Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-07-2017 Ran by Christopher Davis (24-07-2017 11:55:48) Running from F:\TechToolStore\Tech tool store tools Microsoft Windows XP Home Edition Service Pack 3 (X86) (2017-07-22 13:18:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1993962763-152049171-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-1993962763-152049171-725345543-1005 - Limited - Enabled) Christopher Davis (S-1-5-21-1993962763-152049171-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Christopher Davis Guest (S-1-5-21-1993962763-152049171-725345543-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1993962763-152049171-725345543-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1993962763-152049171-725345543-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 360 Total Security (Enabled - Up to date) {5EEE8B0C-BEB2-4f05-BA7E-5EF3A65B8ECC} FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1993962763-152049171-725345543-1004\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) 360 Total Security (HKLM\...\360TotalSecurity) (Version: 8.8.0.1042 - 360 Security Center) 7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adblock Plus for IE (32-bit) (HKLM\...\{FE4694A5-33AF-4F10-B2C0-8F2750A5ED05}) (Version: 1.6 - Eyeo GmbH) Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.) Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5120 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.051-040825a-019641C-Dell - ) Audacity 2.1.3 (HKLM\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Everything 1.4.1.877 (x86) (HKLM\...\Everything) (Version: 1.4.1.877 (x86) - David Carpenter) Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot) herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.) HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation) HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.) Jasc Animation Shop 3 (HKLM\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc) Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc) Java 8 Update 141 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation) K-Lite Codec Pack 13.3.5 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 13.3.5 - KLCP) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Tool Web Package : EXCTRLST.EXE (HKLM\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Windows Script 5.7 (HKLM\...\Windows Script) (Version: - Microsoft Corporation) Mozilla Firefox 52.2.1 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x86 en-US)) (Version: 52.2.1 - Mozilla) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation) Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG) Norton Utilities 16 (HKLM\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation) OpenOffice 4.1.3 (HKLM\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices) TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.78716 - TeamViewer) VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes) VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version: - ) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) VSDC Free Video Editor version 5.7.8.724 (HKLM\...\VSDC Free Video Editor_is1) (Version: 5.7.8.724 - Flash-Integro LLC) WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden Window Washer (HKLM\...\Window Washer) (Version: - ) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Registry Guide 2003 (HKLM\...\Windows Registry Guide_is1) (Version: - WinGuides) Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.95 - Microsoft) Windows Rights Management Client with Service Pack 2 (HKLM\...\{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}) (Version: 5.2.95 - Microsoft) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wireshark 1.10.1 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.1 - The Wireshark developer community, hxxp://www.wireshark.org) ZoneAlarm Firewall (HKLM\...\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.3.119.000 - Check Point) ZoneAlarm Security (HKLM\...\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}) (Version: 14.3.119.000 - Check Point Software Technologies Ltd.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{455353C3-4FBF-4C26-8FF9-5AF601814D6B}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe (Jasc Software, Inc.) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1993962763-152049171-725345543-1004_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation) ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG) ContextMenuHandlers01: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files\360\Total Security\MenuEx.dll [2017-07-13] () ContextMenuHandlers01: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG) ContextMenuHandlers01: [Washer] -> {6EE51AA0-77A0-11D7-B4E1-000347126E46} => C:\Program Files\Common Files\Webroot Shared\ShellWash.dll [2004-10-12] (Webroot Software) ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers02: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG) ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers04: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files\360\Total Security\MenuEx.dll [2017-07-13] () ContextMenuHandlers04: [Washer] -> {6EE51AA0-77A0-11D7-B4E1-000347126E46} => C:\Program Files\Common Files\Webroot Shared\ShellWash.dll [2004-10-12] (Webroot Software) ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers06: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files\360\Total Security\MenuEx.dll [2017-07-13] () ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks============================= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-07-22 10:34 - 2017-07-13 20:47 - 00099240 _____ () C:\Program Files\360\Total Security\deepscan\qutmload.dll 2004-08-04 03:00 - 2015-12-03 13:03 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2004-08-04 03:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2017-07-22 10:34 - 2017-07-13 20:47 - 00560552 _____ () C:\Program Files\360\Total Security\MenuEx.dll 2017-07-22 10:34 - 2017-07-13 20:47 - 01168992 _____ () C:\Program Files\360\Total Security\safemon\QHSafeTray.exe 2004-08-04 03:00 - 2017-03-15 06:17 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1 [197] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-04 03:00 - 2004-08-04 03:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1993962763-152049171-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Christopher Davis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: 208.67.222.222 - 208.67.220.220 sharedaccess => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ATIPTA => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: Everything => "C:\Program Files\Everything\Everything.exe" -startup MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN4251209X05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: uTorrent => "C:\Documents and Settings\Christopher Davis\Application Data\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s MSCONFIG\startupreg: Window Washer => C:\Program Files\Webroot\Washer\wwDisp.exe /startup ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Christopher Davis\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe] => Enabled:VSDC Free Video Editor StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Activation.exe] => Enabled:VSDC Free Video Editor Activater StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Updater.exe] => Enabled:VSDC Free Video Editor Updater StandardProfile\AuthorizedApplications: [F:\TechToolStore\TechToolStore.exe] => Enabled:Tech tool store StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP ENVY 4500 series) StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP ENVY 4500 series) StandardProfile\AuthorizedApplications: [C:\Program Files\360\Total Security\safemon\QHSafeTray.exe] => Enabled:360 Total Security StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) StandardProfile\GloballyOpenPorts: [5357:TCP] => Enabled:WS-Eventing TCP Port 5357 ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/23/2017 08:46:36 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe . Error code = 0x80070020 Error: (07/23/2017 07:45:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 Error: (07/23/2017 07:22:21 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: UIAutomationProvider, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 Error: (07/23/2017 06:18:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 Error: (07/23/2017 06:18:36 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 Error: (07/23/2017 06:17:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 Error: (07/23/2017 06:16:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.PowerShell.GraphicalHost,Version=1.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35,ProcessorArchitecture=msil . Error code = 0x80070020 Error: (07/23/2017 06:08:46 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 Error: (07/23/2017 06:03:15 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 Error: (07/23/2017 06:02:21 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationUI, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 System errors: ============= Error: (07/24/2017 11:18:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HTTP SSL service depends on the HTTP service which failed to start because of the following error: Access is denied. Error: (07/24/2017 11:18:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HTTP service failed to start due to the following error: Access is denied. Error: (07/23/2017 11:07:49 PM) (Source: Schannel) (EventID: 4116) (User: ) Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is orion.ts.360.com. The SSL connection request has failed. The attached data contains the server certificate. Error: (07/23/2017 10:00:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HTTP SSL service depends on the HTTP service which failed to start because of the following error: Access is denied. Error: (07/23/2017 10:00:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HTTP service failed to start due to the following error: Access is denied. Error: (07/23/2017 03:42:52 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz Percentage of memory in use: 19% Total physical RAM: 3070.09 MB Available physical RAM: 2460.11 MB Total Virtual: 5910.14 MB Available Virtual: 5480.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:60.2 GB) NTFS ==>[drive with boot components (Windows XP)] Drive f: (Storage) (Fixed) (Total:232.88 GB) (Free:196.48 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 6DF5F2C3) Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 02F01EFC) Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================