Roguekiller malware

[luzchurch]

I have the 13.1.8.0 version which invariably crashes after about 45 minutes. I have tried this at least 5 times.
Is there a reason for this? If there is an updated version of this to try, please let me know. Thanks.

[Jintan]

Howdy luzchurch,

I assume when you say "Roguekiller malware" you are talking about the scan tool Roguekiller. Often it only runs into problems when your existing security software interferes, or actual malware is involved. Of course I do have to mention we really do not recommend you use Roguekiller without someone skilled in malware removal involved. Too many chances of a false positive removal of a legit item. Are you sure you have all your security software disabled when running it.

We can always check things here, if you want.


If so, for x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Use extra posts here as needed.

[luzchurch]

Thanks. I run XP professional and have Microsoft Essentials. I tried to disable t to run Roguekiller but there is no provision for it. I will try what you suggest.

[luzchurch]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-03-2019
Ran by owner (administrator) on EMACHINE (25-03-2019 20:24:54)
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner (Available Profiles: owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\services.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2G 1.EXE
(DivX, LLC -> ) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Canon Inc. -> CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() [File not signed] C:\WINDOWS\system32\dxconfig.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG -> Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() [File not signed] C:\WINDOWS\system32\dxconfig.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Softland SRL -> Microsoft) [File not signed] C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(RealNetworks, Inc. -> ) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
(HP Inc. -> ) [File not signed] C:\WINDOWS\system32\spdsvc.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\alg.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiprvse.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3202416 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2016-12-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [81920 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8491008 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [EPSON Stylus CX5400 (Copy 1)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus CX5400] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [DLADiag] => C:\WINDOWS\DLADiag.EXE [57403 2005-08-25] (Sonic Solutions) [File not signed]
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] (DivX, LLC -> )
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC) [File not signed]
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\INETPP.DLL [76800 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\WIN32SPL.DLL [104960 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2008-04-14] (Microsoft Windows Component Publisher -> DSP GROUP, INC.)
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -> C:\WINDOWS\system32\ieudinit.exe [2016-03-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\System32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\49.0.2623.112\Inst aller\chrmstp.exe [2018-05-03] (Google Inc -> Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{CC83D544-1125-C7EE-8688-26B699B123B5}] -> C:\WINDOWS\system32\ADVPACK.DLL [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [264480 2014-10-17] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
SecurityProviders: C:\WINDOWS\system32\MSAPSSPC.DLL, C:\WINDOWS\system32\SCHANNEL.DLL, C:\WINDOWS\system32\DIGEST.DLL, C:\WINDOWS\system32\MSNSSPC.DLL
Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-12]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CE5BCC45-4C4F-4586-B869-86ECA889A6D4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://firefox.com/
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE \rndlbrowserrecordplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-04-02] (DivX, LLC -> DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corporation -> Microsoft Corp.)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corporation -> Microsoft Corp.)
Toolbar: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files\TurboTax 2013\ic2013pp.dll [2014-02-27] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\0vqfogiu.default-1552324074171 [2019-03-25]
FF Homepage: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\0vqfogiu.default-1552324074171 -> www.google.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-20] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-23] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext [2016-12-10] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_31_0_0_ 153.dll [2018-11-28] (Adobe Systems Incorporated -> ) [File not signed]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] (Apple Inc. -> )
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-04-02] (DivX, LLC -> DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-06] (Nero AG -> Nero AG)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2016-12-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-12-10] (RealNetworks, Inc. -> RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\np dlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> inline.go.mail.ru/homepage?inline_comp=hp&inline_hp_cnt=11956636
CHR Profile: C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2019-03-25]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bobeehhgpnppdghmfffdjadmbj baeeod [2018-08-03]
CHR Extension: (RealDownloader) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji [2018-05-03]
CHR HKLM\...\Chrome\Extension: [bobeehhgpnppdghmfffdjadmbjbaeeod] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Ch rome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe [335872 2018-11-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated) [File not signed]
R3 BITS; C:\WINDOWS\system32\qmgr.dll [408576 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 EventSystem; C:\WINDOWS\System32\ES.DLL [253952 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [134144 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
R2 Microsoft DirectX Configuration Service; C:\WINDOWS\system32\dxconfig.exe [64512 2016-04-06] () [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe /V [96256 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [785904 2015-07-07] (Nero AG -> Nero AG)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Softland SRL -> Microsoft) [File not signed]
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [155716 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-11-30] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2013-08-14] (RealNetworks, Inc. -> )
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Samsung Printer Dianostics Service; C:\WINDOWS\system32\\spdsvc.exe [508488 2018-04-25] (HP Inc. -> ) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [330752 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [685752 2018-04-08] (Enigma Software Group USA, LLC -> Enigma Software Group USA, LLC.) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{C25A8AC1-6F52-40C6-B9AC-E32B14580D4A} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [296960 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175616 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [618496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [64512 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483328 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice .sys [26032 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [25920 1998-11-12] (Adaptec) [File not signed]
S0 Cdr4vsd; C:\Windows\System32\Drivers\Cdr4vsd.sys [72032 2014-08-26] (Adaptec) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 DLADiagN; C:\WINDOWS\System32\Drivers\DLADiagN.SYS [10908 2005-08-25] (Sonic Solutions) [File not signed]
R1 DLAPMonN; C:\WINDOWS\System32\Drivers\DLAPMonN.SYS [22812 2005-08-25] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
S1 DumpDrv; C:\Windows\System32\Drivers\DumpDrv.sys [9472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation -> EldoS Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2018-04-08] (Enigma Software Group USA, LLC -> Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2018-04-08] (Enigma Software Group USA, LLC -> )
S4 exFat; C:\Windows\System32\Drivers\exFat.sys [133632 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S4 Fastfat; C:\Windows\System32\Drivers\Fastfat.sys [143744 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [9216 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4800000 2008-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R0 KSecDD; C:\Windows\System32\Drivers\KSecDD.sys [92928 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220896 2018-09-01] (Malwarebytes Corporation -> Malwarebytes)
R0 MountMgr; C:\Windows\System32\Drivers\MountMgr.sys [42752 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation -> Microsoft Corporation)
R1 MpKsl3aa0e0b8; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0A66A3D-D66F-4811-943C-2F116535BCB5}\MpKsl3aa0e0b8.sys [49504 2019-03-24] (Microsoft Corporation -> Microsoft Corporation)
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [179968 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [457856 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\Mup.sys [105472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182912 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91776 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [40960 2013-11-27] (Windows XP SP4 Developer -> Microsoft Corporation)
R4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [576512 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6867360 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [70272 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [174848 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [195712 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 RDPWD; C:\WINDOWS\System32\Drivers\RDPWD.SYS [139784 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62848 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [358016 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2012-07-19] (Samsung Electronics) [File not signed]
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2013-08-25] (Rocket Division Software Ltd -> )
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\Drivers\TDTCP.sys [22024 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U5 TDTDP; C:\WINDOWS\System32\Drivers\TDTCP.SYS [22024 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2019-03-23] (Adlice -> )
S1 UdfReadr; C:\Windows\System32\Drivers\UdfReadr.sys [206272 2000-02-22] (Adaptec) [File not signed]
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30464 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 uti0odgx; C:\WINDOWS\system32\Drivers\uti0odgx.sys [7168 2017-04-11] () [File not signed]
R3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam_prewin8.sys [20256 2016-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [91904 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [132224 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\ehdrv.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-25 14:28 - 2019-03-25 14:28 - 000000000 __SHD C:\Documents and Settings\TEMP.NT AUTHORITY\IETldCache
2019-03-25 14:25 - 2019-03-25 14:46 - 000000000 __SHD C:\Documents and Settings\TEMP
2019-03-25 14:25 - 2019-03-25 14:38 - 000000000 ____D C:\Documents and Settings\TEMP\Local Settings\Temp
2019-03-25 14:25 - 2019-03-25 14:28 - 000000000 __SHD C:\Documents and Settings\TEMP.NT AUTHORITY
2019-03-25 14:25 - 2019-03-25 14:25 - 000000020 ___SH C:\Documents and Settings\TEMP\ntuser.ini
2019-03-25 14:25 - 2019-03-25 14:25 - 000000020 ___SH C:\Documents and Settings\TEMP.NT AUTHORITY\ntuser.ini
2019-03-25 14:25 - 2019-03-25 14:25 - 000000000 ____D C:\Documents and Settings\TEMP.NT AUTHORITY\Local Settings\Temp
2019-03-25 14:25 - 2019-03-25 14:25 - 000000000 ____D C:\Documents and Settings\TEMP.NT AUTHORITY\Application Data\Apple Computer

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-25 20:29 - 2018-05-03 13:10 - 000000000 ____D C:\Documents and Settings\owner\Local Settings\temp
2019-03-25 20:28 - 2016-11-16 15:52 - 000000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job
2019-03-25 20:27 - 2016-02-25 11:07 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2019-03-25 20:24 - 2016-03-09 08:26 - 000000000 ____D C:\FRST
2019-03-25 19:55 - 2016-05-10 18:51 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2019-03-25 17:53 - 2017-04-20 11:04 - 000032656 ____N C:\WINDOWS\SchedLgU.Txt
2019-03-25 17:27 - 2018-04-09 17:25 - 000000330 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2019-03-25 16:38 - 2016-03-15 06:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\vlc
2019-03-25 14:50 - 2017-10-23 11:26 - 000000486 _____ C:\WINDOWS\Tasks\novaPDF Reactivation.job
2019-03-25 14:43 - 2013-08-30 21:05 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2019-03-25 14:37 - 2018-11-12 00:12 - 000000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2019-03-25 14:28 - 2018-10-22 20:56 - 000008192 _____ C:\WINDOWS\system32\WDPABKP.dat
2019-03-25 14:28 - 2018-06-29 20:55 - 000000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2019-03-25 14:28 - 2013-04-23 18:36 - 000000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job
2019-03-25 14:27 - 2008-04-14 05:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2019-03-25 14:26 - 2017-10-22 09:51 - 000000157 _____ C:\WINDOWS\ssdiag.ini
2019-03-25 14:25 - 2016-05-10 18:51 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2019-03-25 14:25 - 2013-04-27 18:00 - 000000300 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-507921405-1284227242-1417001333-1003.job
2019-03-25 14:25 - 2013-04-09 11:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-25 14:25 - 2013-04-09 07:03 - 000364120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-25 14:25 - 2013-04-09 07:03 - 000000000 ____D C:\Documents and Settings
2019-03-25 14:23 - 2013-11-12 15:56 - 000196608 _____ C:\WINDOWS\system32\config\OAlerts.evt
2019-03-25 14:19 - 2013-05-23 11:52 - 000000000 ____D C:\Program Files\CCleaner
2019-03-25 13:56 - 2016-03-25 11:08 - 057327616 _____ C:\New index.accdb
2019-03-25 13:04 - 2013-05-04 09:15 - 000000000 ____D C:\WINDOWS\system32\NtmsData
2019-03-24 17:21 - 2008-04-14 05:00 - 000000885 _____ C:\WINDOWS\win.ini
2019-03-24 10:43 - 2013-04-09 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-03-23 23:36 - 2018-04-09 18:40 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2019-03-23 20:08 - 2017-03-28 11:44 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2019-03-23 14:41 - 2013-04-09 11:13 - 000000000 ____D C:\WINDOWS\Registration
2019-03-23 08:47 - 2013-04-09 18:03 - 000000000 ____D C:\program downloads
2019-03-21 18:10 - 2013-09-18 20:06 - 000000000 ____D C:\Documents and Settings\owner\My Documents\Shanta
2019-03-21 09:11 - 2013-04-27 18:00 - 000000308 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2019-03-18 13:28 - 2013-04-09 14:22 - 000000000 ____D C:\Ragde-D
2019-03-18 07:22 - 2013-04-09 07:04 - 000718530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-17 20:41 - 2013-05-12 10:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\XnView
2019-03-17 17:59 - 2013-04-27 17:59 - 000000326 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2019-03-14 11:49 - 2016-03-22 10:38 - 005338884 _____ C:\Documents and Settings\owner\My Documents\New index.txt
2019-03-04 17:12 - 2016-03-23 17:04 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2019-02-26 12:14 - 2018-05-10 09:46 - 000000000 ____D C:\Documents and Settings\owner\Application Data\Notepad++

==================== Files in the root of some directories =======

2018-04-13 11:11 - 2018-05-15 07:58 - 000003774 _____ () C:\Documents and Settings\owner\Application Data\RegistrationLog.log
2018-04-13 11:10 - 2018-05-15 07:58 - 000017371 _____ () C:\Documents and Settings\owner\Application Data\ReplayMusicLog.log
2016-03-14 18:48 - 2016-03-14 18:48 - 000000128 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
2018-04-07 07:00 - 2018-04-07 07:00 - 000000003 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\wbem.ini
2017-10-14 08:38 - 2017-10-14 08:38 - 000000000 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\{0BF9E288-E566-49FE-A583-BB6E955B2DFD}
2014-07-26 17:59 - 2016-01-08 16:35 - 000001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
2019-03-17 20:42 - 2016-03-09 01:00 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\owner\Local Settings\temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

[luzchurch]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-03-2019
Ran by owner (25-03-2019 20:30:31)
Running from C:\Documents and Settings\owner\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-04-09 15:19:13)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-507921405-1284227242-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-507921405-1284227242-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-507921405-1284227242-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-507921405-1284227242-1417001333-1000 - Limited - Disabled)
owner (S-1-5-21-507921405-1284227242-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\owner
SUPPORT_388945a0 (S-1-5-21-507921405-1284227242-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adaptec Easy CD Creator (HKLM\...\CDCreator30) (Version: - )
Adaptec UDF Reader (HKLM\...\Adaptec UDF Reader) (Version: - )
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
A-PDF Merger (HKLM\...\A-PDF Merger_is1) (Version: - A-PDF.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
autolock wizard (HKLM\...\{CC5E2A47-F660-4763-AA88-75B1FC30CA0D}) (Version: 4.7.1 - HexaLock)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DjVuLibre DjView 3.5.27+4.10.4 (HKLM\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Easy Bridge (HKLM\...\Easy BridgeDeinstall) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Family Tree Maker (HKLM\...\FTW) (Version: - )
Free Easy MP3 Joiner 8.8.2 (HKLM\...\Free Easy MP3 Joiner_is1) (Version: - Freeease.net.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
JPG to Word Converter 1.0 (HKLM\...\{BE1475FD-E1F4-4686-B2E2-EDF8E090D2DB}_is1) (Version: 1.0 - Soft Solutions)
M3 BitLocker Decryption version 5.5 (HKLM\...\{0AF04533-F913-4ABD-A4DC-8B2CDC226E4F}}_is1) (Version: 5.5 - M3 Data Recovery)
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 2.0 Client Profile Basic Version 1.0.0.18 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.0.18 - Wondershare, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 14 (HKLM\...\{90140000-0010-0409-0000-0000000FF1CE}) (Version: - )
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Hidden
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
Nero Kwik Media (HKLM\...\{283E9B9D-F1B3-45BA-B942-6B10A3948533}) (Version: 12.5.00300 - Nero AG)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
novaPDF 8 (HKLM\...\{0BDC1E59-A971-4737-8DDF-E4ABB3A2D33C}) (Version: 8.9.951 - Softland) Hidden
novaPDF 8 (HKLM\...\{b237db6e-0a86-4779-9dd4-219781e867c9}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{EEFA260F-AED4-402B-AC7C-418CB69BE662}) (Version: 8.9.951 - Softland)
novaPDF 8 SDK COM (x86) (HKLM\...\{E47D57E4-0674-440A-9CBD-A0705684A8C3}) (Version: 8.9.951 - Softland)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0008 - Nero AG) Hidden
RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Music 7 (7.0.0.30) (HKLM\...\Replay Music 7) (Version: 7.0.0.30 - Applian Technologies)
RogueKiller version 12.12.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.14.0 - Adlice Software)
Samsung CLP-410 Series (HKLM\...\Samsung CLP-410 Series) (Version: 1.17 (6/10/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.4.28 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WD Quick View (HKLM\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7F7425DB-530D-48D8-A3A6-3184B2E07FDD}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows XP Service Pack 4 (HKLM\...\Windows XP Service Pack) (Version: 20160308.230000 - Charalampos Kazakos )
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
XnView 2.43 (HKLM\...\XnView_is1) (Version: 2.43 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit, Inc. -> Intuit)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Windows XP SP4 Developer -> Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Windows XP SP4 Developer -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Windows XP SP4 Developer -> Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Windows XP SP4 Developer -> Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8463872 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-03-18] (Notepad++ -> )
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2008-02-25] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_31_ 0_0_153_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\novaPDF Reactivation.job => C:\Program Files\Softland\novaPDF 8\Driver\ActivationClient.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name =\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFi lter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']

Shortcut: C:\Documents and Settings\owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Online documentation.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net/doc/index.html
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit Djvu.org.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.org
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjVuLibre download page.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://sourceforge.net/projects/djvu/files/DjVuLibre_Windows/
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjvuLibre.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net

==================== Loaded Modules (Whitelisted) ==============

2015-09-16 15:38 - 2010-02-04 21:37 - 000340992 _____ () C:\WINDOWS\system32\CNMNPPM.DLL
2017-08-16 14:15 - 2017-08-16 14:15 - 000016384 _____ () C:\WINDOWS\system32\novamn8.dll
2008-02-25 12:29 - 2008-02-25 12:29 - 001482752 _____ () C:\WINDOWS\system32\nview.dll
2014-07-21 06:04 - 2014-07-21 06:04 - 000041984 _____ () C:\Program Files\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor.dll
2008-02-25 12:29 - 2008-02-25 12:29 - 000466944 _____ () C:\WINDOWS\system32\nvshell.dll
2013-11-25 12:42 - 2010-01-25 14:09 - 001093120 _____ () C:\Program Files\Canon\Solution Menu EX\MFC80U.DLL
2018-03-30 16:22 - 2010-04-08 13:43 - 000028672 _____ () C:\Program Files\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2015-09-16 15:41 - 2010-03-24 13:50 - 000073728 _____ () C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2016-04-06 19:18 - 2016-04-06 19:18 - 000064512 _____ () C:\WINDOWS\system32\dxconfig.exe
2017-08-16 14:19 - 2017-08-16 14:19 - 000053176 _____ () C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
2017-08-16 14:18 - 2017-08-16 14:18 - 000138672 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll
2018-07-01 14:45 - 2018-04-25 04:38 - 000508488 ____N () C:\WINDOWS\system32\spdsvc.exe
2015-09-23 16:14 - 2015-09-14 09:15 - 002073600 ____N () C:\WINDOWS\system32\DlgSearchEngine.dll
2016-04-19 12:02 - 2016-04-19 12:02 - 001006080 ____R () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2018-08-16 16:33 - 2018-05-01 11:10 - 001137152 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 05:00 - 2018-05-03 13:12 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.0.1
HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

[luzchurch]

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
DomainProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation
DomainProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNetisabled:Windows® NetMeeting®
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNetisabled:Windows® NetMeeting® Remote Desktop Sharing
DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player
DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player
DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNetisabled:Offer Remote Assistance
DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNetisabled:Remote Assistance - Windows Messenger and Voice

[luzchurch]

StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe] => Enabled:QuickBooks 2009 Data Manager
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE] => Enabled:SAgent4
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe] => Enabled:Easy Printer Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe] => Enabled:EPM Order Supplies
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe] => Enabled:EPM Alert
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe] => Enabled:Samsung uninstaller
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe] => Enabled:EPM CDA Scan2PC
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe] => Enabled:EPM ScanProcess
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe] => Enabled:EPM Scan2PCNotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe] => Enabled:Nero Blu-ray Player
StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\KM\NMDllHost.exe] => Enabled:NMDllHost
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation
StandardProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNetisabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNetisabled:Windows® NetMeeting® Remote Desktop Sharing
StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player
StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player
StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNetisabled:Offer Remote Assistance
StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNetisabled:Remote Assistance - Windows Messenger and Voice
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Music 7\jrmp.exe] => Enabled:Replay Music 7
StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update
DomainProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
DomainProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22002
DomainProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22005
DomainProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008
DomainProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009
DomainProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017
DomainProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016
DomainProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015
DomainProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018
DomainProfile\GloballyOpenPorts: [80:TCP] => :LocalSubNetisabled:Windows® Remote Management
DomainProfile\GloballyOpenPorts: [443:TCP] => :LocalSubNetisabled:Windows® Remote Management
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22005
StandardProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009
StandardProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017
StandardProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016
StandardProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015
StandardProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018
StandardProfile\GloballyOpenPorts: [8501:TCP] => Enabled:NovaPDFTCPPortException
StandardProfile\GloballyOpenPorts: [8501:UDP] => Enabled:NovaPDFUDPPortException

==================== Restore Points =========================

26-12-2018 10:05:45 System Checkpoint
27-12-2018 10:08:58 System Checkpoint
28-12-2018 11:02:26 System Checkpoint
29-12-2018 11:46:20 System Checkpoint
30-12-2018 12:27:19 System Checkpoint
31-12-2018 13:12:06 System Checkpoint
01-01-2019 15:16:21 System Checkpoint
02-01-2019 15:35:14 System Checkpoint
03-01-2019 15:49:07 System Checkpoint
04-01-2019 16:49:06 System Checkpoint
05-01-2019 17:49:10 System Checkpoint
06-01-2019 20:15:16 System Checkpoint
07-01-2019 23:10:31 System Checkpoint
08-01-2019 23:46:27 System Checkpoint
09-01-2019 23:47:30 System Checkpoint
11-01-2019 00:46:24 System Checkpoint
12-01-2019 00:58:11 System Checkpoint
13-01-2019 00:59:15 System Checkpoint
14-01-2019 01:58:09 System Checkpoint
15-01-2019 02:58:10 System Checkpoint
01-02-2019 10:09:24 System Checkpoint
02-02-2019 10:59:38 System Checkpoint
03-02-2019 12:23:29 System Checkpoint
04-02-2019 14:35:56 System Checkpoint
05-02-2019 17:02:17 System Checkpoint
06-02-2019 19:57:35 System Checkpoint
07-02-2019 20:11:02 System Checkpoint
08-02-2019 21:10:00 System Checkpoint
09-02-2019 22:04:05 System Checkpoint
10-02-2019 23:33:55 System Checkpoint
12-02-2019 00:04:26 System Checkpoint
13-02-2019 01:04:32 System Checkpoint
14-02-2019 01:16:39 System Checkpoint
15-02-2019 01:19:51 System Checkpoint
16-02-2019 02:19:50 System Checkpoint
17-02-2019 03:13:10 System Checkpoint
18-02-2019 03:14:22 System Checkpoint
19-02-2019 03:48:37 System Checkpoint
20-02-2019 03:53:16 System Checkpoint
21-02-2019 04:53:15 System Checkpoint
22-02-2019 05:53:23 System Checkpoint
23-02-2019 07:27:32 System Checkpoint
26-02-2019 10:17:03 System Checkpoint
27-02-2019 10:52:07 System Checkpoint
28-02-2019 11:08:39 System Checkpoint
01-03-2019 14:25:40 System Checkpoint
02-03-2019 15:47:37 System Checkpoint
03-03-2019 18:02:56 System Checkpoint
04-03-2019 19:32:35 System Checkpoint
05-03-2019 19:47:48 System Checkpoint
06-03-2019 20:47:46 System Checkpoint
07-03-2019 21:47:51 System Checkpoint
08-03-2019 22:47:48 System Checkpoint
09-03-2019 22:55:50 System Checkpoint
10-03-2019 23:46:18 System Checkpoint
12-03-2019 00:10:00 System Checkpoint
13-03-2019 01:10:04 System Checkpoint
14-03-2019 02:10:02 System Checkpoint
15-03-2019 03:10:06 System Checkpoint
16-03-2019 04:10:03 System Checkpoint
17-03-2019 05:10:07 System Checkpoint
18-03-2019 07:56:19 System Checkpoint
19-03-2019 08:14:16 System Checkpoint
20-03-2019 08:42:38 System Checkpoint
21-03-2019 08:49:49 System Checkpoint
22-03-2019 09:55:22 System Checkpoint
23-03-2019 09:59:28 System Checkpoint
24-03-2019 12:34:40 System Checkpoint
25-03-2019 12:36:29 System Checkpoint

[luzchurch]

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2019 08:15:24 PM) (Source: nview_info) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/25/2019 06:17:40 PM) (Source: nview_info) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/25/2019 04:02:00 PM) (Source: nview_info) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/25/2019 02:50:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ActivationClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ServiceModel.CommunicationObjectAbortedExce ption
Stack:

Server stack trace:
at System.ServiceModel.Channels.HttpInput.WebResponse HttpInput.WebResponseInputStream.Read(Byte[] buffer, Int32 offset, Int32 count)
at System.ServiceModel.Channels.HttpInput.ReadBuffere dMessage(Stream inputStream)
at System.ServiceModel.Channels.HttpInput.ParseIncomi ngMessage(Exception& requestException)
at System.ServiceModel.Channels.HttpChannelFactory.Ht tpRequestChannel.HttpChannelRequest.WaitForReply(T imeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Reques t(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinde r.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(S tring action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.I nvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.I nvoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.HandleRe turnMessage(System.Runtime.Remoting.Messaging.IMes sage, System.Runtime.Remoting.Messaging.IMessage)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateI nvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
at ServiceClient.WAFService.WAFServiceContract.GetMan ualActivationStartDate(System.String)
at ServiceClient.WAFService.WAFServiceContractClient. GetManualActivationStartDate(System.String)
at DynamicClass.(System.Object, System.String)
at ActivationClient.App.Application_Startup(System.Ob ject, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Window s.StartupEventArgs)
at ActivationClient.App.OnStartup(System.Windows.Star tupEventArgs)
at System.Windows.Application.<.ctor>b__1(System.Obje ct)
at System.Windows.Threading.ExceptionWrapper.Internal RealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCat chWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.Invok eImpl()
at System.Windows.Threading.DispatcherOperation.Invok eInSecurityContext(System.Object)
at System.Threading.ExecutionContext.runTryCode(Syste m.Object)
at System.Runtime.CompilerServices.RuntimeHelpers.Exe cuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invok e()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(In tPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation( System.Object)
at System.Windows.Threading.ExceptionWrapper.Internal RealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCat chWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.InvokeImpl(Sys tem.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(Syste m.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl( System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(Syst em.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Ob ject)
at System.Windows.Application.RunInternal(System.Wind ows.Window)
at System.Windows.Application.Run(System.Windows.Wind ow)
at DynamicClass.(System.Object)
at ActivationClient.App.Main()

Error: (03/25/2019 02:46:22 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 activationclient.exe, P2 8.9.951.0, P3 599429ce, P4 system, P5 4.0.0.0, P6 5073c71b, P7 281d, P8 b5, P9 qmrxe1nbkngilzvynzbus0xnp33dumbe, P10 NIL.

Error: (03/25/2019 02:31:15 PM) (Source: nview_info) (EventID: 1) (User: )
Description: Event-ID 1

Error: (03/25/2019 02:25:30 PM) (Source: Userenv) (EventID: 1511) (User: NT AUTHORITY)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/25/2019 02:25:30 PM) (Source: Userenv) (EventID: 1515) (User: NT AUTHORITY)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.


System errors:
=============
Error: (03/25/2019 06:06:39 PM) (Source: DCOM) (EventID: 10000) (User: EMACHINE)
Description: Unable to start a DCOM Server: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}.
The error:
"%"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding4001"
Happened while starting this command:
"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding

Error: (03/25/2019 06:06:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe.
Reference error message: The operation completed successfully.
.

Error: (03/25/2019 06:06:39 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (03/25/2019 06:06:39 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (03/25/2019 04:48:24 PM) (Source: DCOM) (EventID: 10000) (User: EMACHINE)
Description: Unable to start a DCOM Server: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}.
The error:
"%"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding4001"
Happened while starting this command:
"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding

Error: (03/25/2019 04:48:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe.
Reference error message: The operation completed successfully.
.

Error: (03/25/2019 04:48:24 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (03/25/2019 04:48:24 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) Processor 2650e
Percentage of memory in use: 97%
Total physical RAM: 894.42 MB
Available physical RAM: 18.56 MB
Total Virtual: 3423.39 MB
Available Virtual: 1607.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:10.01 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive g: (My Passport) (Fixed) (Total:1397.23 GB) (Free:820.12 GB) NTFS


==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 987E987E)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (Size: 1397.2 GB) (Disk ID: 428A44DB)
Partition 1: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Jintan]

No real terrible bad guys jumping out at me in this. Since XP ended with SP3, what does this do?

Windows XP Service Pack 4 (HKLM\...\Windows XP Service Pack) (Version: 20160308.230000 - Charalampos Kazakos )

Microsoft Security Essentials does not update or monitor on XP any longer, and really could be the issue there. For now, go to Add/Remove Programs and uninstall it, being sure to reboot after.

===============

After the reboot, you need to refresh the WMI, which shows Avast enabled but no hint it's actually installed.

Go to Start - Run, and copy/paste or type the following.

rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf


This will start the process of rebuilding your WMI, which you need for many ongoing operations there.


When you are prompted to locate the files, use the browse button to locate the following. It will at first default to your CD drive, so use the browser to redirect it:

C:\WINDOWS\ServicePackFiles\i386

The repair will take some time to complete. You will get a display popup when done.


Reboot again, then try RogueKiller again.

[luzchurch]

Tom: Your analysis was on the dot. I disconnected the Internet connection and ran Roguekiller and it worked fine. Found 16 suspicious file which I deleted.
Are you also suggesting that I totally uninstall Security Essentials and install Avast antivirus program? Thanks.

[Jintan]

Security Essentials no longer works correctly on XP and Vista. And yes, Avast is one choice that you can use on XP.

One of the things the log shows is it you only have 10% of your hard drive free. This means the things like system restore will stop working if they're under 12%. So you need to delete a lot of files, or move picture files or videos to an external hard drive.