OK, all ran well and the logs follow:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by Philip (Administrator) on 10/03/2018 at 21:24:54.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 10
Successfully deleted: C:\Documents and Settings\All Users\uniblue (Folder)
Successfully deleted: C:\Documents and Settings\Philip\Application Data\drivercure (Folder)
Successfully deleted: C:\Documents and Settings\Philip\Application Data\yourfiledownloader (Folder)
Successfully deleted: C:\Documents and Settings\Philip\Local Settings\Application Data\slimware utilities inc (Folder)
Successfully deleted: C:\WINDOWS\System32\drivers\swdumon.sys (File)
Successfully deleted: C:\WINDOWS\Tasks\Auslogics Driver Updater Scan.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\Auslogics Driver Updater Start Driver Updater ?n Philip logon.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Program Files\conduit (Folder)
Registry: 6
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6BC07B3F-B55D-4BE8-B670-DBE820058251} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/03/2018 at 21:28:31.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27.01.2018
Ran by Philip (administrator) on ENILLION (10-03-2018 21:36:28)
Running from C:\Documents and Settings\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Philip & Biggles & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel® Corporation)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-07] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{4E6EE061-C7E0-45E8-A1C8-4121A2A500B7}: [DhcpNameServer] 192.168.8.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {7a085852-6757-4e38-8874-40baece5c3ae} URL =
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {31D37273-C478-446F-B06A-59B0A6C73E72} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-07] (AVAST Software)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-11-21] (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Sunbird\Profiles\oy1oewzm.default [2008-09-01]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2008-10-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\9i09j1qm.default-1511723098949 [2018-03-10]
FF Extension: (Avast SafePrice) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\9i09j1qm.default-1511723098949\Extensions\[email protected] [2018-03-08]
FF Extension: (Avast Online Security) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\9i09j1qm.default-1511723098949\Extensions\[email protected] [2018-03-07]
FF Extension: (Fasterfox) - C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\9i09j1qm.default-1511723098949\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2018-02-05] [Legacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-14] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-27] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-03-22] (Zylom)
FF Plugin HKU\S-1-5-21-1184402194-1185109317-1466214600-1005: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - <no Path/update_url>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-07] (AVAST Software)
S2 gupdate1c996655bba3304; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2016-08-04] (Google Inc.)
S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel® Corporation)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [126976 2008-12-15] () [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.) [File not signed]
S4 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S4 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S4 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 ARCSOFTVIRTUALCAPTURE; C:\WINDOWS\System32\DRIVERS\ArcSoftVirtualCapture.sys [15104 2006-12-07] (ArcSoft, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-03-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [169536 2018-03-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-03-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-03-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-03-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783608 2018-03-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-03-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205344 2018-03-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-03-07] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2017-11-21] () [File not signed]
R0 bdisk; C:\WINDOWS\System32\drivers\bdisk.sys [69216 2010-01-07] ()
R0 CBUfs; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [120960 2010-01-07] (COMODO Security Solutions Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-12-25] (Windows ® Win 7 DDK provider)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209536 2009-07-29] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2009-07-29] (Conexant Systems, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221112 2018-01-28] (Malwarebytes)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [33816 2016-08-01] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-08] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
S3 PCDSRVC{AEEF1793-83875E70-06020200}_0; c:\program files\dell\supportassist\pcdsrvc.pkms [22640 2016-08-01] (PC-Doctor, Inc.)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
S3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-21] (TOSHIBA Corporation) [File not signed]
S3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-01-20] (TOSHIBA CORPORATION) [File not signed]
S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [36480 2005-09-15] (TOSHIBA Corporation) [File not signed]
S1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-01-11] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-05] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [50048 2005-04-05] (TOSHIBA Corporation) [File not signed]
S3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39936 2006-02-09] (TOSHIBA CORPORATION) [File not signed]
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2016-12-24] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2016-12-24] (Unibrain)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540368 2016-07-28] (Check Point Software Technologies Ltd.)
S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S0 degkgkf; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 UIUSys; no ImagePath
S3 wanatw; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-10 21:36 - 2018-03-10 21:37 - 000020196 _____ C:\Documents and Settings\Philip\Desktop\FRST.txt
2018-03-10 21:28 - 2018-03-10 21:28 - 000002105 _____ C:\Documents and Settings\Philip\Desktop\JRT.txt
2018-03-10 20:53 - 2018-03-10 20:53 - 000085752 _____ C:\Documents and Settings\Philip\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2018-03-10 20:52 - 2018-03-10 20:52 - 000326704 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-10 20:22 - 2018-03-10 20:22 - 000396616 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2018-03-10 19:52 - 2018-03-10 19:52 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\JRT.exe
2018-03-10 19:41 - 2018-03-10 19:41 - 008222496 _____ (Malwarebytes) C:\Documents and Settings\Philip\Desktop\AdwCleaner.exe
2018-03-10 19:32 - 2018-03-10 19:34 - 000194863 _____ C:\Documents and Settings\Philip\Desktop\ENILLION.txt
2018-03-10 19:26 - 2018-03-10 19:26 - 000000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2018-03-10 19:26 - 2018-03-10 19:26 - 000000000 ___DC C:\Program Files\Speccy
2018-03-10 19:26 - 2018-03-10 19:26 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2018-03-10 19:24 - 2018-03-10 19:24 - 006299336 _____ (Piriform Ltd) C:\Documents and Settings\Philip\Desktop\spsetup131.exe
2018-03-10 19:15 - 2018-03-10 19:15 - 000004562 _____ C:\junk.txt
2018-03-10 19:10 - 2018-03-10 20:52 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2018-03-10 19:06 - 2018-03-10 19:06 - 000004052 _____ C:\Documents and Settings\Philip\Desktop\System Idle Process.txt
2018-03-10 18:47 - 2018-03-10 18:47 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Philip\Desktop\procexp.exe
2018-03-08 09:31 - 2018-03-08 21:12 - 000910745 _____ C:\Documents and Settings\Philip\Desktop\MM061A17.exe
2018-03-07 12:49 - 2018-03-07 12:49 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-03-07 12:49 - 2018-03-07 12:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2018-03-07 12:47 - 2018-03-10 20:55 - 000000358 ___HC C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-03-07 12:46 - 2018-03-07 12:45 - 000391856 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000310784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000205344 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000167040 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000124392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000070816 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000070576 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-03-07 12:46 - 2018-03-07 12:45 - 000042808 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000783608 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000276688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000185432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000169536 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000157368 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-03-07 12:46 - 2018-03-07 12:44 - 000050336 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-03-07 12:45 - 2018-03-07 12:45 - 000319392 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-04 19:26 - 2018-03-04 19:26 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1184402194-1185109317-1466214600-1005-0.dat
2018-03-04 19:25 - 2018-03-04 19:25 - 000359286 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2018-03-04 15:05 - 2018-03-04 15:05 - 000000865 _____ C:\Documents and Settings\Philip\Desktop\Auslogics Driver Updater.lnk
2018-02-08 20:35 - 2018-02-08 20:35 - 000001875 _____ C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
2018-02-08 20:35 - 2018-02-08 20:35 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth Pro
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-10 21:37 - 2006-07-21 23:50 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Temp
2018-03-10 21:36 - 2018-02-04 23:00 - 000000000 ____D C:\FRST
2018-03-10 21:26 - 2004-08-11 17:06 - 000000000 ____D C:\Documents and Settings\All Users
2018-03-10 21:25 - 2016-12-28 21:37 - 000000378 ____C C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn Philip logon.job
2018-03-10 21:12 - 2009-06-30 20:57 - 000000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-03-10 20:55 - 2017-12-01 08:45 - 000000330 ___HC C:\WINDOWS\Tasks\CCleaner Update.job
2018-03-10 20:55 - 2012-08-23 11:16 - 000000616 ___HC C:\WINDOWS\Tasks\ConfigExec.job
2018-03-10 20:55 - 2007-04-10 18:36 - 000000330 ___HC C:\WINDOWS\Tasks\MP Scheduled Scan.job
2018-03-10 20:54 - 2004-08-11 17:00 - 000000765 ____C C:\WINDOWS\win.ini
2018-03-10 20:52 - 2013-01-27 17:01 - 000032636 ____C C:\WINDOWS\SchedLgU.Txt
2018-03-10 20:52 - 2011-09-26 21:46 - 000000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-03-10 20:52 - 2004-08-11 17:20 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-03-10 20:52 - 2004-08-11 17:00 - 000002206 ____C C:\WINDOWS\system32\wpa.dbl
2018-03-10 20:21 - 2006-07-21 23:50 - 000000278 ___SH C:\Documents and Settings\Philip\ntuser.ini
2018-03-10 20:21 - 2006-07-21 23:50 - 000000000 ____D C:\Documents and Settings\Philip
2018-03-10 19:14 - 2014-03-01 09:48 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Skype
2018-03-10 19:13 - 2007-06-04 21:16 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2018-03-10 19:06 - 2016-08-04 21:02 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2018-03-10 00:46 - 2016-12-29 19:23 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-03-08 23:29 - 2004-08-11 17:02 - 000000000 ___DC C:\WINDOWS\security
2018-03-08 22:42 - 2006-06-29 14:16 - 000000000 ___DC C:\Program Files\Common Files\Java
2018-03-08 21:10 - 2010-11-20 19:25 - 000000000 ____D C:\Documents and Settings\Philip\Application Data\PCDr
2018-03-08 20:25 - 2006-07-22 21:54 - 000000000 __SHD C:\WINDOWS\CSC
2018-03-08 09:33 - 2011-02-20 19:34 - 000001324 ____C C:\WINDOWS\system32\d3d9caps.dat
2018-03-08 00:27 - 2004-08-11 17:20 - 000000178 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2018-03-08 00:27 - 2004-08-11 17:20 - 000000000 __SHD C:\Documents and Settings\LocalService
2018-03-07 12:48 - 2004-08-11 17:02 - 000000000 __HDC C:\WINDOWS\inf
2018-03-04 19:23 - 2009-02-05 09:15 - 000000000 ___DC C:\WINDOWS\pss
2018-03-04 19:23 - 2004-08-11 17:00 - 000000227 ____C C:\WINDOWS\system.ini
2018-03-04 19:23 - 2004-08-11 17:00 - 000000211 ___SH C:\boot.ini
2018-03-04 15:05 - 2013-11-01 14:29 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2018-03-04 14:47 - 2009-12-19 16:19 - 000000000 ____D C:\Documents and Settings\Philip\Local Settings\Application Data\Deployment
2018-03-04 14:45 - 2016-12-28 21:16 - 000000000 ___DC C:\Program Files\LockHunter
2018-03-04 14:45 - 2016-12-28 21:16 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\LockHunter
2018-02-08 20:35 - 2006-06-29 14:34 - 000000000 ___DC C:\Program Files\Google
==================== Files in the root of some directories =======
2006-07-22 04:46 - 2000-03-14 00:00 - 000249856 ____C (Microsoft Corporation) C:\Program Files\SETUP1.EXE
2008-10-27 19:20 - 2008-10-27 19:20 - 000002528 ____C () C:\Documents and Settings\Philip\Application Data\$_hpcst$.hpc
2008-11-25 16:42 - 2009-01-28 20:48 - 000000082 ____C () C:\Documents and Settings\Philip\Application Data\AVSDVDPlayer.m3u
2010-12-08 16:18 - 2015-02-22 15:21 - 000028790 _____ () C:\Documents and Settings\Philip\Application Data\Comma Separated Values (Windows).ADR
2006-07-25 18:38 - 2010-03-30 18:45 - 000014848 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-24 20:30 - 2006-07-24 20:30 - 000000129 ____C () C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
2007-11-29 09:18 - 2007-11-29 09:18 - 000000032 ____C () C:\Documents and Settings\All Users\Application Data\ezsid.dat
2009-05-24 17:19 - 2017-01-02 21:56 - 000004136 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-07-12 20:16 - 2012-08-28 20:32 - 000000193 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2006-11-14 16:52 - 2009-04-20 17:07 - 000000020 ___HC () C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-06-29 14:21 - 2006-06-29 14:21 - 000000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by Philip (10-03-2018 21:39:00)
Running from C:\Documents and Settings\Philip\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-07-21 22:50:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1184402194-1185109317-1466214600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Biggles (S-1-5-21-1184402194-1185109317-1466214600-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Biggles
Guest (S-1-5-21-1184402194-1185109317-1466214600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1184402194-1185109317-1466214600-1004 - Limited - Disabled)
Philip (S-1-5-21-1184402194-1185109317-1466214600-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Philip
SUPPORT_388945a0 (S-1-5-21-1184402194-1185109317-1466214600-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Auslogics BoostSpeed 10 (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 10.0.2.0 - Auslogics Labs Pty Ltd)
Auslogics Driver Updater (HKLM\...\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1) (Version: 1.11.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Belarc Advisor 8.6 (HKLM\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C4580 (HKLM\...\{403E07CF-040C-4653-85C6-1053B992CA53}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: 7.63.00.50 - Conexant)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version: - Genesis Mobile)
File Shredder 2.0 (HKLM\...\File Shredder_is1) (Version: - WipeSoft)
GNU Backgammon (MAIN branch, 20081113 code) (HKLM\...\GNU Backgammon_is1) (Version: - Free Software Foundation)
Google Earth Pro (HKLM\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCU (HKLM\...\{D2988E9B-C73F-422C-AD4B-A66EBE257120}) (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Web Apps Browser Plugin (HKLM\...\{95140000-1148-0409-0000-0000000FF1CE}) (Version: 14.0.5568.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.6.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.6.0 ESR (x86 en-GB)) (Version: 52.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.6.0.6592 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Oxford Spanish Dictionary (HKLM\...\Oxford Spanish Dictionary) (Version: - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.199.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{D652ACB5-5443-43FA-B25C-259AFF394D8D}) (Version: 2.0.44.0 - Tracker Software Products Ltd.)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version: - )
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Driver Package - Conexant (winachsf) Modem (03/22/2007 7.63.00.50) (HKLM\...\BC9093B69A2F23E789D7F05A3770E314C8D0F44E) (Version: 03/22/2007 7.63.00.50 - Conexant)
Windows Driver Package - Dell Inc (omci) system (05/26/2009 7.7.0.830) (HKLM\...\B2A4CCA33ED18F8364EBC488FB0B7A4B87B9F00D) (Version: 05/26/2009 7.7.0.830 - Dell Inc)
Windows Driver Package - Intel hdc (07/25/2013 9.1.9.1005) (HKLM\...\0FC89EF25B8E7EB4E6DEC68AAB6FC08D970018E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System (07/09/2013 9.1.9.1004) (HKLM\...\737C68EDD1AFCD5D42AE3A1B12CD1455500F0EA2) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...\FFD5BD6AF8B693FED8D50E12A23F30056D22A864) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB (07/09/2013 9.1.9.1004) (HKLM\...\7FE3091A683E1D79B336ED7A5D69467CDFFB7A5E) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device (12/22/2017 6.2.84.276) (HKLM\...\5904AD65D5DEFFD8294BF5DB998020688E567249) (Version: 12/22/2017 6.2.84.276 - IVT Corporation)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ricoh Company (risdptsk) hdc (09/02/2008 6.03.02.22) (HKLM\...\37F6DB1FE70CA0A966E15DBD0B314B56D7A92A5B) (Version: 09/02/2008 6.03.02.22 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (03/07/2011 6.00.03.05) (HKLM\...\07A14B7D240AEA7F81B3C2FE99BFE33F46642538) (Version: 03/07/2011 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (03/07/2011 6.00.01.11) (HKLM\...\0BFE5FCDE57FA0AF01CA8E6EA54F614A15083EBF) (Version: 03/07/2011 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (03/07/2011 6.00.01.13) (HKLM\...\7624569EEDBF62171F717E0F02EAF2547B81FFAF) (Version: 03/07/2011 6.00.01.13 - Ricoh Company)
Windows Driver Package - SigmaTel MEDIA (02/15/2008 6.10.0.5866) (HKLM\...\0C327E80B04D91ACEF343253C80A5CAEDF25AF73) (Version: 02/15/2008 6.10.0.5866 - SigmaTel)
Windows Driver Package - Unibrain (ubohci) UB1394 (10/05/2012 6.0) (HKLM\...\E2CB89A0476213170E58E955F4C2024F6879C877) (Version: 10/05/2012 6.0 - Unibrain)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden
ZoneAlarm Firewall (HKLM\...\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.3.119.000 - Check Point)
ZoneAlarm Security (HKLM\...\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{736AF091-C361-49B4-A928-87C586130D33}\InprocServer32 -> C:\Program Files\File Shredder\fsshell.dll ()
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {4653F04E-9468-D082-1860-22B785889A47} => No File
CustomCLSID: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {462A5438-9468-D082-6EC4-5BB785889A47} => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [Auslogics BoostSpeed Shell Context Menu 9.x] -> {CC89327D-D094-8297-82CB-F989EE26FC51} => C:\Program Files\Auslogics\BoostSpeed\ShellExtension.ContextMenu.x32.dll [2018-01-10] (Auslogics)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31] (Sonic Solutions)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2007-03-30] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-03-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3_S-1-5-21-1184402194-1185109317-1466214600-1005: [{736AF091-C361-49B4-A928-87C586130D33}] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2007-03-01] ()
==================== Scheduled Tasks=============================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Auslogics BoostSpeed Scan and Repair.job => rundll32 exe TaskSchedulerHelper dll RunTask Main exe
Task: C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn Philip logon.job => C:\Program Files\Auslogics\BoostSpeed\Main.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\ConfigExec.job => rundll32.exe C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\DataUpload.job => rundll32.exe C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\Philip\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2018-03-07 12:45 - 2018-03-07 12:45 - 000287960 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000280280 ____C () C:\Program Files\avast software\avast\tasks_core.dll
2018-03-10 18:46 - 2018-03-10 18:46 - 005833872 ____C () C:\Program Files\AVAST Software\Avast\defs\18031000\algo.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000756952 ____C () C:\Program Files\avast software\avast\ffl2.dll
2018-03-07 12:44 - 2018-03-07 12:44 - 000172760 ____C () C:\Program Files\avast software\avast\hns_tools.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000964824 ____C () C:\Program Files\avast software\avast\shepherdsync.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 000475352 ____C () C:\Program Files\avast software\avast\gui_cache.dll
2017-11-27 15:03 - 2018-01-14 20:51 - 001934792 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-07 12:45 - 2018-03-07 12:45 - 048936448 ____C () C:\Program Files\avast software\avast\libcef.dll
2004-08-11 17:00 - 2013-01-02 07:49 - 001292288 ____C () C:\WINDOWS\system32\quartz.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\btinstall.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\csrss.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rixdicon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\snymsico.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\omci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rimmptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rimsptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\risdptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rixdptsk.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UB1394.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UBSBM.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UBUMAPI.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdf01000.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdfldr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdiultn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdpash.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\logui.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc40u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msvcrt40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwapi16.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\nwc.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ocmanage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\s3legacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [104]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\Philip\Desktop\MM061A17.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
There are 5486 more sites.
IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com
There are 4143 more sites.
IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com
There are 4143 more sites.
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\internet -> internet
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\mcafee.com -> hxxps://mcafee.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\...\1-2005-search.com -> www.1-2005-search.com
There are 10344 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-11 17:00 - 2009-05-23 18:11 - 000307032 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 180searchassistant.com
There are 10562 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1184402194-1185109317-1466214600-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.8.1
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Philip^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: Advanced SystemCare 6 =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe =>
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\msiexec.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\svchost.exe] => Generic Host Process
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
DomainProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
DomainProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1723:TCP] => Enabled:@xpsp2res.dll,-22015
StandardProfile\GloballyOpenPorts: [1701:UDP] => Enabled:@xpsp2res.dll,-22016
StandardProfile\GloballyOpenPorts: [500:UDP] => Enabled:@xpsp2res.dll,-22017
==================== Restore Points =========================
07-03-2018 12:48:40 Installed Windows XP Wdf01009.
08-03-2018 22:40:41 Removed Java 7 Update 71
10-03-2018 19:10:13 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
10-03-2018 21:25:10 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: SigmaTel High Definition Audio CODEC
Description: SigmaTel High Definition Audio CODEC
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: SigmaTel
Service: STHDA
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Dell Wireless 350 Bluetooth Internal Card
Description: Dell Wireless 350 Bluetooth Internal Card
Class Guid: {E0CBF06C-CD8B-4647-BB8A-263B43F0F974}
Manufacturer: Toshiba
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/10/2018 08:55:18 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.
Error: (03/10/2018 08:55:18 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7
Error: (03/10/2018 07:14:26 PM) (Source: MsiInstaller) (EventID: 11303) (User: ENILLION)
Description: Product: Skype™ 7.36 -- Error 1303. The installer has insufficient privileges to access this directory: C:\Program Files\Skype. The installation cannot continue. Log on as administrator or contact your system administrator.
System errors:
=============
Error: (03/10/2018 09:25:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SecuROM User Access Service (V7) service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2018 09:25:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2018 09:25:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2018 09:25:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2018 09:25:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2018 09:25:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2018 09:25:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2018 09:09:02 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.102 for the Network Card with network address 0013028835CC has been
denied by the DHCP server 192.168.8.1 (The DHCP Server sent a DHCPNACK message).
Error: (03/10/2018 08:57:48 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: Service 'WMPNetworkSvc' did not start because Group Policy is preventing Windows Media Player from sharing media with other devices.
Error: (03/10/2018 08:56:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswbIDSAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
==================== Memory info ===========================
Processor: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of memory in use: 89%
Total physical RAM: 1014.37 MB
Available physical RAM: 103.22 MB
Total Virtual: 2439.72 MB
Available Virtual: 1420.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:51.39 GB) (Free:26.63 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 54.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
==================== End of Addition.txt ============================
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 99.22 0 K 28 K 0
Interrupts 0.78 0 K 0 K n/a Hardware Interrupts and DPCs
zatray.exe 55,068 K 4,688 K 1156 ZoneAlarm Check Point Software Technologies Ltd.
ZAPrivacyService.exe 17,508 K 4,084 K 3884 ZAPrivacyService Check Point Software Technologies, Ltd.
wmiprvse.exe 3,696 K 3,028 K 2964 WMI Microsoft Corporation
winlogon.exe 6,420 K 1,984 K 920 Windows NT Logon Application Microsoft Corporation
vsmon.exe 43,736 K 31,408 K 1976 ZoneAlarm Check Point Software Technologies Ltd.
unsecapp.exe 2,224 K 860 K 2564 WMI Microsoft Corporation
unsecapp.exe 1,812 K 1,264 K 4636 WMI Microsoft Corporation
System 0 K 56 K 4
svchost.exe 35,400 K 33,144 K 1768 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,336 K 1,244 K 1376 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,940 K 1,636 K 1480 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2,392 K 204 K 1644 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,340 K 1,232 K 1884 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,600 K 248 K 1720 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,044 K 96 K 2208 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,036 K 96 K 2224 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 5,256 K 1,912 K 3332 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2,420 K 152 K 3408 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 4,064 K 1,284 K 616 Spooler SubSystem App Microsoft Corporation
smss.exe 188 K 68 K 1984 Windows NT Session Manager Microsoft Corporation
services.exe 3,072 K 1,848 K 1068 Services and Controller app Microsoft Corporation
procexp.exe 14,396 K 21,396 K 4600 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
MsMpEng.exe 42,372 K 23,324 K 1520 Service Executable Microsoft Corporation
MBAMService.exe 44,460 K 9,580 K 1696 Malwarebytes Service Malwarebytes
lsass.exe 2,420 K 960 K 1084 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 24,144 K 20,232 K 3816 Windows Explorer Microsoft Corporation
ctfmon.exe 920 K 528 K 736 CTF Loader Microsoft Corporation
csrss.exe 1,824 K 3,000 K 668 Client Server Runtime Process Microsoft Corporation
CCleaner.exe 17,128 K 13,988 K 4392 CCleaner Piriform Ltd
AvastUI.exe 85,772 K 16,608 K 4728 Avast Antivirus AVAST Software
AvastSvc.exe 96,468 K 40,952 K 1704 Avast Service AVAST Software
alg.exe 1,088 K 152 K 932 Application Layer Gateway Service Microsoft Corporation
Looks promising to me.