View Single Post
  #45  
Old March 2nd, 2019, 03:25 PM
evanandrew3333 evanandrew3333 is offline
Banned
 
Join Date: Feb 2019
Posts: 79
hxxp://ui.skype.com/ui/0/4.2.0.166.272/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {F61B920E-C4A3-4853-AF97-B3BC5C669F82} - System32\Tasks\{B8D753B3-1B82-4CA4-B541-F30C28572291} => C:\Program Files (x86)\Infogrames Interactive\Civilization III\Civilization3.exe () [File not signed]
Task: {FCA5CE8F-7865-488A-B9A6-38D0CEF45C78} - System32\Tasks\{06B2CA6E-D09A-40C3-B278-31D59B50850A} => C:\Program Files (x86)\Microsoft Games\Rise Of Legends\legends.exe
Task: {FD6FABCB-CBAE-4D7B-8FEE-A075C4CF8D95} - System32\Tasks\{88C91B33-B1C2-478C-A1CC-119AA5222976} => C:\Users\beatcat\Desktop\Games\Company of Heroes- Tales of Valor\Autorun.exe (THQ Canada Inc. -> THQ Canada Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForbeatcat.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2012-09-18 12:15 - 2012-09-18 12:15 - 008525728 ____H (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Electronic Arts, Inc.) [File not signed] C:\Program Files (x86)\Monopoly\monopolywin.exe
2009-09-20 11:24 - 2009-09-20 11:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2014-01-08 11:00 - 2012-09-13 19:05 - 000138752 _____ () [File not signed] C:\Program Files (x86)\Monopoly\libpng15.dll
2014-01-08 11:00 - 2012-09-13 19:05 - 000075264 _____ (Zlib) [File not signed] C:\Program Files (x86)\Monopoly\zlib1.dll
2014-01-08 11:00 - 2012-09-13 19:05 - 000032768 _____ () [File not signed] C:\Program Files (x86)\Monopoly\alut.dll
2014-01-08 11:00 - 2012-09-13 19:05 - 000029184 _____ () [File not signed] C:\Program Files (x86)\Monopoly\libvorbisfile.dll
2014-01-08 11:00 - 2012-09-13 19:05 - 000017920 _____ () [File not signed] C:\Program Files (x86)\Monopoly\libogg.dll
2014-01-08 11:00 - 2012-09-13 19:05 - 001624576 _____ () [File not signed] C:\Program Files (x86)\Monopoly\libvorbis.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:6764D965 [460]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1214944576-273379327-1179527443-1000\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-10-21 11:16 - 000454816 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15609 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\J ava\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-1214944576-273379327-1179527443-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\beatcat\AppData\Roaming\Microsoft\Windows \Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackTrayMenu.lnk => C:\Windows\pss\CodecPackTrayMenu.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\Windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^beatcat^AppData^Roaming^Microsoft^Windows ^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Codec Pack Update Checker => "C:\Windows\system32\Codecs\UpdateChecker.exe"
MSCONFIG\startupreg: Codec Settings UAC Manager => "C:\Windows\system32\Codecs\CodecUACManager.ex e"
MSCONFIG\startupreg: Comrade.exe => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
MSCONFIG\startupreg: Discord => C:\Users\beatcat\AppData\Local\Discord\app-0.0.304\Discord.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GOGDownloader => "C:\Users\beatcat\Documents\gogdownloader_0901376\ GOGDownloader.exe" /minimized
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: igndlm.exe => C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Microsoft Works Portfolio => C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files (x86)\Microsoft Works\WkDetect.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: snp2std => C:\Windows\vsnp2std.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: WorksFUD => C:\Program Files (x86)\Microsoft Works\wkfud.exe
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3B1A0EB0-0BE1-44D5-827B-8A812E7ABF55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8C81FF89-5A54-4F52-A8C0-BFC192E63DEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C3CA126B-1BF3-4259-975D-EC04BEEDE89D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9DD09435-9489-49B7-A123-170C355456E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5F425BFC-9B1E-453C-86CB-0D6F3A6D6D6A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{85EADD90-6157-4418-871A-EAA3276C603D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{E082A3C7-EB39-4813-9EE8-A043F27B3D4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{5AC52F89-BFD8-4B3B-8FE9-2A91379C94AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{29D31D65-7441-4FDF-9C8E-AAE61A9AECD5}] => (Allow) C:\Program Files\pia_manager\pia_manager.exe No File
FirewallRules: [{15AECC1F-74B4-4FB8-A14D-9ED0F59707B3}] => (Allow) C:\Program Files\pia_manager\pia_manager.exe No File
FirewallRules: [{74BFBCA3-1429-42AD-BE0F-BF663709C735}] => (Allow) C:\Program Files\pia_manager\pia_manager.exe No File
FirewallRules: [{68B2EBF1-DDCC-449C-8A80-5853D39AA595}] => (Allow) C:\Program Files\pia_manager\pia_manager.exe No File
FirewallRules: [{B7A95BAB-6480-4FD2-95ED-EF5ADA72ED3F}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe No File
FirewallRules: [{8DF47870-117A-4DDD-ADAF-11A17E0E3C81}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe No File
FirewallRules: [TCP Query User{6EBD9521-ED82-4D80-A883-2DAA8B8FB7D5}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)