
SolidWorks Explorer 2008 sp0 (HKLM\...\{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}) (Version: 16.00.9034 - SolidWorks Corporation)
Spy Sweeper Updater 2.0.0 Alpha 4000 (HKLM\...\Spy Sweeper Updater 2.0.0 Alpha 4000) (Version: 2.0.0 Alpha 4000 - BigScott27)
Sudoku Works (HKLM\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.35 - Crystal Office Systems)
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE (HKLM\...\Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE1.1) (Version: 1.1 - Foxy Games)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version: - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-299502267-789336058-725345543-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Robert\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
20-09-2015 09:07:38 System Checkpoint
21-09-2015 17:16:59 System Checkpoint
22-09-2015 21:16:15 System Checkpoint
23-09-2015 16:53:43 JRT Pre-Junkware Removal
23-09-2015 16:56:42 JRT Pre-Junkware Removal
23-09-2015 17:09:39 JRT Pre-Junkware Removal
23-09-2015 17:13:11 JRT Pre-Junkware Removal
25-09-2015 18:36:47 System Checkpoint
26-09-2015 19:57:23 System Checkpoint
28-09-2015 20:25:33 System Checkpoint
30-09-2015 23:03:56 System Checkpoint
05-10-2015 19:02:54 System Checkpoint
06-10-2015 20:52:14 System Checkpoint
08-10-2015 17:29:26 System Checkpoint
09-10-2015 18:16:44 System Checkpoint
12-10-2015 21:10:20 System Checkpoint
13-10-2015 21:17:00 Software Distribution Service 3.0
15-10-2015 21:31:20 System Checkpoint
16-10-2015 21:44:27 System Checkpoint
17-10-2015 23:39:16 System Checkpoint
19-10-2015 19:19:29 System Checkpoint
20-10-2015 21:21:32 System Checkpoint
28-10-2015 18:41:43 System Checkpoint
29-10-2015 19:12:17 System Checkpoint
30-10-2015 19:49:53 System Checkpoint
01-11-2015 21:12:42 System Checkpoint
02-11-2015 23:34:11 System Checkpoint
05-11-2015 19:54:21 Installed AVG 2015
05-11-2015 19:54:47 Installed AVG 2015
05-11-2015 21:28:37 Removed AVG 2015
05-11-2015 21:30:05 Removed AVG 2015
05-11-2015 21:38:38 Restore Operation
07-11-2015 18:27:36 System Checkpoint
09-11-2015 17:20:05 System Checkpoint
10-11-2015 17:18:17 Software Distribution Service 3.0
13-11-2015 20:58:42 System Checkpoint
15-11-2015 00:47:01 System Checkpoint
16-11-2015 18:03:05 System Checkpoint
17-11-2015 18:30:13 System Checkpoint
18-11-2015 21:23:56 System Checkpoint
19-11-2015 21:41:20 System Checkpoint
19-11-2015 21:49:48 Installed Microsoft Fix it 50027
21-11-2015 10:41:37 System Checkpoint
22-11-2015 13:56:08 System Checkpoint
23-11-2015 14:17:28 System Checkpoint
24-11-2015 16:58:29 System Checkpoint
25-11-2015 17:22:01 System Checkpoint
26-11-2015 18:59:37 System Checkpoint
28-11-2015 13:46:01 System Checkpoint
29-11-2015 15:46:48 System Checkpoint
30-11-2015 18:11:05 System Checkpoint
01-12-2015 20:03:52 System Checkpoint
03-12-2015 21:46:14 System Checkpoint
06-12-2015 17:42:24 System Checkpoint
07-12-2015 17:59:14 System Checkpoint
08-12-2015 17:17:12 Software Distribution Service 3.0
08-12-2015 19:52:36 JRT Pre-Junkware Removal
12-12-2015 14:12:10 System Checkpoint
13-12-2015 15:19:19 System Checkpoint
13-12-2015 21:01:22 Restore Operation
13-12-2015 21:11:44 Software Distribution Service 3.0
14-12-2015 16:51:16 Restore Operation
14-12-2015 17:00:31 Software Distribution Service 3.0
15-12-2015 19:00:02 System Checkpoint
17-12-2015 17:06:13 Removed Google Earth.
18-12-2015 17:36:52 System Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 07:00 - 2015-12-13 21:39 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-03-08 21:55 - 2010-03-08 21:55 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-06-14 13:25 - 2013-06-14 13:25 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Classes\exefile: "%1" %* <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7832 more sites.
IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
There are 4190 more sites.
IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
There are 4190 more sites.
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-299502267-789336058-725345543-1004\...\123simsen.com -> www.123simsen.com
There are 7794 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-299502267-789336058-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^Robert^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zSC2.tmp\SymNRT.exe] => Enabled:Norton Removal Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS2FC2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS333D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS352D\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS0DA0\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS71B5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS5311\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1A7F\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A19\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7A61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS7CF2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS1717\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS18B2\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS47BD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Robert\Local Settings\Temp\7zS4802\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
==================== Faulty Device Manager Devices =============
Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (12/18/2015 04:54:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (12/18/2015 04:54:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
kl1
Error: (12/18/2015 04:54:21 PM) (Source: 0) (EventID: 4311) (User: )
Description:
Error: (12/17/2015 05:26:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (12/17/2015 05:25:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
kl1
Error: (12/17/2015 05:25:43 PM) (Source: 0) (EventID: 4311) (User: )
Description:
Error: (12/17/2015 05:06:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126
Error: (12/17/2015 05:06:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126
Error: (12/17/2015 05:06:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126
Error: (12/17/2015 05:06:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 3071.04 MB
Available physical RAM: 2138.17 MB
Total Virtual: 4959.01 MB
Available Virtual: 4319.34 MB
==================== Drives ================================
Drive c: (Boot Drive) (Fixed) (Total:298.09 GB) (Free:197.87 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:197.03 GB) NTFS
Drive z: (Data Drive) (Fixed) (Total:465.76 GB) (Free:258.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7975DF18)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: F0128678)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0143820D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================