Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-04-2017 Ran by Owner (19-04-2017 16:09:28) Running from C:\Documents and Settings\Owner\My Documents\Downloads\Programs Microsoft Windows XP Professional Service Pack 3 (X86) (2015-12-25 22:45:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-329068152-2052111302-1801674531-500 - Administrator - Disabled) ASPNET (S-1-5-21-329068152-2052111302-1801674531-1004 - Limited - Enabled) Guest (S-1-5-21-329068152-2052111302-1801674531-501 - Limited - Disabled) HelpAssistant (S-1-5-21-329068152-2052111302-1801674531-1000 - Limited - Disabled) Owner (S-1-5-21-329068152-2052111302-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner SUPPORT_388945a0 (S-1-5-21-329068152-2052111302-1801674531-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBulkMailer (HKLM\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 8.2 - Advanced Business Objects) Adobe AIR (HKLM\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Bandicam (HKLM\...\Bandicam) (Version: 2.3.1.840 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) CherryPlayer (HKLM\...\CherryPlayer) (Version: 2.4.5 - CherryPlayer) Classic FTP File Transfer Software (HKLM\...\ClassicFTP) (Version: 2.38 - NCH Software) Color Cop 5.4.3 (HKLM\...\Color Cop_is1) (Version: - Jay Prall) ContextConsole Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 2.1.0.1 - Kai Liu) CuteFTP 9 (HKLM\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape) Detect-Email (HKLM\...\Detect-Email_is1) (Version: Detect-Email - Matisoft) DFX (HKLM\...\DFX) (Version: 11.113.0.0 - Power Technology) ESET Smart Security (HKLM\...\{1A992BAD-C2ED-4B54-8124-3A7762514373}) (Version: 10.0.386.0 - ESET, spol. s r.o.) FastStone Capture 8.3 (HKLM\...\FastStone Capture) (Version: 8.3 - FastStone Soft) Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden iLovePage1 version 1.6 (HKLM\...\iLovePage1_is1) (Version: 1.6 - iLovePage1 Ltd.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 0.0.0.0000 - Intel Corporation) Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) K-Lite Codec Pack 11.8.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.8.0 - ) Malwarebytes Anti-Exploit version 1.9.1.1384 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1384 - Malwarebytes) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.6229 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7497 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7497 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219.436 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{262779db-23a3-4517-bbcd-a05a9ff0570b}) (Version: 14.0.23918.0 - Microsoft Corporation) Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla) Notepad++ (HKLM\...\Notepad++) (Version: 6.8.8 - Notepad++ Team) Opera Mobile Emulator (HKLM\...\{1826D0CA-F479-4430-9EFE-86E8E783505B}_is1) (Version: - Opera Software ASA) RogueKiller version 12.10.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.5.0 - Adlice Software) RS Email Extractor version 4.1.0.23 (HKLM\...\RS Email Extractor_is1) (Version: 4.1.0.23 - Redscraper) Shutdown8 (HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\Shutdown8) (Version: 1.08 - Bandisoft.com) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5880 - Analog Devices) Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) SumatraPDF 2.2.1 (HKLM\...\SumatraPDF) (Version: 2.2.1 - Krzysztof Kowalczyk) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Unity Web Player (HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS) VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version: - ) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WinHTTrack Website Copier 3.49-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.1 - HTTrack) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WPS Office (10.1.0.5656) (HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\Kingsoft Office) (Version: 10.1.0.5656 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32 -> => No File CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{000209FE-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{00024512-0000-0000-C000-000000000046}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\refedit.dll () CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\mui\default\resource\ksee\EqnEdit.exe (Design Science, Inc.) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{112EA537-7AB9-4e22-8BFB-7FD5FCB19849}\localserver32 -> C:\Program Files\Globalscape\CuteFTP\ftpte.exe (Globalscape, Inc.) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{3D3B1846-CC43-42ae-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll (Simon Bünzli) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{41C26FB6-41AF-4A3D-AD41-32D5218B60E1}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll (Simon Bünzli) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 -> => No File CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{AA14F9C9-62B5-4637-8AC4-8F25BF29D5A7}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{B722BCCD-4E68-101B-A2BC-00AA00404770}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\ksoapi.dll (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-329068152-2052111302-1801674531-1003_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Documents and Settings\Owner\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com Shortcut: C:\Documents and Settings\Owner\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://diagnostic.image-line.com Shortcut: C:\Documents and Settings\Owner\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com Shortcut: C:\Documents and Settings\Owner\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk Shortcut: C:\Documents and Settings\Owner\Start Menu\Programs\CherryPlayer\Visit CherryPlayer website.lnk -> hxxp://www.cherryplayer.com Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://diagnostic.image-line.com Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk ==================== Loaded Modules (Whitelisted) ============== 2015-04-15 21:13 - 2015-04-15 21:13 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll 2013-01-02 07:48 - 2013-01-02 07:48 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2014-04-07 20:40 - 2014-04-07 20:40 - 00049112 _____ () C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll 2017-04-18 16:32 - 2017-04-18 16:32 - 19700312 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 13:00 - 1980-01-04 00:01 - 00000889 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 HPSystem # LMS GENERATED LINE ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-329068152-2052111302-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: 8.8.8.8 - 8.8.4.4 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup MSCONFIG\startupreg: atchk => "C:\Program Files\Intel\AMT\atchk.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: DFX => C:\Program Files\DFX\DFX.exe -startup MSCONFIG\startupreg: DLLSuite2016 => C:\Program Files\DLL Suite\DLLSuite.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Social Bookmark Commando => C:\Documents and Settings\Owner\My Documents\Downloads\Compressed\Social Bookmark Commando\Social Bookmark Commando\Social Bookmark Commando\SocialBookmarkCommando.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Disabled:Microsoft DirectPlay Voice Test StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Disabled:Run a DLL as an App StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) ==================== Restore Points ========================= 17-04-2017 03:00:18 Software Distribution Service 3.0 17-04-2017 03:23:25 Software Distribution Service 3.0 17-04-2017 13:55:56 Installed CuteFTP 9 17-04-2017 15:57:24 Revo Uninstaller's restore point - Xlight FTP Server 3.8.8 17-04-2017 15:58:31 Revo Uninstaller's restore point - FlashFXP 5 17-04-2017 16:11:15 Revo Uninstaller's restore point - Go!Zilla 17-04-2017 16:15:27 Revo Uninstaller's restore point - VideoPad Video Editor 17-04-2017 16:15:37 Revo Uninstaller's restore point - VideoPad Video Editor 17-04-2017 16:17:12 Revo Uninstaller's restore point - Pixillion Image Converter 17-04-2017 16:17:38 Revo Uninstaller's restore point - Express Burn Disc Burning Software 17-04-2017 16:18:07 Revo Uninstaller's restore point - Fling File Transfer 18-04-2017 02:26:25 Software Distribution Service 3.0 18-04-2017 16:20:49 Software Distribution Service 3.0 18-04-2017 16:30:26 Revo Uninstaller's restore point - Adobe Flash Player 25 NPAPI 18-04-2017 21:13:38 Revo Uninstaller's restore point - RogueKiller version 12.10.4.0 19-04-2017 03:00:20 Software Distribution Service 3.0 19-04-2017 03:17:19 Software Distribution Service 3.0 ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Description: Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 62% Total physical RAM: 2002.23 MB Available physical RAM: 752.2 MB Total Virtual: 3895.39 MB Available Virtual: 2793.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:22.46 GB) (Free:1.8 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:120.19 GB) (Free:33.73 GB) NTFS Drive e: (Local Disk) (Fixed) (Total:90.23 GB) (Free:13.47 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 4B60C751) Partition 1: (Active) - (Size=22.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=210.4 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================