Solved Request help with virus / malware removal

[al davis]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2017
Ran by al (administrator) on XP (18-07-2017 19:40:12)
Running from C:\Documents and Settings\al\Desktop\virus_et_al\July 2017
Loaded Profiles: al (Available Profiles: al & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Microsoft Corporation) C:\PROGRA~1\WINDOW~2\wmplayer.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\eudora_7\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\156_Long_Soothing_Rain.mp3 [2014-11-02] ()
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk [2004-01-10]
ShortcutTarget: alt_mich.com.lnk -> (No File)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2016-10-17]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: [NameServer] 216.234.97.2 216.234.97.3

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-12] (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-08] (Sun Microsystems, Inc.)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://support.microsoft.com/oas/ActiveX/MSDcode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} hxxp://us.chat1.yimg.com/us.yimg.com/I/chat/applet/v45/yacscom.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default [2017-07-18]
FF DefaultSearchEngine: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default -> Bing
FF DefaultSearchEngine.US: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default -> Bing
FF SelectedSearchEngine: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default -> Bing
FF Homepage: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default -> hxxp://www.cloudynights.com/ubbthreads/
hxxp://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
FF Extension: (Adblock Plus) - C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-08] [not signed]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.100 -> C:\Program Files\NOS\bin\np_gp.dll [2011-03-01] (NOS Microsystems Ltd.)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3960577219-1813400529-1317427278-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-20] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-12]
StartMenuInternet: chrome.exe - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [31592 2008-06-26] (NOS Microsystems Ltd.)
S2 helpsvc; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-08] (Sun Microsystems, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2003-07-16] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DIGIRPS; C:\WINDOWS\System32\DRIVERS\digirlpt.sys [152376 2008-07-10] (Digi International Inc.)
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-13] (Symantec Corporation)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2009-10-09] (Logix4u) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2010-05-07] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2009-08-04] (Acronis) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2009-08-04] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2009-08-04] (Acronis) [File not signed]
S3 TVicHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [29536 2006-10-13] (EnTech Taiwan)
R2 tviclpt; C:\WINDOWS\system32\Drivers\tviclpt.sys [15536 2003-03-12] (EnTech Taiwan) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [608128 2011-03-10] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [1038080 2011-03-10] (eMPIA Technology, Inc.)
R1 vcdrom; C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18180 2003-03-14] (ELTIMA Software) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [69932 2003-03-14] (ELTIMA Software) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 19:38 - 2017-07-18 19:40 - 00000000 ____D C:\FRST
2017-07-18 18:41 - 2017-07-18 18:41 - 00000000 ____D C:\WINDOWS\LastGood
2017-07-18 10:15 - 2017-07-18 10:17 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 19:41 - 2016-04-19 00:05 - 00000000 ____D C:\Documents and Settings\al\Local Settings\temp
2017-07-18 19:35 - 2015-03-30 17:59 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-18 19:11 - 2011-02-06 08:41 - 00000000 ____D C:\Documents and Settings\al\Desktop\virus_et_al
2017-07-18 19:10 - 2004-01-03 18:45 - 00009492 _____ C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2017-07-18 18:50 - 2013-04-20 16:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-07-18 16:46 - 2017-02-27 18:45 - 00018468 _____ C:\Documents and Settings\al\Desktop\syslog.txt
2017-07-18 16:45 - 2016-04-21 09:56 - 00002463 _____ C:\Documents and Settings\al\Desktop\Sophos Virus Removal Tool.lnk
2017-07-18 15:19 - 2014-06-14 10:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-18 13:13 - 2015-03-30 17:59 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-07-18 13:13 - 2011-12-02 21:09 - 00000272 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2017-07-18 13:11 - 2004-01-09 06:49 - 00000427 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-07-18 13:10 - 2004-01-03 18:46 - 00032172 _____ C:\WINDOWS\SchedLgU.Txt
2017-07-18 13:10 - 2004-01-03 18:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-18 13:10 - 2004-01-03 18:32 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2017-07-18 13:09 - 2004-01-08 16:03 - 00000278 ___SH C:\Documents and Settings\al\NTUSER.INI
2017-07-18 10:06 - 2016-04-19 00:05 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-18 09:00 - 2017-04-29 20:28 - 00017408 _____ C:\Documents and Settings\al\Desktop\diatom.xls
2017-07-18 09:00 - 2013-08-12 14:25 - 00016077 _____ C:\WINDOWS\al8.xlb
2017-07-18 08:52 - 2016-07-18 13:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-16 22:08 - 2012-07-24 17:53 - 00012208 _____ C:\Documents and Settings\al\Desktop\GP.txt
2017-07-16 13:55 - 2016-10-27 09:06 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2017-07-16 13:31 - 2013-10-06 09:31 - 00009563 _____ C:\Documents and Settings\al\Desktop\Empty.txt
2017-07-15 21:30 - 2004-01-03 18:43 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL
2017-07-10 12:19 - 2011-10-01 19:00 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2017-06-19 21:42 - 2004-09-13 18:43 - 00000000 __SHD C:\WINDOWS\CSC

==================== Files in the root of some directories =======

2006-11-19 09:23 - 2007-02-14 21:25 - 0009871 _____ () C:\Documents and Settings\al\Application Data\Microsoft\2240.dat
2015-05-01 08:16 - 2015-06-11 20:14 - 0005632 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-10 22:08 - 2013-06-23 14:09 - 0004955 _____ () C:\Documents and Settings\All Users\Application Data\gmqvfgar.pta
2012-07-17 15:31 - 2012-07-17 15:31 - 0004983 _____ () C:\Documents and Settings\All Users\Application Data\lomppayd.qfv
2012-02-05 10:33 - 2016-02-25 23:19 - 0001639 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[Broni]

1. Please do NOT create multiple topics.
2. FRST produces two logs. I still need second log.
3. You're not saying what are your computer issues.

 

[al davis]

Problem is : Unexpected external network activity that prevents or greatly slows my online (dialup) activities, it often continues even after my browser (Firefox) is closed. Auto updates all seem to be disabled.



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by al (18-07-2017 19:42:01)
Running from C:\Documents and Settings\al\Desktop\virus_et_al\July 2017
Microsoft Windows XP Professional Service Pack 3 (X86) (2004-02-17 23:44:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3960577219-1813400529-1317427278-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
al (S-1-5-21-3960577219-1813400529-1317427278-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\al
ASPNET (S-1-5-21-3960577219-1813400529-1317427278-1008 - Limited - Enabled)
Guest (S-1-5-21-3960577219-1813400529-1317427278-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-3960577219-1813400529-1317427278-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3960577219-1813400529-1317427278-1002 - Limited - Enabled)
SUPPORT_3f151ab9 (S-1-5-21-3960577219-1813400529-1317427278-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acronis Drive Monitor (HKLM\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image (HKLM\...\{7F129516-73AD-4232-8FD0-C7BC2508B274}) (Version: 9.0.3647 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.100 - NOS Microsystems Ltd.)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Banctec Service Agreement (HKLM\...\{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}) (Version: 1.00.00 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Belkin SOHO Networking Utilities (HKLM\...\{E03969E7-3AFB-4672-8259-991B5F618D5A}) (Version: 1.1 - Belkin Components)
Belkin Wireless Access Point Manager (HKLM\...\{A2284436-0CA3-4880-B8D1-E79E64A46EB3}) (Version: - )
Belkin Wireless Access Point Wizard (HKLM\...\{AE2CD143-49F9-4640-9D4C-4F7A94FC4E71}) (Version: 1.00.0000 - Belkin Corporation)
Brother HL-5340D (HKLM\...\{653F3899-8CC4-43DB-AFD8-E9D829504138}) (Version: 1.00 - Brother)
Canon i250 (HKLM\...\CANONBJ_Deinstall_CNMCP50.DLL) (Version: - )
Cartes du Ciel V3.8 (HKLM\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - )
Celestron MCupdate (HKLM\...\Celestron MCupdate) (Version: 2.2.5 - Celestron)
Chanalyzer 2.1.7 (HKLM\...\{FD736238-55EB-420B-9BFC-B8A9983B21C9}) (Version: 2.1.7 - MetaGeek, LLC)
Core FTP LE 1.3c (HKLM\...\Core FTP LE 1.3c) (Version: - )
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
Dell Networking Guide (HKLM\...\{68D60342-7686-45C9-B8EB-40EF843D0460}) (Version: 1.00.0001 - Dell) Hidden
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.1.0.0 - Dell)
Digi Port Authority - Remote (HKLM\...\Digi Port Authority - Remote) (Version: - )
DS21Patch (HKLM\...\{9B79DCB0-AAD7-456B-8D07-433C936FA24B}) (Version: 1.00.0000 - Dell) Hidden
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Eudora (HKLM\...\{268C1DB7-02FA-45F2-93EC-0D4DDCA91AB8}) (Version: 7.0 - )
ExamDiff Pro 3.4.2 (HKLM\...\ExamDiff Pro_is1) (Version: - PrestoSoft)
G4FON Koch Method Morse Trainer (HKLM\...\G4FON Koch Method Morse Trainer) (Version: - )
getPlus(R) (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.19 - NOS Microsystems Ltd.)
Google Chrome (HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\Google Chrome) (Version: 8.0.552.224 - Google Inc.)
Google Earth (HKLM\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Gears (HKLM\...\{95774351-6087-3A3B-8CA8-70BEE49D2BD5}) (Version: 0.4.24.0 - Google) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.2.183.39 - Google Inc.) Hidden
Help and Support Customization (HKLM\...\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}) (Version: 1.00.0000 - Dell) Hidden
honestechDVR 2.5 (HKLM\...\{C7D1E968-545B-4A37-A714-99E8AE7B2645}) (Version: 2.5 - honestech) Hidden
honestechDVR 2.5 (HKLM\...\{D8410ADD-CB92-46B6-AB7C-AF4907A803A2}) (Version: 2.5 - honestech)
Inssider (HKLM\...\{B5915379-1885-4220-BEB5-A602A368D581}) (Version: 1.0.3 - MetaGeek)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (HKLM\...\{35BDEFF1-A610-4956-A00D-15453C116395}) (Version: 1.00.03 - Dell Inc.) Hidden
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
IZArc 4.1.6 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.3 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 8 Update 92 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Jupiter 2.0.7.1 (HKLM\...\{22C070B6-BEC2-4B4B-8324-08DE6F168B9C}_is1) (Version: - Sylvain Rondi)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
MallinCam Control (HKLM\...\{32091497-B2FA-4091-B733-64A2DC30566C}) (Version: 1.2 - Pro-Com Electronics)
MallinCam Control (HKLM\...\{DF207EA2-675D-47C8-9D51-3F9F14EDAD5F}) (Version: 1.0.0 - Pro-Com Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET Web Matrix (HKLM\...\{DCBE96DF-822C-401C-8DD2-0F3539637ADE}) (Version: 0.6.812.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2004 (HKLM\...\{04410044-9149-45C6-A806-F2BF9CFCE762}) (Version: 2004 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft SAPI 5.1 Voices for Windows XP (HKLM\...\{8F194222-199F-11D6-B163-AA8310157D2E}) (Version: 1.0.0.0 - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 6.0 Professional Edition (HKLM\...\Visual C++ 6.0 Professional Edition) (Version: - )
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140) (HKLM\...\{F434F50E-7614-3EA8-9008-2FB866B697DA}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - )
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSDN Library - Visual Studio 6.0 (HKLM\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\{3A762A82-618D-3CAA-B847-D074ABFA0B2E}) (Version: 9.0.21022 - Microsoft) Hidden
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUSICMATCH® Jukebox (HKLM\...\{45EBDA59-D33B-433A-956E-B2F236468B56}) (Version: - )
NexRemote (HKLM\...\NexRemote) (Version: 1.7.22 - Celestron)
PHD Guiding 1.10.0 (HKLM\...\PHD Guiding_is1) (Version: - Stark Labs)
PHOTOfunSTUDIO (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.000 - Panasonic)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.00.0004 - Dell) Hidden
QuickTime (HKLM\...\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}) (Version: 7.4.5.67 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RSpec Version 1.7 (Build:19) (HKLM\...\{A08319DE-E83E-4B07-B4E5-69F2489D6B45}_is1) (Version: - Field Tested Systems)
SafeZone Stable 1.48.2066.98 (HKLM\...\SafeZone 1.48.2066.98) (Version: 1.48.2066.98 - Avast Software) Hidden
Shockwave (HKLM\...\Shockwave) (Version: - )
SlickEdit 2007 (HKLM\...\{B598851F-6498-48CF-B61F-5074B889773B}) (Version: 12.0.0.0 - SlickEdit Inc.)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
Sonic MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version: - )
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.0 - Sonic Solutions)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
StartupMonitor (HKLM\...\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}) (Version: 1.0.2.0 - Mike Lin)
Stellarium 0.10.4 (HKLM\...\Stellarium_is1) (Version: - )
Timex Trainer (HKLM\...\{96AF99D4-F7E8-4333-AB16-F9F4B91DBFBE}) (Version: 1.0.202 - Timex Corporation)
Update for 2007 Microsoft Office System (KB2284654) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Video/Audio Device Driver (HKLM\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Virtual Moon Atlas Pro 5.0 (HKLM\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
VNC Free Edition 4.1.2 (HKLM\...\RealVNC_is1) (Version: 4.1.2 - RealVNC Ltd.)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.59 - VSO Software)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
Where is M13? version 2.3 (HKLM\...\Where is M13?_is1) (Version: - Think Astronomy)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinJUPOS 10.0.16 (HKLM\...\WinJUPOS 10.0.16_is1) (Version: 10.0.16 - Grischa Hahn, Germany)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden
YouCam (HKLM\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden
YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.131.27\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\MSINET.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\SYSTEM32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D800E6DE-AFD1-4A47-9342-18426F9A50D3}\InprocServer32 -> D:\vs_2008_proj\polygon\polygon\Debug\polygon.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\SYSTEM32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers01: [EDPShell] -> {58549232-7081-4541-882C-767DB238453C} => C:\Program Files\ExamDiff Pro\EDPShell.dll [2005-08-27] (PrestoSoft)
ContextMenuHandlers01: [IZArcCM] -> {BC593DF5-466F-44EC-8FFD-C4DBC603B917} => C:\Program Files\IZArc\IZArcCM.dll [2011-02-28] ()
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
ContextMenuHandlers02: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => -> No File
ContextMenuHandlers02: [QuickFinderMenu] -> {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} => c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL [2003-03-07] (Novell, Inc., c/o Corel Corporation Limited)
ContextMenuHandlers02: [RecordNow! ContextMenuExt] -> {E91B2703-013E-4A99-AD33-2B6FB00AA356} => C:\Program Files\Sonic\RecordNow!\shlext.dll [2003-08-13] (Sonic Solutions)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [IZArcCM] -> {BC593DF5-466F-44EC-8FFD-C4DBC603B917} => C:\Program Files\IZArc\IZArcCM.dll [2011-02-28] ()
ContextMenuHandlers04: [QuickFinderMenu] -> {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} => c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL [2003-03-07] (Novell, Inc., c/o Corel Corporation Limited)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-09-20] (Intel Corporation)
ContextMenuHandlers06: [EDPShell] -> {58549232-7081-4541-882C-767DB238453C} => C:\Program Files\ExamDiff Pro\EDPShell.dll [2005-08-27] (PrestoSoft)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\A l e r t s.job => C:\PROGRA~1\Dell\Support\bin\Support.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1461178139.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\al\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Documents and Settings\al\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\Installer\setup.exe (Google Inc.) -> --uninstall
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008\Visual Studio Tools\Visual Studio 2008 Command Prompt.lnk -> C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) -> /k ""c:\Program Files\Microsoft Visual Studio 9.0\VC\vcvarsall.bat"" x86
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008\Visual Studio Tools\Visual Studio 2008 x64 Cross Tools Command Prompt.lnk -> C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) -> /k ""c:\Program Files\Microsoft Visual Studio 9.0\VC\vcvarsall.bat"" x86_amd64
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Brother\HL-5340D\User's Guides in PDF format.lnk -> C:\Program Files\Brother\BRHL5340\WEBLINK.exe () -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=prn046&LNG=en&SRC=DOC

==================== Loaded Modules (Whitelisted) ==============

2011-06-24 14:51 - 2011-02-28 21:42 - 00652800 _____ () C:\Program Files\IZArc\IZArcCM.dll
2002-12-12 01:14 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2005-08-30 09:14 - 2011-11-03 10:28 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll
2003-05-30 10:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPDE29E40 [208]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\.DEFAULT\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\163.com -> www.163.com
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com

There are 4007 more sites.

 

[al davis]

Problem is : Unexpected external network activity that prevents or greatly slows my online (dialup) activities, it often continues even after my browser (Firefox) is closed. Auto updates all seem to be disabled.



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by al (18-07-2017 19:42:01)
Running from C:\Documents and Settings\al\Desktop\virus_et_al\July 2017
Microsoft Windows XP Professional Service Pack 3 (X86) (2004-02-17 23:44:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3960577219-1813400529-1317427278-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
al (S-1-5-21-3960577219-1813400529-1317427278-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\al
ASPNET (S-1-5-21-3960577219-1813400529-1317427278-1008 - Limited - Enabled)
Guest (S-1-5-21-3960577219-1813400529-1317427278-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-3960577219-1813400529-1317427278-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3960577219-1813400529-1317427278-1002 - Limited - Enabled)
SUPPORT_3f151ab9 (S-1-5-21-3960577219-1813400529-1317427278-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acronis Drive Monitor (HKLM\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image (HKLM\...\{7F129516-73AD-4232-8FD0-C7BC2508B274}) (Version: 9.0.3647 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.100 - NOS Microsystems Ltd.)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Banctec Service Agreement (HKLM\...\{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}) (Version: 1.00.00 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Belkin SOHO Networking Utilities (HKLM\...\{E03969E7-3AFB-4672-8259-991B5F618D5A}) (Version: 1.1 - Belkin Components)
Belkin Wireless Access Point Manager (HKLM\...\{A2284436-0CA3-4880-B8D1-E79E64A46EB3}) (Version: - )
Belkin Wireless Access Point Wizard (HKLM\...\{AE2CD143-49F9-4640-9D4C-4F7A94FC4E71}) (Version: 1.00.0000 - Belkin Corporation)
Brother HL-5340D (HKLM\...\{653F3899-8CC4-43DB-AFD8-E9D829504138}) (Version: 1.00 - Brother)
Canon i250 (HKLM\...\CANONBJ_Deinstall_CNMCP50.DLL) (Version: - )
Cartes du Ciel V3.8 (HKLM\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - )
Celestron MCupdate (HKLM\...\Celestron MCupdate) (Version: 2.2.5 - Celestron)
Chanalyzer 2.1.7 (HKLM\...\{FD736238-55EB-420B-9BFC-B8A9983B21C9}) (Version: 2.1.7 - MetaGeek, LLC)
Core FTP LE 1.3c (HKLM\...\Core FTP LE 1.3c) (Version: - )
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
Dell Networking Guide (HKLM\...\{68D60342-7686-45C9-B8EB-40EF843D0460}) (Version: 1.00.0001 - Dell) Hidden
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.1.0.0 - Dell)
Digi Port Authority - Remote (HKLM\...\Digi Port Authority - Remote) (Version: - )
DS21Patch (HKLM\...\{9B79DCB0-AAD7-456B-8D07-433C936FA24B}) (Version: 1.00.0000 - Dell) Hidden
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Eudora (HKLM\...\{268C1DB7-02FA-45F2-93EC-0D4DDCA91AB8}) (Version: 7.0 - )
ExamDiff Pro 3.4.2 (HKLM\...\ExamDiff Pro_is1) (Version: - PrestoSoft)
G4FON Koch Method Morse Trainer (HKLM\...\G4FON Koch Method Morse Trainer) (Version: - )
getPlus(R) (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.19 - NOS Microsystems Ltd.)
Google Chrome (HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\Google Chrome) (Version: 8.0.552.224 - Google Inc.)
Google Earth (HKLM\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Gears (HKLM\...\{95774351-6087-3A3B-8CA8-70BEE49D2BD5}) (Version: 0.4.24.0 - Google) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.2.183.39 - Google Inc.) Hidden
Help and Support Customization (HKLM\...\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}) (Version: 1.00.0000 - Dell) Hidden
honestechDVR 2.5 (HKLM\...\{C7D1E968-545B-4A37-A714-99E8AE7B2645}) (Version: 2.5 - honestech) Hidden
honestechDVR 2.5 (HKLM\...\{D8410ADD-CB92-46B6-AB7C-AF4907A803A2}) (Version: 2.5 - honestech)
Inssider (HKLM\...\{B5915379-1885-4220-BEB5-A602A368D581}) (Version: 1.0.3 - MetaGeek)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (HKLM\...\{35BDEFF1-A610-4956-A00D-15453C116395}) (Version: 1.00.03 - Dell Inc.) Hidden
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
IZArc 4.1.6 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.3 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 8 Update 92 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Jupiter 2.0.7.1 (HKLM\...\{22C070B6-BEC2-4B4B-8324-08DE6F168B9C}_is1) (Version: - Sylvain Rondi)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
MallinCam Control (HKLM\...\{32091497-B2FA-4091-B733-64A2DC30566C}) (Version: 1.2 - Pro-Com Electronics)
MallinCam Control (HKLM\...\{DF207EA2-675D-47C8-9D51-3F9F14EDAD5F}) (Version: 1.0.0 - Pro-Com Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET Web Matrix (HKLM\...\{DCBE96DF-822C-401C-8DD2-0F3539637ADE}) (Version: 0.6.812.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2004 (HKLM\...\{04410044-9149-45C6-A806-F2BF9CFCE762}) (Version: 2004 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft SAPI 5.1 Voices for Windows XP (HKLM\...\{8F194222-199F-11D6-B163-AA8310157D2E}) (Version: 1.0.0.0 - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 6.0 Professional Edition (HKLM\...\Visual C++ 6.0 Professional Edition) (Version: - )
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140) (HKLM\...\{F434F50E-7614-3EA8-9008-2FB866B697DA}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - )
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSDN Library - Visual Studio 6.0 (HKLM\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\{3A762A82-618D-3CAA-B847-D074ABFA0B2E}) (Version: 9.0.21022 - Microsoft) Hidden
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUSICMATCH® Jukebox (HKLM\...\{45EBDA59-D33B-433A-956E-B2F236468B56}) (Version: - )
NexRemote (HKLM\...\NexRemote) (Version: 1.7.22 - Celestron)
PHD Guiding 1.10.0 (HKLM\...\PHD Guiding_is1) (Version: - Stark Labs)
PHOTOfunSTUDIO (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.000 - Panasonic)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.00.0004 - Dell) Hidden
QuickTime (HKLM\...\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}) (Version: 7.4.5.67 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RSpec Version 1.7 (Build:19) (HKLM\...\{A08319DE-E83E-4B07-B4E5-69F2489D6B45}_is1) (Version: - Field Tested Systems)
SafeZone Stable 1.48.2066.98 (HKLM\...\SafeZone 1.48.2066.98) (Version: 1.48.2066.98 - Avast Software) Hidden
Shockwave (HKLM\...\Shockwave) (Version: - )
SlickEdit 2007 (HKLM\...\{B598851F-6498-48CF-B61F-5074B889773B}) (Version: 12.0.0.0 - SlickEdit Inc.)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
Sonic MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version: - )
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.0 - Sonic Solutions)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
StartupMonitor (HKLM\...\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}) (Version: 1.0.2.0 - Mike Lin)
Stellarium 0.10.4 (HKLM\...\Stellarium_is1) (Version: - )
Timex Trainer (HKLM\...\{96AF99D4-F7E8-4333-AB16-F9F4B91DBFBE}) (Version: 1.0.202 - Timex Corporation)
Update for 2007 Microsoft Office System (KB2284654) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Video/Audio Device Driver (HKLM\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Virtual Moon Atlas Pro 5.0 (HKLM\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
VNC Free Edition 4.1.2 (HKLM\...\RealVNC_is1) (Version: 4.1.2 - RealVNC Ltd.)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.59 - VSO Software)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
Where is M13? version 2.3 (HKLM\...\Where is M13?_is1) (Version: - Think Astronomy)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinJUPOS 10.0.16 (HKLM\...\WinJUPOS 10.0.16_is1) (Version: 10.0.16 - Grischa Hahn, Germany)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden
YouCam (HKLM\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden
YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.131.27\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\MSINET.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\SYSTEM32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D800E6DE-AFD1-4A47-9342-18426F9A50D3}\InprocServer32 -> D:\vs_2008_proj\polygon\polygon\Debug\polygon.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\SYSTEM32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers01: [EDPShell] -> {58549232-7081-4541-882C-767DB238453C} => C:\Program Files\ExamDiff Pro\EDPShell.dll [2005-08-27] (PrestoSoft)
ContextMenuHandlers01: [IZArcCM] -> {BC593DF5-466F-44EC-8FFD-C4DBC603B917} => C:\Program Files\IZArc\IZArcCM.dll [2011-02-28] ()
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
ContextMenuHandlers02: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => -> No File
ContextMenuHandlers02: [QuickFinderMenu] -> {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} => c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL [2003-03-07] (Novell, Inc., c/o Corel Corporation Limited)
ContextMenuHandlers02: [RecordNow! ContextMenuExt] -> {E91B2703-013E-4A99-AD33-2B6FB00AA356} => C:\Program Files\Sonic\RecordNow!\shlext.dll [2003-08-13] (Sonic Solutions)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [IZArcCM] -> {BC593DF5-466F-44EC-8FFD-C4DBC603B917} => C:\Program Files\IZArc\IZArcCM.dll [2011-02-28] ()
ContextMenuHandlers04: [QuickFinderMenu] -> {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} => c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL [2003-03-07] (Novell, Inc., c/o Corel Corporation Limited)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-09-20] (Intel Corporation)
ContextMenuHandlers06: [EDPShell] -> {58549232-7081-4541-882C-767DB238453C} => C:\Program Files\ExamDiff Pro\EDPShell.dll [2005-08-27] (PrestoSoft)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\A l e r t s.job => C:\PROGRA~1\Dell\Support\bin\Support.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1461178139.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\al\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Documents and Settings\al\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\Installer\setup.exe (Google Inc.) -> --uninstall
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008\Visual Studio Tools\Visual Studio 2008 Command Prompt.lnk -> C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) -> /k ""c:\Program Files\Microsoft Visual Studio 9.0\VC\vcvarsall.bat"" x86
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008\Visual Studio Tools\Visual Studio 2008 x64 Cross Tools Command Prompt.lnk -> C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) -> /k ""c:\Program Files\Microsoft Visual Studio 9.0\VC\vcvarsall.bat"" x86_amd64
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Brother\HL-5340D\User's Guides in PDF format.lnk -> C:\Program Files\Brother\BRHL5340\WEBLINK.exe () -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=prn046&LNG=en&SRC=DOC

==================== Loaded Modules (Whitelisted) ==============

2011-06-24 14:51 - 2011-02-28 21:42 - 00652800 _____ () C:\Program Files\IZArc\IZArcCM.dll
2002-12-12 01:14 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2005-08-30 09:14 - 2011-11-03 10:28 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll
2003-05-30 10:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPDE29E40 [208]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\.DEFAULT\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\163.com -> www.163.com
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com

There are 4007 more sites.

 

[al davis]

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4007 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4007 more sites.

IE trusted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\turbotax.com -> hxxps://turbotax.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\171203.com -> 171203.com

There are 4005 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-19 09:19 - 2015-03-26 00:37 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.234.97.2 - 216.234.97.3
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe] => Disabled:Acrobat.com
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabledxpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\al\Desktop\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\RealVNC\VNC4\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3:TCP] => :LocalSubNet:Enabled:e-sys
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabledxpsp2res.dll,-22009

==================== Restore Points =========================

20-04-2017 09:04:14 System Checkpoint
21-04-2017 09:11:06 System Checkpoint
22-04-2017 16:53:09 System Checkpoint
23-04-2017 17:05:08 System Checkpoint
24-04-2017 17:11:06 System Checkpoint
25-04-2017 18:07:34 System Checkpoint
26-04-2017 18:26:01 System Checkpoint
27-04-2017 19:09:44 System Checkpoint
28-04-2017 20:03:46 System Checkpoint
29-04-2017 21:25:53 System Checkpoint
30-04-2017 22:05:14 System Checkpoint
01-05-2017 22:23:17 System Checkpoint
03-05-2017 08:31:06 System Checkpoint
04-05-2017 13:47:25 System Checkpoint
05-05-2017 14:06:50 System Checkpoint
06-05-2017 16:43:30 System Checkpoint
08-05-2017 09:21:47 System Checkpoint
09-05-2017 10:18:58 System Checkpoint
11-05-2017 10:15:11 System Checkpoint
12-05-2017 20:01:34 System Checkpoint
13-05-2017 20:29:25 System Checkpoint
14-05-2017 21:02:31 System Checkpoint
15-05-2017 21:28:21 System Checkpoint
16-05-2017 22:00:45 System Checkpoint
18-05-2017 07:37:47 System Checkpoint
19-05-2017 10:58:59 System Checkpoint
20-05-2017 11:30:30 System Checkpoint
21-05-2017 11:58:08 System Checkpoint
23-05-2017 08:08:20 System Checkpoint
24-05-2017 09:09:03 System Checkpoint
25-05-2017 09:50:16 System Checkpoint
26-05-2017 20:44:01 System Checkpoint
27-05-2017 20:54:01 System Checkpoint
28-05-2017 21:34:25 System Checkpoint
29-05-2017 21:35:25 System Checkpoint
31-05-2017 19:26:56 System Checkpoint
01-06-2017 20:52:48 System Checkpoint
02-06-2017 21:43:36 System Checkpoint
03-06-2017 22:36:08 System Checkpoint
04-06-2017 22:47:03 System Checkpoint
05-06-2017 22:50:07 System Checkpoint
06-06-2017 23:09:12 System Checkpoint
08-06-2017 10:37:58 System Checkpoint
09-06-2017 11:03:44 System Checkpoint
10-06-2017 21:19:19 System Checkpoint
11-06-2017 22:03:54 System Checkpoint
12-06-2017 22:19:59 System Checkpoint
14-06-2017 13:00:18 System Checkpoint
15-06-2017 13:48:28 System Checkpoint
19-06-2017 15:13:15 System Checkpoint
20-06-2017 15:19:55 System Checkpoint
21-06-2017 15:41:52 System Checkpoint
22-06-2017 17:20:44 System Checkpoint
23-06-2017 17:50:13 System Checkpoint
25-06-2017 07:58:37 System Checkpoint
26-06-2017 09:13:31 System Checkpoint
27-06-2017 09:24:45 System Checkpoint
28-06-2017 14:48:47 System Checkpoint
29-06-2017 15:29:20 System Checkpoint
30-06-2017 18:35:45 System Checkpoint
01-07-2017 19:34:42 System Checkpoint
02-07-2017 20:28:47 System Checkpoint
03-07-2017 20:50:25 System Checkpoint
05-07-2017 10:20:57 System Checkpoint
06-07-2017 10:42:59 System Checkpoint
07-07-2017 18:51:32 System Checkpoint
08-07-2017 21:03:22 System Checkpoint
09-07-2017 21:56:36 System Checkpoint
11-07-2017 09:09:34 System Checkpoint
12-07-2017 10:54:32 System Checkpoint
13-07-2017 20:15:41 System Checkpoint
14-07-2017 20:33:46 System Checkpoint
15-07-2017 23:57:27 System Checkpoint
17-07-2017 09:29:54 System Checkpoint
18-07-2017 10:01:28 System Checkpoint
18-07-2017 13:05:38 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 07:41:05 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:38 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/18/2017 07:39:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 18.7.2017.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/19/2016 10:25:13 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/19/2016 10:25:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:09:20 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/18/2016 09:09:18 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (09/18/2016 09:09:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/17/2016 07:15:24 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/17/2016 06:50:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/17/2016 06:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 30%
Total physical RAM: 2557.98 MB
Available physical RAM: 1765.05 MB
Total Virtual: 3173.07 MB
Available Virtual: 2592.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:6.12 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:27.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DBBDF0DD)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 03C16DE5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[al davis]

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4007 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4007 more sites.

IE trusted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\turbotax.com -> hxxps://turbotax.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\171203.com -> 171203.com

There are 4005 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-19 09:19 - 2015-03-26 00:37 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.234.97.2 - 216.234.97.3
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe] => Disabled:Acrobat.com
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabledxpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\al\Desktop\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\RealVNC\VNC4\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3:TCP] => :LocalSubNet:Enabled:e-sys
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabledxpsp2res.dll,-22009

==================== Restore Points =========================

20-04-2017 09:04:14 System Checkpoint
21-04-2017 09:11:06 System Checkpoint
22-04-2017 16:53:09 System Checkpoint
23-04-2017 17:05:08 System Checkpoint
24-04-2017 17:11:06 System Checkpoint
25-04-2017 18:07:34 System Checkpoint
26-04-2017 18:26:01 System Checkpoint
27-04-2017 19:09:44 System Checkpoint
28-04-2017 20:03:46 System Checkpoint
29-04-2017 21:25:53 System Checkpoint
30-04-2017 22:05:14 System Checkpoint
01-05-2017 22:23:17 System Checkpoint
03-05-2017 08:31:06 System Checkpoint
04-05-2017 13:47:25 System Checkpoint
05-05-2017 14:06:50 System Checkpoint
06-05-2017 16:43:30 System Checkpoint
08-05-2017 09:21:47 System Checkpoint
09-05-2017 10:18:58 System Checkpoint
11-05-2017 10:15:11 System Checkpoint
12-05-2017 20:01:34 System Checkpoint
13-05-2017 20:29:25 System Checkpoint
14-05-2017 21:02:31 System Checkpoint
15-05-2017 21:28:21 System Checkpoint
16-05-2017 22:00:45 System Checkpoint
18-05-2017 07:37:47 System Checkpoint
19-05-2017 10:58:59 System Checkpoint
20-05-2017 11:30:30 System Checkpoint
21-05-2017 11:58:08 System Checkpoint
23-05-2017 08:08:20 System Checkpoint
24-05-2017 09:09:03 System Checkpoint
25-05-2017 09:50:16 System Checkpoint
26-05-2017 20:44:01 System Checkpoint
27-05-2017 20:54:01 System Checkpoint
28-05-2017 21:34:25 System Checkpoint
29-05-2017 21:35:25 System Checkpoint
31-05-2017 19:26:56 System Checkpoint
01-06-2017 20:52:48 System Checkpoint
02-06-2017 21:43:36 System Checkpoint
03-06-2017 22:36:08 System Checkpoint
04-06-2017 22:47:03 System Checkpoint
05-06-2017 22:50:07 System Checkpoint
06-06-2017 23:09:12 System Checkpoint
08-06-2017 10:37:58 System Checkpoint
09-06-2017 11:03:44 System Checkpoint
10-06-2017 21:19:19 System Checkpoint
11-06-2017 22:03:54 System Checkpoint
12-06-2017 22:19:59 System Checkpoint
14-06-2017 13:00:18 System Checkpoint
15-06-2017 13:48:28 System Checkpoint
19-06-2017 15:13:15 System Checkpoint
20-06-2017 15:19:55 System Checkpoint
21-06-2017 15:41:52 System Checkpoint
22-06-2017 17:20:44 System Checkpoint
23-06-2017 17:50:13 System Checkpoint
25-06-2017 07:58:37 System Checkpoint
26-06-2017 09:13:31 System Checkpoint
27-06-2017 09:24:45 System Checkpoint
28-06-2017 14:48:47 System Checkpoint
29-06-2017 15:29:20 System Checkpoint
30-06-2017 18:35:45 System Checkpoint
01-07-2017 19:34:42 System Checkpoint
02-07-2017 20:28:47 System Checkpoint
03-07-2017 20:50:25 System Checkpoint
05-07-2017 10:20:57 System Checkpoint
06-07-2017 10:42:59 System Checkpoint
07-07-2017 18:51:32 System Checkpoint
08-07-2017 21:03:22 System Checkpoint
09-07-2017 21:56:36 System Checkpoint
11-07-2017 09:09:34 System Checkpoint
12-07-2017 10:54:32 System Checkpoint
13-07-2017 20:15:41 System Checkpoint
14-07-2017 20:33:46 System Checkpoint
15-07-2017 23:57:27 System Checkpoint
17-07-2017 09:29:54 System Checkpoint
18-07-2017 10:01:28 System Checkpoint
18-07-2017 13:05:38 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 07:41:05 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:38 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/18/2017 07:39:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 18.7.2017.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/19/2016 10:25:13 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/19/2016 10:25:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:09:20 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/18/2016 09:09:18 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (09/18/2016 09:09:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/17/2016 07:15:24 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/17/2016 06:50:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/17/2016 06:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 30%
Total physical RAM: 2557.98 MB
Available physical RAM: 1765.05 MB
Total Virtual: 3173.07 MB
Available Virtual: 2592.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:6.12 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:27.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DBBDF0DD)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 03C16DE5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[al davis]

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4007 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4007 more sites.

IE trusted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\turbotax.com -> hxxps://turbotax.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\171203.com -> 171203.com

There are 4005 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-19 09:19 - 2015-03-26 00:37 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.234.97.2 - 216.234.97.3
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe] => Disabled:Acrobat.com
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabledxpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\al\Desktop\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\RealVNC\VNC4\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3:TCP] => :LocalSubNet:Enabled:e-sys
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabledxpsp2res.dll,-22009

==================== Restore Points =========================

20-04-2017 09:04:14 System Checkpoint
21-04-2017 09:11:06 System Checkpoint
22-04-2017 16:53:09 System Checkpoint
23-04-2017 17:05:08 System Checkpoint
24-04-2017 17:11:06 System Checkpoint
25-04-2017 18:07:34 System Checkpoint
26-04-2017 18:26:01 System Checkpoint
27-04-2017 19:09:44 System Checkpoint
28-04-2017 20:03:46 System Checkpoint
29-04-2017 21:25:53 System Checkpoint
30-04-2017 22:05:14 System Checkpoint
01-05-2017 22:23:17 System Checkpoint
03-05-2017 08:31:06 System Checkpoint
04-05-2017 13:47:25 System Checkpoint
05-05-2017 14:06:50 System Checkpoint
06-05-2017 16:43:30 System Checkpoint
08-05-2017 09:21:47 System Checkpoint
09-05-2017 10:18:58 System Checkpoint
11-05-2017 10:15:11 System Checkpoint
12-05-2017 20:01:34 System Checkpoint
13-05-2017 20:29:25 System Checkpoint
14-05-2017 21:02:31 System Checkpoint
15-05-2017 21:28:21 System Checkpoint
16-05-2017 22:00:45 System Checkpoint
18-05-2017 07:37:47 System Checkpoint
19-05-2017 10:58:59 System Checkpoint
20-05-2017 11:30:30 System Checkpoint
21-05-2017 11:58:08 System Checkpoint
23-05-2017 08:08:20 System Checkpoint
24-05-2017 09:09:03 System Checkpoint
25-05-2017 09:50:16 System Checkpoint
26-05-2017 20:44:01 System Checkpoint
27-05-2017 20:54:01 System Checkpoint
28-05-2017 21:34:25 System Checkpoint
29-05-2017 21:35:25 System Checkpoint
31-05-2017 19:26:56 System Checkpoint
01-06-2017 20:52:48 System Checkpoint
02-06-2017 21:43:36 System Checkpoint
03-06-2017 22:36:08 System Checkpoint
04-06-2017 22:47:03 System Checkpoint
05-06-2017 22:50:07 System Checkpoint
06-06-2017 23:09:12 System Checkpoint
08-06-2017 10:37:58 System Checkpoint
09-06-2017 11:03:44 System Checkpoint
10-06-2017 21:19:19 System Checkpoint
11-06-2017 22:03:54 System Checkpoint
12-06-2017 22:19:59 System Checkpoint
14-06-2017 13:00:18 System Checkpoint
15-06-2017 13:48:28 System Checkpoint
19-06-2017 15:13:15 System Checkpoint
20-06-2017 15:19:55 System Checkpoint
21-06-2017 15:41:52 System Checkpoint
22-06-2017 17:20:44 System Checkpoint
23-06-2017 17:50:13 System Checkpoint
25-06-2017 07:58:37 System Checkpoint
26-06-2017 09:13:31 System Checkpoint
27-06-2017 09:24:45 System Checkpoint
28-06-2017 14:48:47 System Checkpoint
29-06-2017 15:29:20 System Checkpoint
30-06-2017 18:35:45 System Checkpoint
01-07-2017 19:34:42 System Checkpoint
02-07-2017 20:28:47 System Checkpoint
03-07-2017 20:50:25 System Checkpoint
05-07-2017 10:20:57 System Checkpoint
06-07-2017 10:42:59 System Checkpoint
07-07-2017 18:51:32 System Checkpoint
08-07-2017 21:03:22 System Checkpoint
09-07-2017 21:56:36 System Checkpoint
11-07-2017 09:09:34 System Checkpoint
12-07-2017 10:54:32 System Checkpoint
13-07-2017 20:15:41 System Checkpoint
14-07-2017 20:33:46 System Checkpoint
15-07-2017 23:57:27 System Checkpoint
17-07-2017 09:29:54 System Checkpoint
18-07-2017 10:01:28 System Checkpoint
18-07-2017 13:05:38 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 07:41:05 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:38 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/18/2017 07:39:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 18.7.2017.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/19/2016 10:25:13 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/19/2016 10:25:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:09:20 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/18/2016 09:09:18 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (09/18/2016 09:09:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/17/2016 07:15:24 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/17/2016 06:50:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/17/2016 06:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 30%
Total physical RAM: 2557.98 MB
Available physical RAM: 1765.05 MB
Total Virtual: 3173.07 MB
Available Virtual: 2592.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:6.12 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:27.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DBBDF0DD)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 03C16DE5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[al davis]

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4007 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4007 more sites.

IE trusted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\turbotax.com -> hxxps://turbotax.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\171203.com -> 171203.com

There are 4005 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-19 09:19 - 2015-03-26 00:37 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.234.97.2 - 216.234.97.3
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe] => Disabled:Acrobat.com
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabledxpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\al\Desktop\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\RealVNC\VNC4\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3:TCP] => :LocalSubNet:Enabled:e-sys
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabledxpsp2res.dll,-22009

==================== Restore Points =========================

20-04-2017 09:04:14 System Checkpoint
21-04-2017 09:11:06 System Checkpoint
22-04-2017 16:53:09 System Checkpoint
23-04-2017 17:05:08 System Checkpoint
24-04-2017 17:11:06 System Checkpoint
25-04-2017 18:07:34 System Checkpoint
26-04-2017 18:26:01 System Checkpoint
27-04-2017 19:09:44 System Checkpoint
28-04-2017 20:03:46 System Checkpoint
29-04-2017 21:25:53 System Checkpoint
30-04-2017 22:05:14 System Checkpoint
01-05-2017 22:23:17 System Checkpoint
03-05-2017 08:31:06 System Checkpoint
04-05-2017 13:47:25 System Checkpoint
05-05-2017 14:06:50 System Checkpoint
06-05-2017 16:43:30 System Checkpoint
08-05-2017 09:21:47 System Checkpoint
09-05-2017 10:18:58 System Checkpoint
11-05-2017 10:15:11 System Checkpoint
12-05-2017 20:01:34 System Checkpoint
13-05-2017 20:29:25 System Checkpoint
14-05-2017 21:02:31 System Checkpoint
15-05-2017 21:28:21 System Checkpoint
16-05-2017 22:00:45 System Checkpoint
18-05-2017 07:37:47 System Checkpoint
19-05-2017 10:58:59 System Checkpoint
20-05-2017 11:30:30 System Checkpoint
21-05-2017 11:58:08 System Checkpoint
23-05-2017 08:08:20 System Checkpoint
24-05-2017 09:09:03 System Checkpoint
25-05-2017 09:50:16 System Checkpoint
26-05-2017 20:44:01 System Checkpoint
27-05-2017 20:54:01 System Checkpoint
28-05-2017 21:34:25 System Checkpoint
29-05-2017 21:35:25 System Checkpoint
31-05-2017 19:26:56 System Checkpoint
01-06-2017 20:52:48 System Checkpoint
02-06-2017 21:43:36 System Checkpoint
03-06-2017 22:36:08 System Checkpoint
04-06-2017 22:47:03 System Checkpoint
05-06-2017 22:50:07 System Checkpoint
06-06-2017 23:09:12 System Checkpoint
08-06-2017 10:37:58 System Checkpoint
09-06-2017 11:03:44 System Checkpoint
10-06-2017 21:19:19 System Checkpoint
11-06-2017 22:03:54 System Checkpoint
12-06-2017 22:19:59 System Checkpoint
14-06-2017 13:00:18 System Checkpoint
15-06-2017 13:48:28 System Checkpoint
19-06-2017 15:13:15 System Checkpoint
20-06-2017 15:19:55 System Checkpoint
21-06-2017 15:41:52 System Checkpoint
22-06-2017 17:20:44 System Checkpoint
23-06-2017 17:50:13 System Checkpoint
25-06-2017 07:58:37 System Checkpoint
26-06-2017 09:13:31 System Checkpoint
27-06-2017 09:24:45 System Checkpoint
28-06-2017 14:48:47 System Checkpoint
29-06-2017 15:29:20 System Checkpoint
30-06-2017 18:35:45 System Checkpoint
01-07-2017 19:34:42 System Checkpoint
02-07-2017 20:28:47 System Checkpoint
03-07-2017 20:50:25 System Checkpoint
05-07-2017 10:20:57 System Checkpoint
06-07-2017 10:42:59 System Checkpoint
07-07-2017 18:51:32 System Checkpoint
08-07-2017 21:03:22 System Checkpoint
09-07-2017 21:56:36 System Checkpoint
11-07-2017 09:09:34 System Checkpoint
12-07-2017 10:54:32 System Checkpoint
13-07-2017 20:15:41 System Checkpoint
14-07-2017 20:33:46 System Checkpoint
15-07-2017 23:57:27 System Checkpoint
17-07-2017 09:29:54 System Checkpoint
18-07-2017 10:01:28 System Checkpoint
18-07-2017 13:05:38 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 07:41:05 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:38 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/18/2017 07:39:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 18.7.2017.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/19/2016 10:25:13 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/19/2016 10:25:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:09:20 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/18/2016 09:09:18 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (09/18/2016 09:09:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/17/2016 07:15:24 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/17/2016 06:50:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/17/2016 06:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 30%
Total physical RAM: 2557.98 MB
Available physical RAM: 1765.05 MB
Total Virtual: 3173.07 MB
Available Virtual: 2592.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:6.12 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:27.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DBBDF0DD)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 03C16DE5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Judging from your Event Viewer errors it looks to me like some network issue but we can run some checks.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[al davis]

RogueKiller V12.11.7.0 [Jul 17 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : al [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 07/20/2017 00:21:04 (Duration : 01:03:06)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{41695A8E-6414-11D4-8FB3-00D0B7730277} (C:\DOCUME~1\al\LOCALS~1\Temp\WZS128.tmp\asw.dll) -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dell4me.com/myway -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dell4me.com/myway -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] nkz4233i.default : user_pref("browser.startup.homepage", "http://www.cloudynights.com/ubbthreads/|http://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat="); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800JB-00CRA1 +++++
--- User ---
[MBR] a424273e389a5f925dec8ec317922d71
[BSP] df181a316d055118222264dc4b433ad1 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64260 | Size: 76253 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1200BB-00FTA0 +++++
--- User ---
[MBR] 268c12ab46afff633d4da4dbb3ed03da
[BSP] 7547572e5dd6ae04acec92eb483c3008 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 114470 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK




Note that Rouguekiller did not act exactly the same as you instructions said. At the end there was a report of 4 threats and a chance to select each. No 'delete' but a 'remove selected' I see each in the report file, I have removed none.

 

[al davis]

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/20/2017 10:37:23 AM, SYSTEM, XP, Manual, IP Database, 2017.7.18.3, 2017.7.19.2,
Update, 7/20/2017 10:38:24 AM, SYSTEM, XP, Manual, Malware Database, 2017.7.18.10, 2017.7.20.3,
Update, 7/20/2017 10:38:27 AM, SYSTEM, XP, Manual, Domain Database, 2017.7.18.9, 2017.7.20.1,
Scan, 7/20/2017 11:06:13 AM, SYSTEM, XP, Manual, Start:7/20/2017 10:38:28 AM, Duration:27 min 44 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

 

[al davis]

Having a lot of failures trying to download adwcleaner. Still trying.

 

[al davis]

The downloaded adwcleaner won't run, reports 'not a valid win32 application'. 3 downloads from 3 separate sites and tried on 2 different computers.

 

[al davis]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by al (Administrator) on Thu 07/20/2017 at 20:37:08.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/20/2017 at 20:39:31.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

MBAM log is incorrect.
I need "scan" log not "update log.

 

[al davis]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/20/2017
Scan Time: 10:44:23 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.07.21.01
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: al

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325166
Time Elapsed: 29 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[al davis]

Note that ComboFix reported Avast Antivirus was running. I removed that antivirus from this machine several years ago. Today I checked and don't see any sign of it being loaded.


ComboFix 17-07-07.01 - al 07/23/2017 13:17:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2141 [GMT -5:00]
Running from: c:\documents and settings\al\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2017-06-23 to 2017-07-23 )))))))))))))))))))))))))))))))
.
.
2017-07-20 05:20 . 2017-07-20 13:02 -------- d-----w- c:\program files\RogueKiller
2017-07-19 00:38 . 2017-07-19 00:46 -------- d-----w- C:\FRST
2017-07-18 15:15 . 2017-07-18 15:17 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-21 03:41 . 2014-06-14 15:17 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-20 05:21 . 2015-03-25 23:59 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\al\Start Menu\Programs\Startup\
156_Long_Soothing_Rain.mp3 [2014-11-2 9687935]
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2016-7-18 392136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\eudora_7\EuShlExt.dll" [2005-08-09 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\al\\Desktop\\winvnc4.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\SYSTEM32\DRIVERS\VCdRom.sys [11/24/2008 4:41 PM 8576]
R2 DriverX;DriverX;c:\windows\SYSTEM32\DRIVERS\driverx.sys [2/19/2011 4:42 PM 52512]
R2 tviclpt;tviclpt;c:\windows\SYSTEM32\DRIVERS\tviclpt.SYS [10/9/2009 8:28 PM 15536]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\SYSTEM32\DRIVERS\clwvd.sys [6/14/2012 10:23 PM 27760]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\SYSTEM32\DRIVERS\evsbc.sys [7/2/2012 1:25 PM 27904]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\SYSTEM32\DRIVERS\ssudbus.sys [10/18/2011 2:43 AM 78136]
S3 DIGIRPS;Digi RealPort Driver;c:\windows\SYSTEM32\DRIVERS\digirlpt.sys [10/2/2009 6:40 PM 152376]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\SYSTEM32\DRIVERS\evserial.sys [7/2/2012 1:26 PM 53888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\MBAMSwissArmy.sys [6/14/2014 10:17 AM 170200]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 11:41 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2017-03-08 c:\windows\Tasks\A l e r t s.job
- c:\progra~1\Dell\Support\bin\Support.exe [2004-05-28 01:06]
.
2017-07-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2017-07-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: NameServer = 216.234.97.2 216.234.97.3
FF - ProfilePath - c:\documents and settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.cloudynights.com/ubbthreads/|http://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
c:\documents and settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk - (no file)
AddRemove-SafeZone 1.48.2066.98 - c:\program files\AVAST Software\SZBrowser\Launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-23 13:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-842925246-854245398-500_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"ThreadingModel"="Both"
@="oleaut32.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\EnableFullPage]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ProgID]
@DACL=(02 0000)
@="QuickTime.QuickTime.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\Program Files\\QuickTime\\QTPlugin.ocx, 102"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\TreatAs]
@DACL=(02 0000)
@="{4063BE15-3B08-470D-A0D5-B37161CFFD69}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\TypeLib]
@DACL=(02 0000)
@="{02BF25D2-8C17-4B23-BC80-D3488ABDDC6B}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\Version]
@DACL=(02 0000)
@="9.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\VersionIndependentProgID]
@DACL=(02 0000)
@="QuickTime.QuickTime"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{006DBFD6-8200-4005-B855-2A87007EAAEC}]
@DACL=(02 0000)
"FriendlyName"="Sonic Scaler"
"CLSID"="{006DBFD6-8200-4005-B855-2A87007EAAEC}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{0F070130-EE38-4847-9807-0D4234130F65}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) DV Video Decoder"
"CLSID"="{0F070130-EE38-4847-9807-0D4234130F65}"
"FilterData"=hex:02,00,00,00,00,00,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{0F070131-EE38-4847-9807-0D4234130F65}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) DV Video Encoder"
"CLSID"="{0F070131-EE38-4847-9807-0D4234130F65}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Indeo® video 5.10 Compression Filter"
"CLSID"="{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{26C48DC0-F148-4A70-B252-3F8AE0188EBF}]
@DACL=(02 0000)
"FriendlyName"="Sonic DirectShow Tap"
"CLSID"="{26C48DC0-F148-4A70-B252-3F8AE0188EBF}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{30355649-0000-0010-8000-00AA00389B71}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Indeo® video 5.10 Decompression Filter"
"CLSID"="{30355649-0000-0010-8000-00AA00389B71}"
"FilterData"=hex:02,00,00,00,00,00,64,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{355460E6-0AB9-4A96-80CE-E94E6B08371A}]
@DACL=(02 0000)
"FriendlyName"="CyberLink Video Regulator"
"CLSID"="{355460E6-0AB9-4A96-80CE-E94E6B08371A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{3C931142-245B-4A79-ABC3-044E287BB468}]
@DACL=(02 0000)
"FriendlyName"="Sonic MPEG Audio Decoder"
"CLSID"="{3C931142-245B-4A79-ABC3-044E287BB468}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{429075DD-2586-4B9B-A752-F5E6066A9659}]
@DACL=(02 0000)
"FriendlyName"="RTStreamSink"
"CLSID"="{429075DD-2586-4B9B-A752-F5E6066A9659}"
"FilterData"=hex:02,00,00,00,00,00,20,00,01,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{433C8453-95E7-4DCF-85A7-5EA9EF6138D7}]
@DACL=(02 0000)
"FriendlyName"="CyberLink SlideShowLT Source Filter"
"CLSID"="{433C8453-95E7-4DCF-85A7-5EA9EF6138D7}"
"FilterData"=hex:02,00,00,00,00,00,20,00,01,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,07,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{5167AA69-104F-4E5D-B825-4CB35A0FFE5C}]
@DACL=(02 0000)
"FriendlyName"="Sonic Field Switch"
"CLSID"="{5167AA69-104F-4E5D-B825-4CB35A0FFE5C}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{5687A7E0-8416-43BA-9D6B-BDA23C2A6AC0}]
@DACL=(02 0000)
"FriendlyName"="Sonic RT Stream Source Filter"
"CLSID"="{5687A7E0-8416-43BA-9D6B-BDA23C2A6AC0}"
"FilterData"=hex:02,00,00,00,00,00,40,00,01,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{5B2729F6-6422-48D5-A1F1-792AC5AFB787}]
@DACL=(02 0000)
"FriendlyName"="Sonic DVD LPCM Converter"
"CLSID"="{5B2729F6-6422-48D5-A1F1-792AC5AFB787}"
"FilterData"=hex:02,00,00,00,00,00,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{78B3BF50-2CC6-4F17-B901-CD20F1B86F0A}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) MPEG Encoder"
"CLSID"="{78B3BF50-2CC6-4F17-B901-CD20F1B86F0A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,03,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,07,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{78B3BF60-2CC6-4F17-B901-CD20F1B86F0A}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) MPEG Video Encoder"
"CLSID"="{78B3BF60-2CC6-4F17-B901-CD20F1B86F0A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{78B3BF70-2CC6-4F17-B901-CD20F1B86F0A}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) MPEG Audio Encoder"
"CLSID"="{78B3BF70-2CC6-4F17-B901-CD20F1B86F0A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{8CBF5440-6E08-4360-86F8-25A1023BC64B}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) Sample Buffer Filter"
"CLSID"="{8CBF5440-6E08-4360-86F8-25A1023BC64B}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{998F5F68-9134-4D96-BC12-075A63D5CF3B}]
@DACL=(02 0000)
"FriendlyName"="Sonic MPEG Video Decoder"
"CLSID"="{998F5F68-9134-4D96-BC12-075A63D5CF3B}"
"FilterData"=hex:02,00,00,00,00,00,20,00,03,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{9B4D5C8B-9DEA-4A6D-B9A3-D30609A6FA76}]
@DACL=(02 0000)
"FriendlyName"="Sonic Audio SRC"
"CLSID"="{9B4D5C8B-9DEA-4A6D-B9A3-D30609A6FA76}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{9E3D6AF0-4CFC-4968-867E-0560E9ECF440}]
@DACL=(02 0000)
"FriendlyName"="Sonic Audio Offset Filter"
"CLSID"="{9E3D6AF0-4CFC-4968-867E-0560E9ECF440}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{B0CB5CC5-20E9-4E10-85AE-29DF83851EED}]
@DACL=(02 0000)
"FriendlyName"="Sonic Rainbow Fix"
"CLSID"="{B0CB5CC5-20E9-4E10-85AE-29DF83851EED}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Indeo® audio software"
"CLSID"="{B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}"
"FilterData"=hex:02,00,00,00,00,00,50,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{B98F8EC0-8EA6-49C9-9CD3-1533EE96608F}]
@DACL=(02 0000)
"FriendlyName"="Sonic File Writer"
"CLSID"="{B98F8EC0-8EA6-49C9-9CD3-1533EE96608F}"
"FilterData"=hex:02,00,00,00,00,00,20,00,01,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{BFD83B80-CF57-11D3-98A9-0080C84E9C36}]
@DACL=(02 0000)
"FriendlyName"="CyberLink DxVA Filter"
"CLSID"="{BFD83B80-CF57-11D3-98A9-0080C84E9C36}"
"FilterData"=hex:02,00,00,00,00,00,20,00,03,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DE11A24D-8151-478F-9AB2-400EEAAFACC7}]
@DACL=(02 0000)
"FriendlyName"="CyberLink Line21 Decoder Filter for Dell"
"CLSID"="{DE11A24D-8151-478F-9AB2-400EEAAFACC7}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DE11B780-85E3-11D2-98D0-0080C84E9C39}]
@DACL=(02 0000)
"FriendlyName"="CyberLink Audio Decoder for Dell"
"CLSID"="{DE11B780-85E3-11D2-98D0-0080C84E9C39}"
"FilterData"=hex:02,00,00,00,00,10,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DE11B781-85E3-11D2-98D0-0080C84E9C39}]
@DACL=(02 0000)
"FriendlyName"="CyberLink Video/SP Decoder for Dell"
"CLSID"="{DE11B781-85E3-11D2-98D0-0080C84E9C39}"
"FilterData"=hex:02,00,00,00,00,00,60,00,05,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DE11F9E1-0360-11D5-8F2A-0080C84E9C39}]
@DACL=(02 0000)
"FriendlyName"="CyberLink DVD Navigator for Dell"
"CLSID"="{DE11F9E1-0360-11D5-8F2A-0080C84E9C39}"
"FilterData"=hex:02,00,00,00,00,00,60,00,03,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DF5B1476-5C72-42BA-98DD-AFA6A812A3B3}]
@DACL=(02 0000)
"FriendlyName"="Sonic MPEG Splitter"
"CLSID"="{DF5B1476-5C72-42BA-98DD-AFA6A812A3B3}"
"FilterData"=hex:02,00,00,00,00,00,20,00,03,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E8CD8569-18C4-4EF3-9A4B-F44E3D0CEF6F}]
@DACL=(02 0000)
"FriendlyName"="Sonic DV Scene Detector"
"CLSID"="{E8CD8569-18C4-4EF3-9A4B-F44E3D0CEF6F}"
"FilterData"=hex:02,00,00,00,00,00,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{F2B5F793-C1B7-409F-8940-79BEA54F76D3}]
@DACL=(02 0000)
"FriendlyName"="Sonic Video Performance Monitor"
"CLSID"="{F2B5F793-C1B7-409F-8940-79BEA54F76D3}"
"FilterData"=hex:02,00,00,00,00,00,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{F3B9ED5F-53E2-4DCC-AA53-55DAE6337151}]
@DACL=(02 0000)
"FriendlyName"="Sonic SP Video Renderer"
"CLSID"="{F3B9ED5F-53E2-4DCC-AA53-55DAE6337151}"
"FilterData"=hex:02,00,00,00,00,00,20,00,01,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\ProgID]
@DACL=(02 0000)
@="StWebImage.Street Technologies ActiveX Control.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\WINDOWS\\occache\\iestm32.dll, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\TypeLib]
@DACL=(02 0000)
@="{0B72CCA1-5F11-11D0-9CB5-0000C0EC9FDB}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\VersionIndependentProgID]
@DACL=(02 0000)
@="StWebImage.Street Technologies ActiveX Control"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}\ProgID]
@DACL=(02 0000)
@="MMRadioEngine.RadioEngineObj.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}\TypeLib]
@DACL=(02 0000)
@="{0C5D39A3-460B-11D4-ADE1-0050DACD3DB9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}\VersionIndependentProgID]
@DACL=(02 0000)
@="MMRadioEngine.RadioEngineObj"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\PersistentHandler]
@DACL=(02 0000)
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0D458BE8-D99D-11D3-A92B-00105A088FAC}\ProgID]
@DACL=(02 0000)
@SACL=
@="Setup.SetupKernelWrapper.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0D458BE8-D99D-11D3-A92B-00105A088FAC}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="Setup.SetupKernelWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{119FA07A-79F0-41FC-99F8-B14151E63EDC}\ProgID]
@DACL=(02 0000)
@="NIC_CDM_Prov.ProviderImp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{119FA07A-79F0-41FC-99F8-B14151E63EDC}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{119FA07A-79F0-41FC-99F8-B14151E63EDC}\TypeLib]
@DACL=(02 0000)
@="{15C3C77C-1811-4099-917B-5E2AA94DA31C}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{119FA07A-79F0-41FC-99F8-B14151E63EDC}\VersionIndependentProgID]
@DACL=(02 0000)
@="NIC_CDM_Prov.ProviderImp"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11C5C73B-66E9-4BA1-A0BA-E814C6EED92D}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureNoiseSuppressDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11C5C73B-66E9-4BA1-A0BA-E814C6EED92D}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureNoiseSuppressDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\EnableFullPage]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ProgID]
@DACL=(02 0000)
@="SWCtl.SWCtl.8.5.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\WINDOWS\\System32\\Macromed\\Shockwave 8\\Control.dll, 203"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\TypeLib]
@DACL=(02 0000)
@="{166B1BC7-3F9C-11CF-8075-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\VersionIndependentProgID]
@DACL=(02 0000)
@="SWCtl.SWCtl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}\ProgID]
@DACL=(02 0000)
@="Sb.SuperBuddy.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}\TypeLib]
@DACL=(02 0000)
@="{39DC8E5F-A573-4D58-8A13-6877A3B672EA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}\VersionIndependentProgID]
@DACL=(02 0000)
@="Sb.SuperBuddy"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C22C56D-9879-4F5B-A389-27996DDC2810}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAecDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C22C56D-9879-4F5B-A389-27996DDC2810}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAecDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1EE523DC-6504-452A-900D-199B51708EC9}\ProgID]
@DACL=(02 0000)
@="TDMEngine.moTDMEngine.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1EE523DC-6504-452A-900D-199B51708EC9}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1EE523DC-6504-452A-900D-199B51708EC9}\TypeLib]
@DACL=(02 0000)
@="{92141DDC-D299-4399-97F0-28EF338F5DFF}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1EE523DC-6504-452A-900D-199B51708EC9}\VersionIndependentProgID]
@DACL=(02 0000)
@="TDMEngine.moTDMEngine"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\ProgID]
@DACL=(02 0000)
@="Setup.LogServices.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\VersionIndependentProgID]
@DACL=(02 0000)
@="Setup.LogServices"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\ProgID]
@DACL=(02 0000)
@="SLIDER.MMJBSliderCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mmjbctrl.ocx, 4"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\TypeLib]
@DACL=(02 0000)
@="{6B58B5D9-7405-11D2-8F58-00E02916007D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@DACL=(02 0000)
@SACL=
@=expand:"c:\\dell\\dellcirc.ico"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\ProgID]
@DACL=(02 0000)
@="MMFWCTRL.SpaceBarCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\MMFWCtrl.ocx, 2"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\TypeLib]
@DACL=(02 0000)
@="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AF30D99-133E-421F-895A-150C432F46AC}\ProgID]
@DACL=(02 0000)
@="mmtask.MMAutoPlay.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AF30D99-133E-421F-895A-150C432F46AC}\TypeLib]
@DACL=(02 0000)
@="{C247746F-F717-42C5-A739-E5E3F9A136D9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AF30D99-133E-421F-895A-150C432F46AC}\VersionIndependentProgID]
@DACL=(02 0000)
@="mmtask.MMAutoPlay"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EDF172F-3DBA-41C0-996B-32815E890963}\ProgID]
@DACL=(02 0000)
@="Core.NcsCoreImp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EDF172F-3DBA-41C0-996B-32815E890963}\TypeLib]
@DACL=(02 0000)
@="{4116AE6F-C376-42E7-9E15-EE109055FC8E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EDF172F-3DBA-41C0-996B-32815E890963}\VersionIndependentProgID]
@DACL=(02 0000)
@="Core.NcsCoreImp"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{31345649-0000-0010-8000-00AA00389B71}\Pins]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo® video 5.10 Compression Filter]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Indeo® video 5.10 Compression Filter"
"CLSID"="{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}"
"FilterData"=hex:02,00,00,00,00,00,10,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
"EncoderType"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MainConcept (Sonic) MPEG Video Encoder]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) MPEG Video Encoder"
"CLSID"="{78B3BF60-2CC6-4F17-B901-CD20F1B86F0A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{33D9A761-90C8-11d0-BD43-00A0C911CE86}\Instance]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{381465E7-7410-4E43-8258-963AFF838968}\ProgID]
@DACL=(02 0000)
@="mmlicmgr.LicenseManagerFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{381465E7-7410-4E43-8258-963AFF838968}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{381465E7-7410-4E43-8258-963AFF838968}\TypeLib]
@DACL=(02 0000)
@="{2316B3B3-9AA8-4184-9C93-D927D74396B4}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{381465E7-7410-4E43-8258-963AFF838968}\VersionIndependentProgID]
@DACL=(02 0000)
@="mmlicmgr.LicenseManagerFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3B2B6775-70B6-45AF-8DEA-A209C69559F3}\ProgID]
@DACL=(02 0000)
@="DirectPlay8Lobby.LobbyClient.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3B2B6775-70B6-45AF-8DEA-A209C69559F3}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8Lobby.LobbyClient"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}\ProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDAPHandler.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}\TypeLib]
@DACL=(02 0000)
@="{CD999ADC-7B89-4D10-815A-82A39D6EA09E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDAPHandler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A5F7D-7908-4E59-B2DA-216D42B692B0}\ProgID]
@DACL=(02 0000)
@="CDFeatureRRObject.CDFeatureRR.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A5F7D-7908-4E59-B2DA-216D42B692B0}\TypeLib]
@DACL=(02 0000)
@="{51076341-C7DE-4745-9E02-E36E34FCCC56}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A5F7D-7908-4E59-B2DA-216D42B692B0}\VersionIndependentProgID]
@DACL=(02 0000)
@="CDFeatureRRObject.CDFeatureRR"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C2889D4-F0F6-41C0-A50D-34F2136E761C}\ProgID]
@DACL=(02 0000)
@="Director.SupportJukebox.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C2889D4-F0F6-41C0-A50D-34F2136E761C}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C2889D4-F0F6-41C0-A50D-34F2136E761C}\TypeLib]
@DACL=(02 0000)
@="{621362CD-2185-4C26-9803-F9613C3BAE5E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C2889D4-F0F6-41C0-A50D-34F2136E761C}\VersionIndependentProgID]
@DACL=(02 0000)
@="Director.SupportJukebox"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4EDDDDBC-3528-41AA-AA6E-237AA8092C08}\TypeLib]
@DACL=(02 0000)
@="{155B3F27-CDEE-4FE2-8CC5-8D08882FDE15}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5232AEB5-E623-4704-8B09-D2F632808711}\ProgID]
@DACL=(02 0000)
@="DirectPlayNATHelperICFv6.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5232AEB5-E623-4704-8B09-D2F632808711}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlayNATHelperICFv6"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53934290-628D-11D2-AE0F-006097B01411}\ProgID]
@DACL=(02 0000)
@="DirectPlay8SPWSock.IPX.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53934290-628D-11D2-AE0F-006097B01411}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8SPWSock.IPX"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{541D882C-646A-4F67-894F-8576036FC14B}\ProgID]
@DACL=(02 0000)
@="NcsImp.Imp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{541D882C-646A-4F67-894F-8576036FC14B}\TypeLib]
@DACL=(02 0000)
@="{0A09FF7B-2E37-4783-BD4D-2AE9EF5317A5}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{541D882C-646A-4F67-894F-8576036FC14B}\VersionIndependentProgID]
@DACL=(02 0000)
@="NcsImp.Imp"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}\ProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDComm.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}\TypeLib]
@DACL=(02 0000)
@="{CD999ADC-7B89-4D10-815A-82A39D6EA09E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDComm"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5A86531E-8E2A-419F-B4CC-18EB8E891796}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAgcDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5A86531E-8E2A-419F-B4CC-18EB8E891796}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAgcDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AB0882E-7274-4516-877D-4EEE99BA4FD0}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureNoiseSuppressDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AB0882E-7274-4516-877D-4EEE99BA4FD0}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureNoiseSuppressDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\ProgID]
@DACL=(02 0000)
@="TDMUI.TDMControl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\TDMUI.dll, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\TypeLib]
@DACL=(02 0000)
@="{2C620D34-AD2B-443D-ABBA-52803E3D97AB}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\VersionIndependentProgID]
@DACL=(02 0000)
@="TDMUI.TDMControl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{667955AD-6B3B-43CA-B949-BC69B5BAFF7F}\ProgID]
@DACL=(02 0000)
@="DirectPlay8Lobby.LobbiedApplication.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{667955AD-6B3B-43CA-B949-BC69B5BAFF7F}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8Lobby.LobbiedApplication"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\ProgID]
@DACL=(02 0000)
@="inetwiz.UserControl1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\Windows\\System32\\OOBE\\Inetwiz.ocx, 30000"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\TypeLib]
@DACL=(02 0000)
@="{7AEC6EC8-AE36-41B9-A055-046719C2B529}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\VERSION]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\ProgID]
@DACL=(02 0000)
@="MMJBCTRL.PushBtnCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mmjbctrl.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\TypeLib]
@DACL=(02 0000)
@="{6B58B5D9-7405-11D2-8F58-00E02916007D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\ProgID]
@DACL=(02 0000)
@="MMJBCTRL.RadBtnCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mmjbctrl.ocx, 2"

 

[al davis]

Note that ComboFix reported Avast Antivirus was running. I removed that antivirus from this machine several years ago. Today I checked and don't see any sign of it being loaded.


ComboFix 17-07-07.01 - al 07/23/2017 13:17:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2141 [GMT -5:00]
Running from: c:\documents and settings\al\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2017-06-23 to 2017-07-23 )))))))))))))))))))))))))))))))
.
.
2017-07-20 05:20 . 2017-07-20 13:02 -------- d-----w- c:\program files\RogueKiller
2017-07-19 00:38 . 2017-07-19 00:46 -------- d-----w- C:\FRST
2017-07-18 15:15 . 2017-07-18 15:17 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-21 03:41 . 2014-06-14 15:17 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-20 05:21 . 2015-03-25 23:59 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\al\Start Menu\Programs\Startup\
156_Long_Soothing_Rain.mp3 [2014-11-2 9687935]
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2016-7-18 392136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\eudora_7\EuShlExt.dll" [2005-08-09 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\al\\Desktop\\winvnc4.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\SYSTEM32\DRIVERS\VCdRom.sys [11/24/2008 4:41 PM 8576]
R2 DriverX;DriverX;c:\windows\SYSTEM32\DRIVERS\driverx.sys [2/19/2011 4:42 PM 52512]
R2 tviclpt;tviclpt;c:\windows\SYSTEM32\DRIVERS\tviclpt.SYS [10/9/2009 8:28 PM 15536]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\SYSTEM32\DRIVERS\clwvd.sys [6/14/2012 10:23 PM 27760]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\SYSTEM32\DRIVERS\evsbc.sys [7/2/2012 1:25 PM 27904]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\SYSTEM32\DRIVERS\ssudbus.sys [10/18/2011 2:43 AM 78136]
S3 DIGIRPS;Digi RealPort Driver;c:\windows\SYSTEM32\DRIVERS\digirlpt.sys [10/2/2009 6:40 PM 152376]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\SYSTEM32\DRIVERS\evserial.sys [7/2/2012 1:26 PM 53888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\MBAMSwissArmy.sys [6/14/2014 10:17 AM 170200]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 11:41 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2017-03-08 c:\windows\Tasks\A l e r t s.job
- c:\progra~1\Dell\Support\bin\Support.exe [2004-05-28 01:06]
.
2017-07-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2017-07-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: NameServer = 216.234.97.2 216.234.97.3
FF - ProfilePath - c:\documents and settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.cloudynights.com/ubbthreads/|http://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
c:\documents and settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk - (no file)
AddRemove-SafeZone 1.48.2066.98 - c:\program files\AVAST Software\SZBrowser\Launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-23 13:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-842925246-854245398-500_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"ThreadingModel"="Both"
@="oleaut32.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\EnableFullPage]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ProgID]
@DACL=(02 0000)
@="QuickTime.QuickTime.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\Program Files\\QuickTime\\QTPlugin.ocx, 102"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\TreatAs]
@DACL=(02 0000)
@="{4063BE15-3B08-470D-A0D5-B37161CFFD69}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\TypeLib]
@DACL=(02 0000)
@="{02BF25D2-8C17-4B23-BC80-D3488ABDDC6B}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\Version]
@DACL=(02 0000)
@="9.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\VersionIndependentProgID]
@DACL=(02 0000)
@="QuickTime.QuickTime"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{006DBFD6-8200-4005-B855-2A87007EAAEC}]
@DACL=(02 0000)
"FriendlyName"="Sonic Scaler"
"CLSID"="{006DBFD6-8200-4005-B855-2A87007EAAEC}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{0F070130-EE38-4847-9807-0D4234130F65}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) DV Video Decoder"
"CLSID"="{0F070130-EE38-4847-9807-0D4234130F65}"
"FilterData"=hex:02,00,00,00,00,00,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{0F070131-EE38-4847-9807-0D4234130F65}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) DV Video Encoder"
"CLSID"="{0F070131-EE38-4847-9807-0D4234130F65}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Indeo® video 5.10 Compression Filter"
"CLSID"="{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{26C48DC0-F148-4A70-B252-3F8AE0188EBF}]
@DACL=(02 0000)
"FriendlyName"="Sonic DirectShow Tap"
"CLSID"="{26C48DC0-F148-4A70-B252-3F8AE0188EBF}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{30355649-0000-0010-8000-00AA00389B71}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Indeo® video 5.10 Decompression Filter"
"CLSID"="{30355649-0000-0010-8000-00AA00389B71}"
"FilterData"=hex:02,00,00,00,00,00,64,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{355460E6-0AB9-4A96-80CE-E94E6B08371A}]
@DACL=(02 0000)
"FriendlyName"="CyberLink Video Regulator"
"CLSID"="{355460E6-0AB9-4A96-80CE-E94E6B08371A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{3C931142-245B-4A79-ABC3-044E287BB468}]
@DACL=(02 0000)
"FriendlyName"="Sonic MPEG Audio Decoder"
"CLSID"="{3C931142-245B-4A79-ABC3-044E287BB468}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{429075DD-2586-4B9B-A752-F5E6066A9659}]
@DACL=(02 0000)
"FriendlyName"="RTStreamSink"
"CLSID"="{429075DD-2586-4B9B-A752-F5E6066A9659}"
"FilterData"=hex:02,00,00,00,00,00,20,00,01,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{433C8453-95E7-4DCF-85A7-5EA9EF6138D7}]
@DACL=(02 0000)
"FriendlyName"="CyberLink SlideShowLT Source Filter"
"CLSID"="{433C8453-95E7-4DCF-85A7-5EA9EF6138D7}"
"FilterData"=hex:02,00,00,00,00,00,20,00,01,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,07,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{5167AA69-104F-4E5D-B825-4CB35A0FFE5C}]
@DACL=(02 0000)
"FriendlyName"="Sonic Field Switch"
"CLSID"="{5167AA69-104F-4E5D-B825-4CB35A0FFE5C}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{5687A7E0-8416-43BA-9D6B-BDA23C2A6AC0}]
@DACL=(02 0000)
"FriendlyName"="Sonic RT Stream Source Filter"
"CLSID"="{5687A7E0-8416-43BA-9D6B-BDA23C2A6AC0}"
"FilterData"=hex:02,00,00,00,00,00,40,00,01,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{5B2729F6-6422-48D5-A1F1-792AC5AFB787}]
@DACL=(02 0000)
"FriendlyName"="Sonic DVD LPCM Converter"
"CLSID"="{5B2729F6-6422-48D5-A1F1-792AC5AFB787}"
"FilterData"=hex:02,00,00,00,00,00,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{78B3BF50-2CC6-4F17-B901-CD20F1B86F0A}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) MPEG Encoder"
"CLSID"="{78B3BF50-2CC6-4F17-B901-CD20F1B86F0A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,03,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,07,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{78B3BF60-2CC6-4F17-B901-CD20F1B86F0A}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) MPEG Video Encoder"
"CLSID"="{78B3BF60-2CC6-4F17-B901-CD20F1B86F0A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{78B3BF70-2CC6-4F17-B901-CD20F1B86F0A}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) MPEG Audio Encoder"
"CLSID"="{78B3BF70-2CC6-4F17-B901-CD20F1B86F0A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{8CBF5440-6E08-4360-86F8-25A1023BC64B}]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) Sample Buffer Filter"
"CLSID"="{8CBF5440-6E08-4360-86F8-25A1023BC64B}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{998F5F68-9134-4D96-BC12-075A63D5CF3B}]
@DACL=(02 0000)
"FriendlyName"="Sonic MPEG Video Decoder"
"CLSID"="{998F5F68-9134-4D96-BC12-075A63D5CF3B}"
"FilterData"=hex:02,00,00,00,00,00,20,00,03,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{9B4D5C8B-9DEA-4A6D-B9A3-D30609A6FA76}]
@DACL=(02 0000)
"FriendlyName"="Sonic Audio SRC"
"CLSID"="{9B4D5C8B-9DEA-4A6D-B9A3-D30609A6FA76}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{9E3D6AF0-4CFC-4968-867E-0560E9ECF440}]
@DACL=(02 0000)
"FriendlyName"="Sonic Audio Offset Filter"
"CLSID"="{9E3D6AF0-4CFC-4968-867E-0560E9ECF440}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{B0CB5CC5-20E9-4E10-85AE-29DF83851EED}]
@DACL=(02 0000)
"FriendlyName"="Sonic Rainbow Fix"
"CLSID"="{B0CB5CC5-20E9-4E10-85AE-29DF83851EED}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Indeo® audio software"
"CLSID"="{B4CA2970-DD2B-11D0-9DFA-00AA00AF3494}"
"FilterData"=hex:02,00,00,00,00,00,50,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{B98F8EC0-8EA6-49C9-9CD3-1533EE96608F}]
@DACL=(02 0000)
"FriendlyName"="Sonic File Writer"
"CLSID"="{B98F8EC0-8EA6-49C9-9CD3-1533EE96608F}"
"FilterData"=hex:02,00,00,00,00,00,20,00,01,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{BFD83B80-CF57-11D3-98A9-0080C84E9C36}]
@DACL=(02 0000)
"FriendlyName"="CyberLink DxVA Filter"
"CLSID"="{BFD83B80-CF57-11D3-98A9-0080C84E9C36}"
"FilterData"=hex:02,00,00,00,00,00,20,00,03,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DE11A24D-8151-478F-9AB2-400EEAAFACC7}]
@DACL=(02 0000)
"FriendlyName"="CyberLink Line21 Decoder Filter for Dell"
"CLSID"="{DE11A24D-8151-478F-9AB2-400EEAAFACC7}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DE11B780-85E3-11D2-98D0-0080C84E9C39}]
@DACL=(02 0000)
"FriendlyName"="CyberLink Audio Decoder for Dell"
"CLSID"="{DE11B780-85E3-11D2-98D0-0080C84E9C39}"
"FilterData"=hex:02,00,00,00,00,10,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DE11B781-85E3-11D2-98D0-0080C84E9C39}]
@DACL=(02 0000)
"FriendlyName"="CyberLink Video/SP Decoder for Dell"
"CLSID"="{DE11B781-85E3-11D2-98D0-0080C84E9C39}"
"FilterData"=hex:02,00,00,00,00,00,60,00,05,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DE11F9E1-0360-11D5-8F2A-0080C84E9C39}]
@DACL=(02 0000)
"FriendlyName"="CyberLink DVD Navigator for Dell"
"CLSID"="{DE11F9E1-0360-11D5-8F2A-0080C84E9C39}"
"FilterData"=hex:02,00,00,00,00,00,60,00,03,00,00,00,00,00,00,00,30,70,69,33,
08,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{DF5B1476-5C72-42BA-98DD-AFA6A812A3B3}]
@DACL=(02 0000)
"FriendlyName"="Sonic MPEG Splitter"
"CLSID"="{DF5B1476-5C72-42BA-98DD-AFA6A812A3B3}"
"FilterData"=hex:02,00,00,00,00,00,20,00,03,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E8CD8569-18C4-4EF3-9A4B-F44E3D0CEF6F}]
@DACL=(02 0000)
"FriendlyName"="Sonic DV Scene Detector"
"CLSID"="{E8CD8569-18C4-4EF3-9A4B-F44E3D0CEF6F}"
"FilterData"=hex:02,00,00,00,00,00,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{F2B5F793-C1B7-409F-8940-79BEA54F76D3}]
@DACL=(02 0000)
"FriendlyName"="Sonic Video Performance Monitor"
"CLSID"="{F2B5F793-C1B7-409F-8940-79BEA54F76D3}"
"FilterData"=hex:02,00,00,00,00,00,60,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{F3B9ED5F-53E2-4DCC-AA53-55DAE6337151}]
@DACL=(02 0000)
"FriendlyName"="Sonic SP Video Renderer"
"CLSID"="{F3B9ED5F-53E2-4DCC-AA53-55DAE6337151}"
"FilterData"=hex:02,00,00,00,00,00,20,00,01,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\ProgID]
@DACL=(02 0000)
@="StWebImage.Street Technologies ActiveX Control.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\WINDOWS\\occache\\iestm32.dll, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\TypeLib]
@DACL=(02 0000)
@="{0B72CCA1-5F11-11D0-9CB5-0000C0EC9FDB}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}\VersionIndependentProgID]
@DACL=(02 0000)
@="StWebImage.Street Technologies ActiveX Control"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}\ProgID]
@DACL=(02 0000)
@="MMRadioEngine.RadioEngineObj.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}\TypeLib]
@DACL=(02 0000)
@="{0C5D39A3-460B-11D4-ADE1-0050DACD3DB9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}\VersionIndependentProgID]
@DACL=(02 0000)
@="MMRadioEngine.RadioEngineObj"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\PersistentHandler]
@DACL=(02 0000)
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0D458BE8-D99D-11D3-A92B-00105A088FAC}\ProgID]
@DACL=(02 0000)
@SACL=
@="Setup.SetupKernelWrapper.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0D458BE8-D99D-11D3-A92B-00105A088FAC}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="Setup.SetupKernelWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{119FA07A-79F0-41FC-99F8-B14151E63EDC}\ProgID]
@DACL=(02 0000)
@="NIC_CDM_Prov.ProviderImp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{119FA07A-79F0-41FC-99F8-B14151E63EDC}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{119FA07A-79F0-41FC-99F8-B14151E63EDC}\TypeLib]
@DACL=(02 0000)
@="{15C3C77C-1811-4099-917B-5E2AA94DA31C}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{119FA07A-79F0-41FC-99F8-B14151E63EDC}\VersionIndependentProgID]
@DACL=(02 0000)
@="NIC_CDM_Prov.ProviderImp"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11C5C73B-66E9-4BA1-A0BA-E814C6EED92D}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureNoiseSuppressDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11C5C73B-66E9-4BA1-A0BA-E814C6EED92D}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureNoiseSuppressDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\EnableFullPage]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ProgID]
@DACL=(02 0000)
@="SWCtl.SWCtl.8.5.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\WINDOWS\\System32\\Macromed\\Shockwave 8\\Control.dll, 203"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\TypeLib]
@DACL=(02 0000)
@="{166B1BC7-3F9C-11CF-8075-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\VersionIndependentProgID]
@DACL=(02 0000)
@="SWCtl.SWCtl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}\ProgID]
@DACL=(02 0000)
@="Sb.SuperBuddy.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}\TypeLib]
@DACL=(02 0000)
@="{39DC8E5F-A573-4D58-8A13-6877A3B672EA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}\VersionIndependentProgID]
@DACL=(02 0000)
@="Sb.SuperBuddy"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C22C56D-9879-4F5B-A389-27996DDC2810}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAecDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C22C56D-9879-4F5B-A389-27996DDC2810}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAecDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1EE523DC-6504-452A-900D-199B51708EC9}\ProgID]
@DACL=(02 0000)
@="TDMEngine.moTDMEngine.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1EE523DC-6504-452A-900D-199B51708EC9}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1EE523DC-6504-452A-900D-199B51708EC9}\TypeLib]
@DACL=(02 0000)
@="{92141DDC-D299-4399-97F0-28EF338F5DFF}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1EE523DC-6504-452A-900D-199B51708EC9}\VersionIndependentProgID]
@DACL=(02 0000)
@="TDMEngine.moTDMEngine"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\ProgID]
@DACL=(02 0000)
@="Setup.LogServices.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\VersionIndependentProgID]
@DACL=(02 0000)
@="Setup.LogServices"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\ProgID]
@DACL=(02 0000)
@="SLIDER.MMJBSliderCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mmjbctrl.ocx, 4"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\TypeLib]
@DACL=(02 0000)
@="{6B58B5D9-7405-11D2-8F58-00E02916007D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@DACL=(02 0000)
@SACL=
@=expand:"c:\\dell\\dellcirc.ico"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\ProgID]
@DACL=(02 0000)
@="MMFWCTRL.SpaceBarCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\MMFWCtrl.ocx, 2"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\TypeLib]
@DACL=(02 0000)
@="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AF30D99-133E-421F-895A-150C432F46AC}\ProgID]
@DACL=(02 0000)
@="mmtask.MMAutoPlay.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AF30D99-133E-421F-895A-150C432F46AC}\TypeLib]
@DACL=(02 0000)
@="{C247746F-F717-42C5-A739-E5E3F9A136D9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2AF30D99-133E-421F-895A-150C432F46AC}\VersionIndependentProgID]
@DACL=(02 0000)
@="mmtask.MMAutoPlay"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EDF172F-3DBA-41C0-996B-32815E890963}\ProgID]
@DACL=(02 0000)
@="Core.NcsCoreImp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EDF172F-3DBA-41C0-996B-32815E890963}\TypeLib]
@DACL=(02 0000)
@="{4116AE6F-C376-42E7-9E15-EE109055FC8E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2EDF172F-3DBA-41C0-996B-32815E890963}\VersionIndependentProgID]
@DACL=(02 0000)
@="Core.NcsCoreImp"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{31345649-0000-0010-8000-00AA00389B71}\Pins]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo® video 5.10 Compression Filter]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Indeo® video 5.10 Compression Filter"
"CLSID"="{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}"
"FilterData"=hex:02,00,00,00,00,00,10,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
"EncoderType"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\MainConcept (Sonic) MPEG Video Encoder]
@DACL=(02 0000)
"FriendlyName"="MainConcept (Sonic) MPEG Video Encoder"
"CLSID"="{78B3BF60-2CC6-4F17-B901-CD20F1B86F0A}"
"FilterData"=hex:02,00,00,00,00,00,20,00,02,00,00,00,00,00,00,00,30,70,69,33,
00,00,00,00,00,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,30,74,79,33,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{33D9A761-90C8-11d0-BD43-00A0C911CE86}\Instance]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{381465E7-7410-4E43-8258-963AFF838968}\ProgID]
@DACL=(02 0000)
@="mmlicmgr.LicenseManagerFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{381465E7-7410-4E43-8258-963AFF838968}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{381465E7-7410-4E43-8258-963AFF838968}\TypeLib]
@DACL=(02 0000)
@="{2316B3B3-9AA8-4184-9C93-D927D74396B4}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{381465E7-7410-4E43-8258-963AFF838968}\VersionIndependentProgID]
@DACL=(02 0000)
@="mmlicmgr.LicenseManagerFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3B2B6775-70B6-45AF-8DEA-A209C69559F3}\ProgID]
@DACL=(02 0000)
@="DirectPlay8Lobby.LobbyClient.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3B2B6775-70B6-45AF-8DEA-A209C69559F3}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8Lobby.LobbyClient"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}\ProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDAPHandler.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}\TypeLib]
@DACL=(02 0000)
@="{CD999ADC-7B89-4D10-815A-82A39D6EA09E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDAPHandler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A5F7D-7908-4E59-B2DA-216D42B692B0}\ProgID]
@DACL=(02 0000)
@="CDFeatureRRObject.CDFeatureRR.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A5F7D-7908-4E59-B2DA-216D42B692B0}\TypeLib]
@DACL=(02 0000)
@="{51076341-C7DE-4745-9E02-E36E34FCCC56}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B9A5F7D-7908-4E59-B2DA-216D42B692B0}\VersionIndependentProgID]
@DACL=(02 0000)
@="CDFeatureRRObject.CDFeatureRR"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C2889D4-F0F6-41C0-A50D-34F2136E761C}\ProgID]
@DACL=(02 0000)
@="Director.SupportJukebox.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C2889D4-F0F6-41C0-A50D-34F2136E761C}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C2889D4-F0F6-41C0-A50D-34F2136E761C}\TypeLib]
@DACL=(02 0000)
@="{621362CD-2185-4C26-9803-F9613C3BAE5E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4C2889D4-F0F6-41C0-A50D-34F2136E761C}\VersionIndependentProgID]
@DACL=(02 0000)
@="Director.SupportJukebox"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4EDDDDBC-3528-41AA-AA6E-237AA8092C08}\TypeLib]
@DACL=(02 0000)
@="{155B3F27-CDEE-4FE2-8CC5-8D08882FDE15}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5232AEB5-E623-4704-8B09-D2F632808711}\ProgID]
@DACL=(02 0000)
@="DirectPlayNATHelperICFv6.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5232AEB5-E623-4704-8B09-D2F632808711}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlayNATHelperICFv6"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53934290-628D-11D2-AE0F-006097B01411}\ProgID]
@DACL=(02 0000)
@="DirectPlay8SPWSock.IPX.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53934290-628D-11D2-AE0F-006097B01411}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8SPWSock.IPX"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{541D882C-646A-4F67-894F-8576036FC14B}\ProgID]
@DACL=(02 0000)
@="NcsImp.Imp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{541D882C-646A-4F67-894F-8576036FC14B}\TypeLib]
@DACL=(02 0000)
@="{0A09FF7B-2E37-4783-BD4D-2AE9EF5317A5}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{541D882C-646A-4F67-894F-8576036FC14B}\VersionIndependentProgID]
@DACL=(02 0000)
@="NcsImp.Imp"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}\ProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDComm.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}\TypeLib]
@DACL=(02 0000)
@="{CD999ADC-7B89-4D10-815A-82A39D6EA09E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59803D7B-D6E4-4B89-864E-626EBB587BF4}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDComm"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5A86531E-8E2A-419F-B4CC-18EB8E891796}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAgcDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5A86531E-8E2A-419F-B4CC-18EB8E891796}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAgcDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AB0882E-7274-4516-877D-4EEE99BA4FD0}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureNoiseSuppressDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5AB0882E-7274-4516-877D-4EEE99BA4FD0}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureNoiseSuppressDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\ProgID]
@DACL=(02 0000)
@="TDMUI.TDMControl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\TDMUI.dll, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\TypeLib]
@DACL=(02 0000)
@="{2C620D34-AD2B-443D-ABBA-52803E3D97AB}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61B0FEDE-4697-4FC3-A3DC-3C2695359CA6}\VersionIndependentProgID]
@DACL=(02 0000)
@="TDMUI.TDMControl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{667955AD-6B3B-43CA-B949-BC69B5BAFF7F}\ProgID]
@DACL=(02 0000)
@="DirectPlay8Lobby.LobbiedApplication.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{667955AD-6B3B-43CA-B949-BC69B5BAFF7F}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8Lobby.LobbiedApplication"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\ProgID]
@DACL=(02 0000)
@="inetwiz.UserControl1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\Windows\\System32\\OOBE\\Inetwiz.ocx, 30000"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\TypeLib]
@DACL=(02 0000)
@="{7AEC6EC8-AE36-41B9-A055-046719C2B529}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6733BD4A-0E88-4939-8F3A-CEC345CBEBD6}\VERSION]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\ProgID]
@DACL=(02 0000)
@="MMJBCTRL.PushBtnCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mmjbctrl.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\TypeLib]
@DACL=(02 0000)
@="{6B58B5D9-7405-11D2-8F58-00E02916007D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\ProgID]
@DACL=(02 0000)
@="MMJBCTRL.RadBtnCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mmjbctrl.ocx, 2"

 

[al davis]

.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\TypeLib]
@DACL=(02 0000)
@="{6B58B5D9-7405-11D2-8F58-00E02916007D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\ProgID]
@DACL=(02 0000)
@="MMJBCTRL.LabelCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mmjbctrl.ocx, 3"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\TypeLib]
@DACL=(02 0000)
@="{6B58B5D9-7405-11D2-8F58-00E02916007D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6D4A3650-628D-11D2-AE0F-006097B01411}\ProgID]
@DACL=(02 0000)
@="DirectPlay8SPModem.Modem.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6D4A3650-628D-11D2-AE0F-006097B01411}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8SPModem.Modem"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6E9DBE43-5233-49A3-AB96-A9353EB9AB6D}\ProgID]
@DACL=(02 0000)
@="Director.Activate.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6E9DBE43-5233-49A3-AB96-A9353EB9AB6D}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6E9DBE43-5233-49A3-AB96-A9353EB9AB6D}\TypeLib]
@DACL=(02 0000)
@="{621362CD-2185-4C26-9803-F9613C3BAE5E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6E9DBE43-5233-49A3-AB96-A9353EB9AB6D}\VersionIndependentProgID]
@DACL=(02 0000)
@="Director.Activate"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}\Instance]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{743B5D60-628D-11D2-AE0F-006097B01411}\ProgID]
@DACL=(02 0000)
@="DirectPlay8SPModem.Serial.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{743B5D60-628D-11D2-AE0F-006097B01411}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8SPModem.Serial"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}\ProgID]
@DACL=(02 0000)
@="ACHtmfu.HtmlFunctions.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\Program Files\\Common Files\\aolshare\\Coach\\Player\\coachdm2.dll, 101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}\TypeLib]
@DACL=(02 0000)
@="{12D56325-94E3-4E74-A91B-586982151C2F}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}\VersionIndependentProgID]
@DACL=(02 0000)
@="ACHtmfu.HtmlFunctions"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}\ProgID]
@DACL=(02 0000)
@="YGPPicInfo.PictureInfos.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}\TypeLib]
@DACL=(02 0000)
@="{79C10055-C1B5-4754-AC44-003784AA3A44}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}\VersionIndependentProgID]
@DACL=(02 0000)
@="YGPPicInfo.PictureInfos"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8C3C1B17-E59D-11D2-B40B-00A024B9DDDD}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\ILog.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8C3C1B17-E59D-11D2-B40B-00A024B9DDDD}\ProgID]
@DACL=(02 0000)
@SACL=
@="Setup.LogServices.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8C3C1B17-E59D-11D2-B40B-00A024B9DDDD}\TreatAs]
@DACL=(02 0000)
@="{22D84EC7-E201-4432-B3ED-A9DCA3604594}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8C3C1B17-E59D-11D2-B40B-00A024B9DDDD}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="Setup.LogServices"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8D5227B0-1475-11CF-B3A0-A1B057B7D2EA}\InprocHandler32]
@DACL=(02 0000)
@="ole32.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8D5227B0-1475-11CF-B3A0-A1B057B7D2EA}\ProgID]
@DACL=(02 0000)
@="ImageExpert.Camera"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F0DD2CA-786E-11D0-A671-000092909AB2}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F0DD2CA-786E-11D0-A671-000092909AB2}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F0DD2CA-786E-11D0-A671-000092909AB2}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F0DD2CA-786E-11D0-A671-000092909AB2}\ProgID]
@DACL=(02 0000)
@="ActivePopup.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F0DD2CA-786E-11D0-A671-000092909AB2}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\WINDOWS\\SYSTEM32\\popup.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F0DD2CA-786E-11D0-A671-000092909AB2}\TypeLib]
@DACL=(02 0000)
@="{8F0DD2C7-786E-11D0-A671-000092909AB2}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F0DD2CA-786E-11D0-A671-000092909AB2}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\ProgID]
@DACL=(02 0000)
@SACL=
@="Setup.Kernel.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="Setup.Kernel"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{934A9523-A3CA-4BC5-ADA0-D6D95D979421}\ProgID]
@DACL=(02 0000)
@="DirectPlay8Address.Address.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{934A9523-A3CA-4BC5-ADA0-D6D95D979421}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8Address.Address"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{943742F6-3A40-43FF-97F4-A1750D97B200}\ProgID]
@DACL=(02 0000)
@="YGPPicInfo.PictureInfo.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{943742F6-3A40-43FF-97F4-A1750D97B200}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{943742F6-3A40-43FF-97F4-A1750D97B200}\TypeLib]
@DACL=(02 0000)
@="{79C10055-C1B5-4754-AC44-003784AA3A44}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{943742F6-3A40-43FF-97F4-A1750D97B200}\VersionIndependentProgID]
@DACL=(02 0000)
@="YGPPicInfo.PictureInfo"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{950E55B9-877C-4C67-BE08-E47B5611130A}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAgcDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{950E55B9-877C-4C67-BE08-E47B5611130A}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAgcDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{963A6463-5207-4D06-AD5E-5A900C851735}\ProgID]
@DACL=(02 0000)
@="Core.NcsCoreEvents.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{963A6463-5207-4D06-AD5E-5A900C851735}\TypeLib]
@DACL=(02 0000)
@="{4116AE6F-C376-42E7-9E15-EE109055FC8E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{963A6463-5207-4D06-AD5E-5A900C851735}\VersionIndependentProgID]
@DACL=(02 0000)
@="Core.NcsCoreEvents"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\AuxUserType]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\DefaultIcon]
@DACL=(02 0000)
@="c:\\PROGRA~1\\JASCSO~1\\PAINTS~1\\pspa.exe,1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\InprocHandler32]
@DACL=(02 0000)
@="ole32.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\Insertable]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\MiscStatus]
@DACL=(02 0000)
@="32"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\PersistentHandler]
@DACL=(02 0000)
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\ProgID]
@DACL=(02 0000)
@="JascPaintShopPhotoAlbumImage"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}\Verb]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\ProgID]
@DACL=(02 0000)
@="AOL.UPFCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\aolshare\\pictures\\YGPUPF.dll, 101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\TypeLib]
@DACL=(02 0000)
@="{57B2FD05-64D4-4ad7-A92A-7C32FE50A0F4}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\VersionIndependentProgID]
@DACL=(02 0000)
@="AOL.UPFCtrl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A0B65408-65FF-4FDF-9CF0-3763C3CA29C4}\TypeLib]
@DACL=(02 0000)
@="{95117066-315E-4CAE-BE3D-E7897D3F98BC}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A2551F60-705F-11CF-A424-00AA003735BE}\Pins]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A2E3074F-6C3D-11D3-B653-00C04F79498E}\Instance]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID]
@DACL=(02 0000)
@="DxDiag.DxDiagProvider.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID]
@DACL=(02 0000)
@="DxDiag.DxDiagProvider"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}\ProgID]
@DACL=(02 0000)
@="Setup.ScriptDriverWrapper.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}\VersionIndependentProgID]
@DACL=(02 0000)
@="Setup.ScriptDriverWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}\ProgID]
@DACL=(02 0000)
@="Setup.ScriptObjectWrapper.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}\VersionIndependentProgID]
@DACL=(02 0000)
@="Setup.ScriptObjectWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB2E478C-D4E5-45A4-84E1-F6279413B5DC}\ProgID]
@DACL=(02 0000)
@="djbsdk.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD41621C-A2DD-487D-A24B-8BE40116A5A3}\ProgID]
@DACL=(02 0000)
@="YGPPicInfo.IImageInfo.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD41621C-A2DD-487D-A24B-8BE40116A5A3}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD41621C-A2DD-487D-A24B-8BE40116A5A3}\TypeLib]
@DACL=(02 0000)
@="{79C10055-C1B5-4754-AC44-003784AA3A44}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD41621C-A2DD-487D-A24B-8BE40116A5A3}\VersionIndependentProgID]
@DACL=(02 0000)
@="YGPPicInfo.IImageInfo"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\ProgID]
@DACL=(02 0000)
@="MMFWCTRL.PushBtnCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\MMFWCtrl.ocx, 3"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\TypeLib]
@DACL=(02 0000)
@="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B01FEB50-45ED-11D3-B444-00104B261643}\ProgID]
@DACL=(02 0000)
@SACL=
@="ISScriptHandler.ScriptWrapper.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B01FEB50-45ED-11D3-B444-00104B261643}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="ISScriptHandler.ScriptWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B33CCD56-0909-42C9-8A88-8976F66B8BF2}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B33CCD56-0909-42C9-8A88-8976F66B8BF2}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B33CCD56-0909-42C9-8A88-8976F66B8BF2}\ProgID]
@DACL=(02 0000)
@="AOL.PicMgrCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B33CCD56-0909-42C9-8A88-8976F66B8BF2}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B33CCD56-0909-42C9-8A88-8976F66B8BF2}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\AOL\\YGPPIC~1.DLL, 101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B33CCD56-0909-42C9-8A88-8976F66B8BF2}\TypeLib]
@DACL=(02 0000)
@="{D4641E01-11AD-4307-B8B1-35987AD76501}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B33CCD56-0909-42C9-8A88-8976F66B8BF2}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B33CCD56-0909-42C9-8A88-8976F66B8BF2}\VersionIndependentProgID]
@DACL=(02 0000)
@="AOL.PicMgrCtrl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B56B9719-1DF3-43e0-8E7A-CE36890CAEF5}\{806E5237-2F90-400d-A61E-2545158E45A5}]
@DACL=(02 0000)
"StartSettings"=hex:41,32,30,8e,7a,39,ff,ee,30,09,34,3b,08,30,39,df,cf,31,0d,
4a,be,30,73,33
"EndSettings"=hex:41,32,30,8e,7a,39,ff,eb,30,09,34,3a,08,30,39,df,cf,34,0d,4a,
be,30,73,32
"InstallDetails"=hex:4d,43,52,47,01,00,00,00,3f,00,00,00,01,00,00,00,81,03,61,
6b,ba,44,8a,08,ef,16,74,2f,01,cd,90,4f,df,55,c0,f4,76,8d,93,29,ae,b6,81,fa,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5DE6AA8-A94F-4369-93ED-77307026FDF1}\ProgID]
@DACL=(02 0000)
@="Director.SupportRemote.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5DE6AA8-A94F-4369-93ED-77307026FDF1}\TypeLib]
@DACL=(02 0000)
@="{621362CD-2185-4C26-9803-F9613C3BAE5E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B5DE6AA8-A94F-4369-93ED-77307026FDF1}\VersionIndependentProgID]
@DACL=(02 0000)
@="Director.SupportRemote"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B9A7E591-6C9C-11D3-B452-00104B261643}\ProgID]
@DACL=(02 0000)
@SACL=
@="ISScriptHandler.StringTable.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B9A7E591-6C9C-11D3-B452-00104B261643}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="ISScriptHandler.StringTable"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDDB3494-A25E-48A7-B30F-36C11087BE35}\ProgID]
@DACL=(02 0000)
@="WMPEngine.WMPlayer.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDDB3494-A25E-48A7-B30F-36C11087BE35}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDDB3494-A25E-48A7-B30F-36C11087BE35}\TypeLib]
@DACL=(02 0000)
@="{444490F5-C29F-457C-BB9D-C352C4384C13}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDDB3494-A25E-48A7-B30F-36C11087BE35}\VersionIndependentProgID]
@DACL=(02 0000)
@="WMPEngine.WMPlayer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFC07EEF-0EFF-11D4-AE9A-0000E88EB84F}\ProgID]
@DACL=(02 0000)
@="AppBarCom.AppBarInvocator.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFC07EEF-0EFF-11D4-AE9A-0000E88EB84F}\VersionIndependentProgID]
@DACL=(02 0000)
@="AppBarCom.AppBarInvocator"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\EnableFullPage]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\ProgID]
@DACL=(02 0000)
@="AOLFlash.AOLFlash.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\AOL\\Flasha.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\TypeLib]
@DACL=(02 0000)
@="{C114555B-A454-11D4-9020-00D0B7239081}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\VersionIndependentProgID]
@DACL=(02 0000)
@="AOLFlash.AOLFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\ProgID]
@DACL=(02 0000)
@="AOLFlashFactory.AOLFlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\AOL\\Flasha.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\TypeLib]
@DACL=(02 0000)
@="{C114555B-A454-11D4-9020-00D0B7239081}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\VersionIndependentProgID]
@DACL=(02 0000)
@="AOLFlashFactory.AOLFlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3228FAC-884F-11D5-B504-000629D0B82A}\ProgID]
@DACL=(02 0000)
@="INTEL_NCS.NetService.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3228FAC-884F-11D5-B504-000629D0B82A}\TypeLib]
@DACL=(02 0000)
@="{C3228F9F-884F-11D5-B504-000629D0B82A}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3228FAC-884F-11D5-B504-000629D0B82A}\VersionIndependentProgID]
@DACL=(02 0000)
@="INTEL_NCS.NetService"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\ProgID]
@DACL=(02 0000)
@="MMJBCTRL.TextBtnCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mmjbctrl.ocx, 5"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\TypeLib]
@DACL=(02 0000)
@="{6B58B5D9-7405-11D2-8F58-00E02916007D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697515}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697515}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697515}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697515}\ProgID]
@DACL=(02 0000)
@="NSVPLAYX.NsvPlayXCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697515}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\Nullsoft\\Video\\ActiveX\\plugins\\NSVPLA~1.DLL, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697515}\TypeLib]
@DACL=(02 0000)
@="{0A9570A9-07C5-49DA-B2C6-E7DB55AC7900}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697515}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}\ProgID]
@DACL=(02 0000)
@SACL=
@="Setup.User.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="Setup.User"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CDEBB919-379A-488A-8765-F53CFD36DE40}\ProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAecDMO.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CDEBB919-379A-488A-8765-F53CFD36DE40}\VersionIndependentProgID]
@DACL=(02 0000)
@="Microsoft.DirectSoundCaptureAecDMO"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\ProgID]
@DACL=(02 0000)
@="MMFWCTRL.RadBtnCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\MMFWCtrl.ocx, 4"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\TypeLib]
@DACL=(02 0000)
@="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\Insertable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\ProgID]
@DACL=(02 0000)
@="AOL.PicDownloadCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\AOL\\YGPPIC~4.DLL, 101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\TypeLib]
@DACL=(02 0000)
@="{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\VersionIndependentProgID]
@DACL=(02 0000)
@="AOL.PicDownloadCtrl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}]
@DACL=(02 0000)
"FriendlyName"="BDA Network Providers"
"CLSID"="{71985F4B-1CA1-11D3-9CC8-00C04F7971E0}"
"Merit"=dword:00600000
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{A2E3074F-6C3D-11D3-B653-00C04F79498E}]
@DACL=(02 0000)
"FriendlyName"="BDA Transport Information Renderers"
"CLSID"="{A2E3074F-6C3D-11D3-B653-00C04F79498E}"
"Merit"=dword:00600000
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21}\ProgID]
@DACL=(02 0000)
@="QuickTimeCheckObject.QuickTimeCheck.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21}\TypeLib]
@DACL=(02 0000)
@="{DE4AF3A1-F4D4-11D3-B41A-0050DA2E6C21}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21}\VersionIndependentProgID]
@DACL=(02 0000)
@="QuickTimeCheckObject.QuickTimeCheck"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\Insertable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\ProgID]
@DACL=(02 0000)
@="AOL.PicEditCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\aolshare\\pictures\\YGPPIC~4.DLL, 101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\TypeLib]
@DACL=(02 0000)
@="{0B54F548-639F-462F-BCDE-9557B8AB378F}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\VersionIndependentProgID]
@DACL=(02 0000)
@="AOL.PicEditCtrl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E0F158E1-CB04-11d0-BD4E-00A0C911CE86}\Instance]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4C1D9A2-CBF7-48BD-9A69-34A55E0D8941}\ProgID]
@DACL=(02 0000)
@="DirectPlay8NATResolver.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4C1D9A2-CBF7-48BD-9A69-34A55E0D8941}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8NATResolver"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4E01430-7348-467D-B2B8-170D716EF5C4}\ProgID]
@DACL=(02 0000)
@="NcsWmiEvents.NcsWmiEventProv.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4E01430-7348-467D-B2B8-170D716EF5C4}\TypeLib]
@DACL=(02 0000)
@="{EA7749C1-040F-4B68-A52E-497B4CA60997}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E4E01430-7348-467D-B2B8-170D716EF5C4}\VersionIndependentProgID]
@DACL=(02 0000)
@="NcsWmiEvents.NcsWmiEventProv"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E7D06080-238B-11D3-80D7-00104B1F6CEA}\ProgID]
@DACL=(02 0000)
@SACL=
@="Setup.ScriptEngine.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E7D06080-238B-11D3-80D7-00104B1F6CEA}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="Setup.ScriptEngine"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\PersistentHandler]
@DACL=(02 0000)
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E96EAF6A-FFD2-4B18-9231-2DCDA4709B48}\ProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDRecord.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E96EAF6A-FFD2-4B18-9231-2DCDA4709B48}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E96EAF6A-FFD2-4B18-9231-2DCDA4709B48}\TypeLib]
@DACL=(02 0000)
@="{CD999ADC-7B89-4D10-815A-82A39D6EA09E}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E96EAF6A-FFD2-4B18-9231-2DCDA4709B48}\VersionIndependentProgID]
@DACL=(02 0000)
@="MyDVD.MyDVDRecord"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EBFE7BA0-628D-11D2-AE0F-006097B01411}\ProgID]
@DACL=(02 0000)
@="DirectPlay8SPWSock.TCPIP.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EBFE7BA0-628D-11D2-AE0F-006097B01411}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8SPWSock.TCPIP"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\ProgID]
@DACL=(02 0000)
@="MMFWCTRL.ComboBoxCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\MMFWCtrl.ocx, 6"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\TypeLib]
@DACL=(02 0000)
@="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F975AF2C-9A51-4AF0-91EA-06038698CE38}\ProgID]
@DACL=(02 0000)
@="DirectPlay8Diagnostics.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F975AF2C-9A51-4AF0-91EA-06038698CE38}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8Diagnostics"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA3662C3-B8E8-11D6-A667-0010B556D978}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA3662C3-B8E8-11D6-A667-0010B556D978}\Insertable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA3662C3-B8E8-11D6-A667-0010B556D978}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA3662C3-B8E8-11D6-A667-0010B556D978}\ProgID]
@DACL=(02 0000)
@="WinAmpX.IWinAmpActiveX.2"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA3662C3-B8E8-11D6-A667-0010B556D978}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA3662C3-B8E8-11D6-A667-0010B556D978}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\Nullsoft\\ActiveX\\AmpX.dll, 101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA3662C3-B8E8-11D6-A667-0010B556D978}\TypeLib]
@DACL=(02 0000)
@="{FA3662C1-B8E8-11D6-A667-0010B556D978}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA3662C3-B8E8-11D6-A667-0010B556D978}\VersionIndependentProgID]
@DACL=(02 0000)
@="WinAmpX.IWinAmpActiveX"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\Control]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\ProgID]
@DACL=(02 0000)
@="MMFWCTRL.TextCtrl.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\MMFWCtrl.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\TypeLib]
@DACL=(02 0000)
@="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FC47060E-6153-4B34-B975-8E4121EB7F3C}\ProgID]
@DACL=(02 0000)
@="DirectPlay8ThreadPool.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FC47060E-6153-4B34-B975-8E4121EB7F3C}\VersionIndependentProgID]
@DACL=(02 0000)
@="DirectPlay8ThreadPool"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2017-07-23 13:31:34
ComboFix-quarantined-files.txt 2017-07-23 18:31
.
Pre-Run: 6,168,031,232 bytes free
Post-Run: 6,160,670,720 bytes free
.
- - End Of File - - 31B8D18DF229273DFEA1A926198F3566
8F558EB6672622401DA993E1E865C861

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[al davis]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2017
Ran by al (administrator) on XP (23-07-2017 17:04:04)
Running from C:\Documents and Settings\al\Desktop\virus_et_al\July 2017
Loaded Profiles: al (Available Profiles: al & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Microsoft Corporation) C:\PROGRA~1\WINDOW~2\wmplayer.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\taskmgr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\eudora_7\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\156_Long_Soothing_Rain.mp3 [2014-11-02] ()
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2016-10-17]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: [NameServer] 216.234.97.2 216.234.97.3

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-12] (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-08] (Sun Microsystems, Inc.)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://support.microsoft.com/oas/ActiveX/MSDcode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} hxxp://us.chat1.yimg.com/us.yimg.com/I/chat/applet/v45/yacscom.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default [2017-07-23]
FF DefaultSearchEngine: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default -> Bing
FF DefaultSearchEngine.US: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default -> Bing
FF SelectedSearchEngine: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default -> Bing
FF Homepage: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default -> hxxp://www.cloudynights.com/ubbthreads/
hxxp://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
FF Extension: (Adblock Plus) - C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-12] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-08] [not signed]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3960577219-1813400529-1317427278-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-20] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-12]
StartMenuInternet: chrome.exe - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [31592 2008-06-26] (NOS Microsystems Ltd.)
S2 helpsvc; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-08] (Sun Microsystems, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2003-07-16] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DIGIRPS; C:\WINDOWS\System32\DRIVERS\digirlpt.sys [152376 2008-07-10] (Digi International Inc.)
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-13] (Symantec Corporation)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2009-10-09] (Logix4u) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-07-20] (Malwarebytes)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2010-05-07] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2009-08-04] (Acronis) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2009-08-04] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2009-08-04] (Acronis) [File not signed]
U3 TrueSight; C:\WINDOWS\SYSTEM32\DRIVERS\TrueSight.sys [24688 2017-07-20] ()
S3 TVicHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [29536 2006-10-13] (EnTech Taiwan)
R2 tviclpt; C:\WINDOWS\system32\Drivers\tviclpt.sys [15536 2003-03-12] (EnTech Taiwan) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [608128 2011-03-10] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [1038080 2011-03-10] (eMPIA Technology, Inc.)
R1 vcdrom; C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18180 2003-03-14] (ELTIMA Software) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [69932 2003-03-14] (ELTIMA Software) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 13:31 - 2017-07-23 17:04 - 00000000 ____D C:\Documents and Settings\al\Local Settings\temp
2017-07-23 13:31 - 2017-07-23 13:31 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\temp
2017-07-23 13:31 - 2017-07-23 13:31 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2017-07-23 13:31 - 2017-07-23 13:31 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-23 13:14 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-07-23 13:14 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-07-23 13:14 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-07-23 13:14 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-07-23 13:14 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-07-23 13:14 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-07-23 13:14 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-07-23 13:14 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-07-23 13:14 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-07-23 12:53 - 2017-07-23 13:31 - 00000000 ____D C:\Qoobox
2017-07-20 13:58 - 2017-07-18 19:59 - 00017920 _____ C:\Documents and Settings\al\Desktop\diatom.xls
2017-07-20 00:20 - 2017-07-20 08:02 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-20 00:20 - 2017-07-20 00:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-07-18 19:38 - 2017-07-23 17:04 - 00000000 ____D C:\FRST
2017-07-18 10:15 - 2017-07-18 10:17 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 14:46 - 2013-08-12 14:25 - 00016077 _____ C:\WINDOWS\al8.xlb
2017-07-23 14:21 - 2004-01-03 18:45 - 00021738 _____ C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2017-07-23 13:31 - 2004-01-03 18:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-23 13:31 - 2004-01-03 18:32 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-07-23 13:28 - 2002-09-03 14:26 - 00000227 _____ C:\WINDOWS\system.ini
2017-07-23 13:14 - 2004-01-03 18:46 - 00032598 _____ C:\WINDOWS\SchedLgU.Txt
2017-07-23 12:51 - 2013-10-06 09:31 - 00014789 _____ C:\Documents and Settings\al\Desktop\Empty.txt
2017-07-23 11:53 - 2004-01-09 06:49 - 00000428 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-07-23 11:51 - 2016-07-18 13:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-23 11:45 - 2011-12-02 21:09 - 00000272 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2017-07-23 11:36 - 2004-01-03 18:32 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2017-07-22 17:48 - 2004-01-08 16:03 - 00000278 ___SH C:\Documents and Settings\al\NTUSER.INI
2017-07-21 00:09 - 2004-01-08 16:03 - 00000000 ____D C:\Documents and Settings\al
2017-07-20 22:41 - 2014-06-14 10:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-20 09:59 - 2017-02-27 18:45 - 00018557 _____ C:\Documents and Settings\al\Desktop\syslog.txt
2017-07-20 09:56 - 2008-08-23 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NOS
2017-07-20 09:56 - 2004-01-13 07:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-07-20 09:56 - 2004-01-13 07:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
2017-07-20 09:56 - 2004-01-03 18:32 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-07-20 00:21 - 2015-03-25 18:59 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-19 11:09 - 2014-10-08 15:26 - 00000000 ____D C:\eudora_7
2017-07-18 19:59 - 2016-04-21 19:32 - 00000000 ____D C:\backup
2017-07-18 19:11 - 2011-02-06 08:41 - 00000000 ____D C:\Documents and Settings\al\Desktop\virus_et_al
2017-07-18 16:45 - 2016-04-21 09:56 - 00002463 _____ C:\Documents and Settings\al\Desktop\Sophos Virus Removal Tool.lnk
2017-07-16 22:08 - 2012-07-24 17:53 - 00012208 _____ C:\Documents and Settings\al\Desktop\GP.txt
2017-07-16 13:55 - 2016-10-27 09:06 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2017-07-15 21:30 - 2004-01-03 18:43 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL
2017-07-10 12:19 - 2011-10-01 19:00 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job

==================== Files in the root of some directories =======

2006-11-19 09:23 - 2007-02-14 21:25 - 0009871 _____ () C:\Documents and Settings\al\Application Data\Microsoft\2240.dat
2015-05-01 08:16 - 2015-06-11 20:14 - 0005632 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-10 22:08 - 2013-06-23 14:09 - 0004955 _____ () C:\Documents and Settings\All Users\Application Data\gmqvfgar.pta
2012-07-17 15:31 - 2012-07-17 15:31 - 0004983 _____ () C:\Documents and Settings\All Users\Application Data\lomppayd.qfv
2012-02-05 10:33 - 2016-02-25 23:19 - 0001639 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[al davis]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by al (23-07-2017 17:05:06)
Running from C:\Documents and Settings\al\Desktop\virus_et_al\July 2017
Microsoft Windows XP Professional Service Pack 3 (X86) (2004-02-17 23:44:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3960577219-1813400529-1317427278-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
al (S-1-5-21-3960577219-1813400529-1317427278-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\al
ASPNET (S-1-5-21-3960577219-1813400529-1317427278-1008 - Limited - Enabled)
Guest (S-1-5-21-3960577219-1813400529-1317427278-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-3960577219-1813400529-1317427278-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3960577219-1813400529-1317427278-1002 - Limited - Enabled)
SUPPORT_3f151ab9 (S-1-5-21-3960577219-1813400529-1317427278-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acronis Drive Monitor (HKLM\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image (HKLM\...\{7F129516-73AD-4232-8FD0-C7BC2508B274}) (Version: 9.0.3647 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Banctec Service Agreement (HKLM\...\{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}) (Version: 1.00.00 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Belkin SOHO Networking Utilities (HKLM\...\{E03969E7-3AFB-4672-8259-991B5F618D5A}) (Version: 1.1 - Belkin Components)
Belkin Wireless Access Point Manager (HKLM\...\{A2284436-0CA3-4880-B8D1-E79E64A46EB3}) (Version: - )
Belkin Wireless Access Point Wizard (HKLM\...\{AE2CD143-49F9-4640-9D4C-4F7A94FC4E71}) (Version: 1.00.0000 - Belkin Corporation)
Brother HL-5340D (HKLM\...\{653F3899-8CC4-43DB-AFD8-E9D829504138}) (Version: 1.00 - Brother)
Canon i250 (HKLM\...\CANONBJ_Deinstall_CNMCP50.DLL) (Version: - )
Cartes du Ciel V3.8 (HKLM\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - )
Celestron MCupdate (HKLM\...\Celestron MCupdate) (Version: 2.2.5 - Celestron)
Chanalyzer 2.1.7 (HKLM\...\{FD736238-55EB-420B-9BFC-B8A9983B21C9}) (Version: 2.1.7 - MetaGeek, LLC)
Core FTP LE 1.3c (HKLM\...\Core FTP LE 1.3c) (Version: - )
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
Dell Networking Guide (HKLM\...\{68D60342-7686-45C9-B8EB-40EF843D0460}) (Version: 1.00.0001 - Dell) Hidden
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.1.0.0 - Dell)
Digi Port Authority - Remote (HKLM\...\Digi Port Authority - Remote) (Version: - )
DS21Patch (HKLM\...\{9B79DCB0-AAD7-456B-8D07-433C936FA24B}) (Version: 1.00.0000 - Dell) Hidden
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Eudora (HKLM\...\{268C1DB7-02FA-45F2-93EC-0D4DDCA91AB8}) (Version: 7.0 - )
ExamDiff Pro 3.4.2 (HKLM\...\ExamDiff Pro_is1) (Version: - PrestoSoft)
G4FON Koch Method Morse Trainer (HKLM\...\G4FON Koch Method Morse Trainer) (Version: - )
getPlus(R) (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.19 - NOS Microsystems Ltd.)
Google Chrome (HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\Google Chrome) (Version: 8.0.552.224 - Google Inc.)
Google Earth (HKLM\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Gears (HKLM\...\{95774351-6087-3A3B-8CA8-70BEE49D2BD5}) (Version: 0.4.24.0 - Google) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.2.183.39 - Google Inc.) Hidden
Help and Support Customization (HKLM\...\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}) (Version: 1.00.0000 - Dell) Hidden
honestechDVR 2.5 (HKLM\...\{C7D1E968-545B-4A37-A714-99E8AE7B2645}) (Version: 2.5 - honestech) Hidden
honestechDVR 2.5 (HKLM\...\{D8410ADD-CB92-46B6-AB7C-AF4907A803A2}) (Version: 2.5 - honestech)
Inssider (HKLM\...\{B5915379-1885-4220-BEB5-A602A368D581}) (Version: 1.0.3 - MetaGeek)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (HKLM\...\{35BDEFF1-A610-4956-A00D-15453C116395}) (Version: 1.00.03 - Dell Inc.) Hidden
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
IZArc 4.1.6 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.3 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 8 Update 92 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Jupiter 2.0.7.1 (HKLM\...\{22C070B6-BEC2-4B4B-8324-08DE6F168B9C}_is1) (Version: - Sylvain Rondi)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
MallinCam Control (HKLM\...\{32091497-B2FA-4091-B733-64A2DC30566C}) (Version: 1.2 - Pro-Com Electronics)
MallinCam Control (HKLM\...\{DF207EA2-675D-47C8-9D51-3F9F14EDAD5F}) (Version: 1.0.0 - Pro-Com Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET Web Matrix (HKLM\...\{DCBE96DF-822C-401C-8DD2-0F3539637ADE}) (Version: 0.6.812.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2004 (HKLM\...\{04410044-9149-45C6-A806-F2BF9CFCE762}) (Version: 2004 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft SAPI 5.1 Voices for Windows XP (HKLM\...\{8F194222-199F-11D6-B163-AA8310157D2E}) (Version: 1.0.0.0 - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 6.0 Professional Edition (HKLM\...\Visual C++ 6.0 Professional Edition) (Version: - )
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140) (HKLM\...\{F434F50E-7614-3EA8-9008-2FB866B697DA}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - )
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSDN Library - Visual Studio 6.0 (HKLM\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\{3A762A82-618D-3CAA-B847-D074ABFA0B2E}) (Version: 9.0.21022 - Microsoft) Hidden
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUSICMATCH® Jukebox (HKLM\...\{45EBDA59-D33B-433A-956E-B2F236468B56}) (Version: - )
NexRemote (HKLM\...\NexRemote) (Version: 1.7.22 - Celestron)
PHD Guiding 1.10.0 (HKLM\...\PHD Guiding_is1) (Version: - Stark Labs)
PHOTOfunSTUDIO (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.000 - Panasonic)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.00.0004 - Dell) Hidden
QuickTime (HKLM\...\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}) (Version: 7.4.5.67 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RogueKiller version 12.11.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.7.0 - Adlice Software)
RSpec Version 1.7 (Build:19) (HKLM\...\{A08319DE-E83E-4B07-B4E5-69F2489D6B45}_is1) (Version: - Field Tested Systems)
Shockwave (HKLM\...\Shockwave) (Version: - )
SlickEdit 2007 (HKLM\...\{B598851F-6498-48CF-B61F-5074B889773B}) (Version: 12.0.0.0 - SlickEdit Inc.)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
Sonic MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version: - )
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.0 - Sonic Solutions)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
StartupMonitor (HKLM\...\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}) (Version: 1.0.2.0 - Mike Lin)
Stellarium 0.10.4 (HKLM\...\Stellarium_is1) (Version: - )
Timex Trainer (HKLM\...\{96AF99D4-F7E8-4333-AB16-F9F4B91DBFBE}) (Version: 1.0.202 - Timex Corporation)
Update for 2007 Microsoft Office System (KB2284654) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Video/Audio Device Driver (HKLM\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Virtual Moon Atlas Pro 5.0 (HKLM\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
VNC Free Edition 4.1.2 (HKLM\...\RealVNC_is1) (Version: 4.1.2 - RealVNC Ltd.)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.59 - VSO Software)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
Where is M13? version 2.3 (HKLM\...\Where is M13?_is1) (Version: - Think Astronomy)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinJUPOS 10.0.16 (HKLM\...\WinJUPOS 10.0.16_is1) (Version: 10.0.16 - Grischa Hahn, Germany)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden
YouCam (HKLM\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden
YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.131.27\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\MSINET.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\SYSTEM32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D800E6DE-AFD1-4A47-9342-18426F9A50D3}\InprocServer32 -> D:\vs_2008_proj\polygon\polygon\Debug\polygon.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\SYSTEM32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
ContextMenuHandlers01: [EDPShell] -> {58549232-7081-4541-882C-767DB238453C} => C:\Program Files\ExamDiff Pro\EDPShell.dll [2005-08-27] (PrestoSoft)
ContextMenuHandlers01: [IZArcCM] -> {BC593DF5-466F-44EC-8FFD-C4DBC603B917} => C:\Program Files\IZArc\IZArcCM.dll [2011-02-28] ()
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
ContextMenuHandlers02: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => -> No File
ContextMenuHandlers02: [QuickFinderMenu] -> {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} => c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL [2003-03-07] (Novell, Inc., c/o Corel Corporation Limited)
ContextMenuHandlers02: [RecordNow! ContextMenuExt] -> {E91B2703-013E-4A99-AD33-2B6FB00AA356} => C:\Program Files\Sonic\RecordNow!\shlext.dll [2003-08-13] (Sonic Solutions)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [IZArcCM] -> {BC593DF5-466F-44EC-8FFD-C4DBC603B917} => C:\Program Files\IZArc\IZArcCM.dll [2011-02-28] ()
ContextMenuHandlers04: [QuickFinderMenu] -> {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} => c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL [2003-03-07] (Novell, Inc., c/o Corel Corporation Limited)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-09-20] (Intel Corporation)
ContextMenuHandlers06: [EDPShell] -> {58549232-7081-4541-882C-767DB238453C} => C:\Program Files\ExamDiff Pro\EDPShell.dll [2005-08-27] (PrestoSoft)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)

 

[al davis]

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\A l e r t s.job => C:\PROGRA~1\Dell\Support\bin\Support.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\al\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Documents and Settings\al\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\Installer\setup.exe (Google Inc.) -> --uninstall
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008\Visual Studio Tools\Visual Studio 2008 Command Prompt.lnk -> C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) -> /k ""c:\Program Files\Microsoft Visual Studio 9.0\VC\vcvarsall.bat"" x86
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008\Visual Studio Tools\Visual Studio 2008 x64 Cross Tools Command Prompt.lnk -> C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) -> /k ""c:\Program Files\Microsoft Visual Studio 9.0\VC\vcvarsall.bat"" x86_amd64
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Brother\HL-5340D\User's Guides in PDF format.lnk -> C:\Program Files\Brother\BRHL5340\WEBLINK.exe () -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=prn046&LNG=en&SRC=DOC

==================== Loaded Modules (Whitelisted) ==============

2011-06-24 14:51 - 2011-02-28 21:42 - 00652800 _____ () C:\Program Files\IZArc\IZArcCM.dll
2002-12-12 01:14 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2005-08-30 09:14 - 2011-11-03 10:28 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll
2003-05-30 10:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\.DEFAULT\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\163.com -> www.163.com
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com

There are 4007 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com

There are 4007 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com

There are 4007 more sites.

IE trusted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\turbotax.com -> hxxps://turbotax.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163.com -> www.163.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\171203.com -> 171203.com

There are 4005 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-19 09:19 - 2015-03-26 00:37 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.234.97.2 - 216.234.97.3
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Disabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe] => Disabled:Acrobat.com
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabledxpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\al\Desktop\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\RealVNC\VNC4\winvnc4.exe] => Enabled:VNC Server Free Edition for Win32
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3:TCP] => :LocalSubNet:Enabled:e-sys
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabledxpsp2res.dll,-22009

==================== Restore Points =========================

24-04-2017 17:11:06 System Checkpoint
25-04-2017 18:07:34 System Checkpoint
26-04-2017 18:26:01 System Checkpoint
27-04-2017 19:09:44 System Checkpoint
28-04-2017 20:03:46 System Checkpoint
29-04-2017 21:25:53 System Checkpoint
30-04-2017 22:05:14 System Checkpoint
01-05-2017 22:23:17 System Checkpoint
03-05-2017 08:31:06 System Checkpoint
04-05-2017 13:47:25 System Checkpoint
05-05-2017 14:06:50 System Checkpoint
06-05-2017 16:43:30 System Checkpoint
08-05-2017 09:21:47 System Checkpoint
09-05-2017 10:18:58 System Checkpoint
11-05-2017 10:15:11 System Checkpoint
12-05-2017 20:01:34 System Checkpoint
13-05-2017 20:29:25 System Checkpoint
14-05-2017 21:02:31 System Checkpoint
15-05-2017 21:28:21 System Checkpoint
16-05-2017 22:00:45 System Checkpoint
18-05-2017 07:37:47 System Checkpoint
19-05-2017 10:58:59 System Checkpoint
20-05-2017 11:30:30 System Checkpoint
21-05-2017 11:58:08 System Checkpoint
23-05-2017 08:08:20 System Checkpoint
24-05-2017 09:09:03 System Checkpoint
25-05-2017 09:50:16 System Checkpoint
26-05-2017 20:44:01 System Checkpoint
27-05-2017 20:54:01 System Checkpoint
28-05-2017 21:34:25 System Checkpoint
29-05-2017 21:35:25 System Checkpoint
31-05-2017 19:26:56 System Checkpoint
01-06-2017 20:52:48 System Checkpoint
02-06-2017 21:43:36 System Checkpoint
03-06-2017 22:36:08 System Checkpoint
04-06-2017 22:47:03 System Checkpoint
05-06-2017 22:50:07 System Checkpoint
06-06-2017 23:09:12 System Checkpoint
08-06-2017 10:37:58 System Checkpoint
09-06-2017 11:03:44 System Checkpoint
10-06-2017 21:19:19 System Checkpoint
11-06-2017 22:03:54 System Checkpoint
12-06-2017 22:19:59 System Checkpoint
14-06-2017 13:00:18 System Checkpoint
15-06-2017 13:48:28 System Checkpoint
19-06-2017 15:13:15 System Checkpoint
20-06-2017 15:19:55 System Checkpoint
21-06-2017 15:41:52 System Checkpoint
22-06-2017 17:20:44 System Checkpoint
23-06-2017 17:50:13 System Checkpoint
25-06-2017 07:58:37 System Checkpoint
26-06-2017 09:13:31 System Checkpoint
27-06-2017 09:24:45 System Checkpoint
28-06-2017 14:48:47 System Checkpoint
29-06-2017 15:29:20 System Checkpoint
30-06-2017 18:35:45 System Checkpoint
01-07-2017 19:34:42 System Checkpoint
02-07-2017 20:28:47 System Checkpoint
03-07-2017 20:50:25 System Checkpoint
05-07-2017 10:20:57 System Checkpoint
06-07-2017 10:42:59 System Checkpoint
07-07-2017 18:51:32 System Checkpoint
08-07-2017 21:03:22 System Checkpoint
09-07-2017 21:56:36 System Checkpoint
11-07-2017 09:09:34 System Checkpoint
12-07-2017 10:54:32 System Checkpoint
13-07-2017 20:15:41 System Checkpoint
14-07-2017 20:33:46 System Checkpoint
15-07-2017 23:57:27 System Checkpoint
17-07-2017 09:29:54 System Checkpoint
18-07-2017 10:01:28 System Checkpoint
18-07-2017 13:05:38 JRT Pre-Junkware Removal
19-07-2017 13:22:29 System Checkpoint
20-07-2017 14:19:19 System Checkpoint
20-07-2017 20:37:14 JRT Pre-Junkware Removal
21-07-2017 21:04:26 System Checkpoint
23-07-2017 13:09:38 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2017 09:47:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application stellarium.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/18/2017 07:41:05 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/18/2017 07:40:38 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/18/2017 07:39:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 18.7.2017.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/19/2016 10:25:13 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/19/2016 10:25:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:15:27 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/18/2016 09:09:20 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/18/2016 09:09:18 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (09/18/2016 09:09:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/17/2016 07:15:24 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (09/17/2016 06:50:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (09/17/2016 06:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The helpsvc service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 18%
Total physical RAM: 2557.98 MB
Available physical RAM: 2073.32 MB
Total Virtual: 3173.07 MB
Available Virtual: 2844.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:5.78 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:27.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DBBDF0DD)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 03C16DE5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.