Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old April 3rd, 2020, 11:18 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
Pandaviewer

All the tiff files that I have are showing up as pandaviewer tiff files. I tried malwarebytes, Zemana, spybot and rogue killer but without success. There must be something in the Registry that I think needs to be modified. Any ideas? Thanks. By the way I am using XP.
Reply With Quote


  #2  
Old April 3rd, 2020, 11:57 PM
renegade600's Avatar
renegade600 renegade600 is offline
Certifiable Bum
 
Join Date: Sep 2003
O/S: Linux
Location: Osceola, Ar
Posts: 26,545
As per the CTH guidelines for the Cyber Safety forum shown Here, this post has been deleted. Members who have not been approved by the CTH Staff to provide infection removal/repair steps are prohibited from posting those procedures.
--------
my bad - was not paying attention to the forum I was in since I was only looking at new posts.

Last edited by renegade600; April 4th, 2020 at 05:30 PM.
Reply With Quote
  #3  
Old April 4th, 2020, 02:40 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,040
Howdy luzchurch,

I had to remove renegade600's post, which was very incorrect. Pandaviewer is a potentially unwanted program, that usually gets snuck onto your system, hijacks your browser and search settings and can come bundled with other unwanted programs. And apparently is still set on your system to open tiff files. Let's take a look, then get everything corrected there.


For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Use extra posts here as needed.
Reply With Quote
  #4  
Old April 4th, 2020, 03:31 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-03-2020
Ran by owner (administrator) on EMACHINE (eMachines EL1200-01h) (04-04-2020 10:15:06)
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner (Available Profiles: owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Canon Inc. -> CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\alg.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2G 1.EXE
(Nero AG -> Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(RealNetworks, Inc. -> ) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Softland SRL -> Microsoft) [File not signed] C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\services.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiprvse.exe
(Wondershare) [File not signed] C:\Program Files\Wondershare\WAF\2.4.3.242\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3202416 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2016-12-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [81920 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8491008 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
HKLM\...\Run: [EPSON Stylus CX5400 (Copy 1)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus CX5400] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [DLADiag] => C:\WINDOWS\DLADiag.EXE [57403 2005-08-25] (Sonic Solutions) [File not signed]
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [Chromium] => "c:\documents and settings\owner\local settings\application data\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_ 0_0_238_Plugin.exe [1457208 2019-09-02] (Adobe Inc. -> Adobe) [File not signed]
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\INETPP.DLL [76800 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\WIN32SPL.DLL [104960 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -> C:\WINDOWS\system32\ieudinit.exe [2016-03-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\System32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\49.0.2623.112\Inst aller\chrmstp.exe [2018-05-03] (Google Inc -> Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{CC83D544-1125-C7EE-8688-26B699B123B5}] -> C:\WINDOWS\system32\ADVPACK.DLL [2009-03-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [264480 2014-10-17] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
SecurityProviders: C:\WINDOWS\system32\MSAPSSPC.DLL, C:\WINDOWS\system32\SCHANNEL.DLL, C:\WINDOWS\system32\DIGEST.DLL, C:\WINDOWS\system32\MSNSSPC.DLL
Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-12]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_ 0_0_238_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\novaPDF Reactivation.job => C:\Program Files\Softland\novaPDF 8\Driver\ActivationClient.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{CE5BCC45-4C4F-4586-B869-86ECA889A6D4}: [DhcpNameServer] 64.71.255.204 64.71.255.198

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729848673750&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729847580000&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE \rndlbrowserrecordplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corporation -> Microsoft Corp.)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corporation -> Microsoft Corp.)
Toolbar: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files\TurboTax 2013\ic2013pp.dll [2014-02-27] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
Reply With Quote
  #5  
Old April 4th, 2020, 03:32 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4seut7x1.default-1585692271045 [2020-04-04]
FF Extension: (Hotfix for Firefox bug 1548973 (armagaddon 2.0) mitigation) - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4seut7x1.default-1585692271045\features\{77ac282c-2a82-4231-bd5a-628540cecb7d}\hotfix-bug-1548973@mozilla.org.xpi [2020-03-31] [Legacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-20] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 => not found
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext [2016-12-10] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_ 238.dll [2019-09-02] (Adobe Inc. -> ) [File not signed]
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-06] (Nero AG -> Nero AG)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2016-12-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-12-10] (RealNetworks, Inc. -> RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\np dlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2020-04-03]
CHR DownloadDir: C:\Documents and Settings\owner\My Documents
CHR Extension: (RealDownloader) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji [2018-05-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Ch rome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2019-09-02] (Adobe Inc. -> Adobe) [File not signed]
R3 BITS; C:\WINDOWS\system32\qmgr.dll [408576 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 EventSystem; C:\WINDOWS\System32\ES.DLL [253952 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [134144 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
S2 Microsoft DirectX Configuration Service; C:\WINDOWS\system32\dxconfig.exe [64512 2016-04-06] () [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe /V [96256 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [785904 2015-07-07] (Nero AG -> Nero AG)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Softland SRL -> Microsoft) [File not signed]
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [155716 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-11-30] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2013-08-14] (RealNetworks, Inc. -> )
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [330752 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{C25A8AC1-6F52-40C6-B9AC-E32B14580D4A} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [296960 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175616 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [618496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.242\WsAppService.exe [482304 2018-08-29] (Wondershare) [File not signed]
S2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [64512 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483328 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [208824 2020-03-02] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice .sys [26032 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [25920 1998-11-12] (Adaptec) [File not signed]
S0 Cdr4vsd; C:\Windows\System32\Drivers\Cdr4vsd.sys [72032 2014-08-26] (Adaptec) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 DLADiagN; C:\WINDOWS\System32\Drivers\DLADiagN.SYS [10908 2005-08-25] (Sonic Solutions) [File not signed]
R1 DLAPMonN; C:\WINDOWS\System32\Drivers\DLAPMonN.SYS [22812 2005-08-25] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
S1 DumpDrv; C:\Windows\System32\Drivers\DumpDrv.sys [9472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation -> EldoS Corporation)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2018-04-08] (Enigma Software Group USA, LLC -> )
S4 exFat; C:\Windows\System32\Drivers\exFat.sys [133632 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R4 Fastfat; C:\Windows\System32\Drivers\Fastfat.sys [143744 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [9216 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Microsoft Windows Component Publisher -> Windows (R) Server 2003 DDK provider)
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4800000 2008-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R0 KSecDD; C:\Windows\System32\Drivers\KSecDD.sys [92928 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2020-02-29] (Malwarebytes Corporation -> Malwarebytes)
R0 MountMgr; C:\Windows\System32\Drivers\MountMgr.sys [42752 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation -> Microsoft Corporation)
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [179968 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [457856 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\Mup.sys [105472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182912 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91776 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [40960 2013-11-27] (Windows XP SP4 Developer -> Microsoft Corporation)
R4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [576512 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6867360 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [70272 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Microsoft Windows Component Publisher -> Parallel Technologies, Inc.)
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [174848 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [195712 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 RDPWD; C:\WINDOWS\System32\Drivers\RDPWD.SYS [139784 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62848 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [358016 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2012-07-19] (Samsung Electronics) [File not signed]
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2016-02-21] (Rocket Division Software Ltd -> )
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\Drivers\TDTCP.sys [22024 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
U5 TDTDP; C:\WINDOWS\System32\Drivers\TDTCP.SYS [22024 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30464 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 uti0odgx; C:\WINDOWS\system32\Drivers\uti0odgx.sys [7168 2017-04-11] () [File not signed]
S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam_prewin8.sys [20256 2016-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [70016 2019-04-02] (Protected Antivirus Limited -> Protected.net)
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [91904 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [132224 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 MpKsl353d9e32; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D016E788-E23A-4BD9-A4A7-76B8E86B8EA5}\MpKsl353d9e32.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-03 11:01 - 2020-04-03 11:01 - 003619267 _____ C:\Documents and Settings\owner\My Documents\database.txt
2020-04-01 17:34 - 2020-04-01 17:34 - 000000130 _____ C:\Documents and Settings\owner\My Documents\TKG's paperback book for sale .txt
2020-03-25 18:09 - 2020-03-25 18:09 - 000064489 _____ C:\Documents and Settings\owner\My Documents\Erls Stanley Gardner booklist.txt
2020-03-25 16:59 - 2020-03-25 16:59 - 000005786 _____ C:\Documents and Settings\owner\My Documents\Ennapadam.txt
2020-03-25 13:08 - 2020-03-25 13:08 - 000003134 _____ C:\Documents and Settings\owner\My Documents\hindi film son links.txt
2020-03-24 19:07 - 2020-03-24 19:07 - 000000043 _____ C:\Documents and Settings\owner\My Documents\notation for kuhU kuhU bOlE kOyaliyA.txt
2020-03-08 10:40 - 2020-03-08 10:40 - 000000000 ____D C:\Documents and Settings\owner\My Documents\New Folder (2)

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-04 10:18 - 2018-05-03 13:10 - 000000000 ____D C:\Documents and Settings\owner\Local Settings\temp
2020-04-04 10:16 - 2016-03-09 08:26 - 000000000 ____D C:\FRST
2020-04-04 10:15 - 2016-03-14 11:15 - 004927095 _____ C:\WINDOWS\ZAM.krnl.trace
2020-04-04 08:46 - 2016-03-25 11:08 - 057327616 _____ C:\New index.accdb
2020-04-04 08:46 - 2016-03-15 06:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\vlc
2020-04-04 07:21 - 2013-04-09 06:56 - 000000000 ____D C:\WINDOWS\Network Diagnostic
2020-04-03 15:37 - 2018-05-03 13:20 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2020-04-03 15:02 - 2008-04-14 05:00 - 000000885 _____ C:\WINDOWS\win.ini
2020-04-02 10:28 - 2013-05-12 10:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\XnView
2020-04-01 13:20 - 2013-11-22 17:29 - 000000000 ____D C:\Documents and Settings\owner\My Documents\Outlook Files
2020-03-31 07:31 - 2015-01-13 17:52 - 000000000 ____D C:\Documents and Settings\owner\My Documents\Applian
2020-03-28 15:07 - 2013-04-09 11:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-03-28 15:03 - 2016-11-16 15:52 - 000000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job
2020-03-28 14:42 - 2017-10-23 11:26 - 000000486 _____ C:\WINDOWS\Tasks\novaPDF Reactivation.job
2020-03-28 14:42 - 2013-08-30 21:05 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2020-03-28 14:36 - 2018-04-09 18:40 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2020-03-28 14:36 - 2013-04-09 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-03-28 14:27 - 2016-02-25 11:07 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2020-03-28 14:16 - 2016-05-10 18:51 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2020-03-28 10:08 - 2018-06-29 20:55 - 000000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2020-03-28 10:08 - 2013-04-23 18:36 - 000000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job
2020-03-28 05:27 - 2018-04-09 17:25 - 000000330 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2020-03-27 16:16 - 2016-05-10 18:51 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2020-03-26 09:11 - 2013-04-27 18:00 - 000000308 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2020-03-25 13:23 - 2016-01-20 16:12 - 000000000 ____D C:\Documents and Settings\owner\Application Data\Soft Solutions
2020-03-22 02:27 - 2020-01-18 19:40 - 000000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2020-03-21 17:59 - 2013-04-27 17:59 - 000000326 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2020-03-21 16:05 - 2017-04-09 21:29 - 000025077 _____ C:\Documents and Settings\owner\My Documents\Bibliography.txt
2020-03-18 11:16 - 2013-04-09 14:22 - 000000000 ____D C:\Ragde-D
2020-03-07 17:38 - 2016-07-10 14:03 - 001122304 _____ C:\Documents and Settings\owner\My Documents\Address book database.accdb
2020-03-07 17:35 - 2017-01-19 09:39 - 002007040 _____ C:\Documents and Settings\owner\My Documents\Database1.accdb
2020-03-07 16:23 - 2013-05-12 11:56 - 000000000 ___RD C:\ACCESS
2020-03-07 12:51 - 2013-05-04 09:15 - 000000000 ____D C:\WINDOWS\system32\NtmsData
2020-03-07 12:24 - 2020-03-02 16:40 - 000000000 ____D C:\Documents and Settings\owner\Local Settings\Application Data\AMSDK
2020-03-07 12:19 - 2016-12-11 21:18 - 000000000 ____D C:\Documents and Settings\owner\My Documents\Music related

==================== Files in the root of some directories ========

2018-04-13 11:11 - 2018-05-15 07:58 - 000003774 _____ () C:\Documents and Settings\owner\Application Data\RegistrationLog.log
2018-04-13 11:10 - 2018-05-15 07:58 - 000017371 _____ () C:\Documents and Settings\owner\Application Data\ReplayMusicLog.log
2016-03-14 18:48 - 2016-03-14 18:48 - 000000128 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
2018-04-07 07:00 - 2018-04-07 07:00 - 000000003 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\wbem.ini
2017-10-14 08:38 - 2017-10-14 08:38 - 000000000 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\{0BF9E288-E566-49FE-A583-BB6E955B2DFD}
2014-07-26 17:59 - 2016-01-08 16:35 - 000001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\svchost.exe
[2008-04-14 05:00] - [2016-03-09 01:00] - 000014848 _____ (Microsoft Corporation) 67E38B4A549833E02D4D1617B5DBC318

C:\WINDOWS\system32\services.exe
[2008-04-14 05:00] - [2016-03-09 01:00] - 000110592 _____ (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
==================== End of FRST.txt ========================
Reply With Quote
  #6  
Old April 4th, 2020, 07:22 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,040
It should have created a second Additions.txt logfile, stored in the same location you ran Frst from:

C:\Documents and Settings\owner\My Documents\Downloads

Would you locate that and post the contents please.
Reply With Quote
  #7  
Old April 4th, 2020, 09:41 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
Sorry I did not realize there were two files generated.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-03-2020
Ran by owner (04-04-2020 10:19:20)
Running from C:\Documents and Settings\owner\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-04-09 15:19:13)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-507921405-1284227242-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-507921405-1284227242-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-507921405-1284227242-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-507921405-1284227242-1417001333-1000 - Limited - Disabled)
owner (S-1-5-21-507921405-1284227242-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\owner
SUPPORT_388945a0 (S-1-5-21-507921405-1284227242-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adaptec Easy CD Creator (HKLM\...\CDCreator30) (Version: - )
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
A-PDF Merger (HKLM\...\A-PDF Merger_is1) (Version: - A-PDF.com)
autolock wizard (HKLM\...\{CC5E2A47-F660-4763-AA88-75B1FC30CA0D}) (Version: 4.7.1 - HexaLock)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
CarMusTy (HKLM\...\CarMusTy) (Version: 2012.12.12 - CineFxLabs)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DjVuLibre DjView 3.5.27+4.10.4 (HKLM\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Easy Bridge (HKLM\...\Easy BridgeDeinstall) (Version: - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 8.00 - NCH Software)
Family Tree Maker (HKLM\...\FTW) (Version: - )
Free Easy MP3 Joiner 8.8.2 (HKLM\...\Free Easy MP3 Joiner_is1) (Version: - Freeease.net.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
HP Color LaserJet Pro M452 (HKLM\...\{60cc8319-2c81-4d9b-84ca-88a4faa33aff}) (Version: L.15295.889 - Hewlett-Packard)
HPCLJProM452 (HKLM\...\{E7E2297B-B657-470B-9575-1B5ED16581D5}) (Version: 0.05.0000 - Hewlett-Packard) Hidden
JPG to Word Converter 1.0 (HKLM\...\{BE1475FD-E1F4-4686-B2E2-EDF8E090D2DB}_is1) (Version: 1.0 - Soft Solutions)
M3 BitLocker Decryption version 5.5 (HKLM\...\{0AF04533-F913-4ABD-A4DC-8B2CDC226E4F}}_is1) (Version: 5.5 - M3 Data Recovery)
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 2.0 Client Profile Basic Version 1.0.0.18 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.0.18 - Wondershare, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 14 (HKLM\...\{90140000-0010-0409-0000-0000000FF1CE}) (Version: - )
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Hidden
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
Nero Kwik Media (HKLM\...\{283E9B9D-F1B3-45BA-B942-6B10A3948533}) (Version: 12.5.00300 - Nero AG)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
novaPDF 8 (HKLM\...\{0BDC1E59-A971-4737-8DDF-E4ABB3A2D33C}) (Version: 8.9.951 - Softland) Hidden
novaPDF 8 (HKLM\...\{b237db6e-0a86-4779-9dd4-219781e867c9}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{EEFA260F-AED4-402B-AC7C-418CB69BE662}) (Version: 8.9.951 - Softland)
novaPDF 8 SDK COM (x86) (HKLM\...\{E47D57E4-0674-440A-9CBD-A0705684A8C3}) (Version: 8.9.951 - Softland)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0008 - Nero AG) Hidden
RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Music 7 (7.0.0.30) (HKLM\...\Replay Music 7) (Version: 7.0.0.30 - Applian Technologies)
RogueKiller version 12.12.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.14.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VC_CRT_x86 (HKLM\...\{8054D734-39C7-463D-B764-9C883982B8F9}) (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WD Quick View (HKLM\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7F7425DB-530D-48D8-A3A6-3184B2E07FDD}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows XP Service Pack 4 (HKLM\...\Windows XP Service Pack) (Version: 20160308.230000 - Charalampos Kazakos )
WinRAR 5.71 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
XnView 2.43 (HKLM\...\XnView_is1) (Version: 2.43 - Gougelet Pierre-e)
Zemana AntiMalware version 3.1.495 (HKLM\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.495 - Zemana)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit, Inc. -> Intuit)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Windows XP SP4 Developer -> Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Windows XP SP4 Developer -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Windows XP SP4 Developer -> Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Windows XP SP4 Developer -> Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8463872 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana\AntiMalware\AM_ShellExt32.dll [2019-11-04] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-03-18] (Notepad++ -> )
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2008-02-25] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana\AntiMalware\AM_ShellExt32.dll [2019-11-04] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2008-04-14] (Microsoft Windows Component Publisher -> DSP GROUP, INC.)
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
Reply With Quote
  #8  
Old April 4th, 2020, 09:52 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name =\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFi lter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']
Shortcut: C:\Documents and Settings\owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Online documentation.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net/doc/index.html
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit Djvu.org.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.org
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjVuLibre download page.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://sourceforge.net/projects/djvu/files/DjVuLibre_Windows/
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjvuLibre.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net

==================== Loaded Modules (Whitelisted) =============

2013-09-06 12:52 - 2013-09-06 12:52 - 000043520 _____ () [File not signed] C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-25 12:29 - 2008-02-25 12:29 - 001482752 _____ () [File not signed] C:\WINDOWS\system32\nview.dll
2008-02-25 12:29 - 2008-02-25 12:29 - 000466944 _____ () [File not signed] C:\WINDOWS\system32\nvshell.dll
2012-02-09 06:45 - 2015-04-24 07:43 - 000018432 _____ () [File not signed] C:\WINDOWS\system32\ssd4clm.dll
2014-05-08 09:48 - 2014-05-08 09:48 - 013071971 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\AcroForm.api
2014-05-08 09:48 - 2014-05-08 09:48 - 008138339 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\Annots.api
2014-05-08 09:48 - 2014-05-08 09:48 - 001476707 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\DigSig.api
2014-05-08 09:48 - 2014-05-08 09:48 - 000109667 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\IA32.api
2014-05-08 09:48 - 2014-05-08 09:48 - 000438883 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\PDDom.api
2014-05-08 09:48 - 2014-05-08 09:48 - 007342179 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\PPKLite.api
2014-05-08 09:48 - 2014-05-08 09:48 - 000172643 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\Updater.api
2015-09-16 15:41 - 2010-03-24 13:50 - 000073728 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2018-03-30 16:22 - 2010-04-08 13:43 - 000028672 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2015-09-16 15:38 - 2010-02-04 21:37 - 000340992 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\CNMNPPM.DLL
2009-09-16 19:37 - 2009-09-16 19:37 - 000118784 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\system32\hptcpmib.dll
2009-09-16 19:38 - 2009-09-16 19:38 - 000200704 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\system32\HpTcpMon.dll
2009-09-16 12:44 - 2009-09-16 12:44 - 000139264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\system32\hpzjrd01.dll
2010-11-18 12:08 - 2010-11-18 12:08 - 000055808 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-08-16 16:33 - 2018-05-01 11:10 - 001137152 _____ (Igor Pavlov) [File not signed] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
2011-09-13 02:06 - 2011-09-13 02:06 - 003214056 _____ (Microsoft Corporation (Internal Use Only) -> Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Office\OFFICE14\PROOF\1033\MSGR3EN.DLL
2013-11-25 12:42 - 2010-01-25 14:09 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Canon\Solution Menu EX\MFC80U.DLL
2009-09-16 19:40 - 2009-09-16 19:40 - 000245760 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\HPTcpMUI.dll
2016-04-19 12:02 - 2016-04-19 12:02 - 001006080 ____R (Robert Simpson, et al.) [File not signed] C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2017-08-16 14:18 - 2017-08-16 14:18 - 000138672 _____ (Softland SRL -> ) [File not signed] C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll
2017-08-16 14:16 - 2017-08-16 14:16 - 002051512 _____ (Softland SRL -> Softland) [File not signed] C:\Program Files\Softland\Office Add-In\NovaPDFOfficeAddIn86.dll
2017-08-16 14:15 - 2017-08-16 14:15 - 000016384 _____ (Softland) [File not signed] C:\WINDOWS\system32\novamn8.dll
2018-08-16 16:33 - 2018-01-18 16:16 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2018-08-16 16:33 - 2018-01-18 16:15 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
2018-08-16 16:33 - 2018-01-18 16:16 - 000031232 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
2018-08-16 16:33 - 2018-01-18 16:15 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2018-08-16 16:33 - 2018-01-18 16:15 - 000242688 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
2018-08-16 16:33 - 2018-01-18 16:16 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-08-16 16:33 - 2018-01-18 16:16 - 000018944 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
2018-08-16 16:33 - 2018-01-18 16:16 - 000318976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
2018-08-16 16:33 - 2018-01-18 16:16 - 000017920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
2018-08-16 16:33 - 2018-01-18 16:16 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
2018-08-16 16:33 - 2018-01-18 16:15 - 000993792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-08-16 16:33 - 2018-05-09 09:35 - 004809728 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-08-16 16:33 - 2018-01-18 16:12 - 005100032 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-08-16 16:33 - 2018-01-18 16:10 - 002012672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-08-16 16:33 - 2018-01-18 16:18 - 002522112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-08-16 16:33 - 2018-01-18 16:20 - 002570752 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-08-16 16:33 - 2018-01-18 16:16 - 000247808 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2018-08-16 16:33 - 2018-01-18 16:14 - 004482048 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-08-16 16:33 - 2018-01-18 16:24 - 000206336 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-08-16 16:33 - 2018-01-18 16:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2018-08-16 16:33 - 2018-01-18 16:22 - 000013824 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2018-08-16 16:33 - 2018-01-18 16:27 - 000698368 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-08-16 16:33 - 2018-01-18 16:27 - 000173056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2018-08-16 16:33 - 2018-01-18 16:26 - 000069632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-08-16 16:33 - 2018-01-18 16:27 - 000097280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-08-16 16:33 - 2018-01-18 16:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-08-16 16:33 - 2018-01-18 16:29 - 000102400 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll
2013-09-10 09:20 - 2012-12-10 21:47 - 000103936 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\smc410pp .dll
2012-12-18 07:26 - 2015-02-27 07:26 - 000029696 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ssd4cpc. dll
2014-04-10 16:53 - 2001-11-27 06:10 - 000020552 _____ (WinZip Computing, Inc.) [File not signed] C:\RAGDE-D\WINZIP\WZSHLSTB.DLL
Reply With Quote
  #9  
Old April 4th, 2020, 09:54 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 05:00 - 2019-09-02 17:29 - 000000028 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
Reply With Quote
  #10  
Old April 4th, 2020, 09:59 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
DomainProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation
DomainProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNetisabled:Windows® NetMeeting®
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNetisabled:Windows® NetMeeting® Remote Desktop Sharing
DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player
DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player
DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNetisabled:Offer Remote Assistance
DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNetisabled:Remote Assistance - Windows Messenger and Voice
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe] => Enabled:QuickBooks 2009 Data Manager
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE] => Enabled:SAgent4
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe] => Enabled:Nero Blu-ray Player
StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\KM\NMDllHost.exe] => Enabled:NMDllHost
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation
StandardProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNetisabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNetisabled:Windows® NetMeeting® Remote Desktop Sharing
StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player
Reply With Quote
  #11  
Old April 4th, 2020, 10:00 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player
StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNetisabled:Offer Remote Assistance
StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNetisabled:Remote Assistance - Windows Messenger and Voice
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Music 7\jrmp.exe] => Enabled:Replay Music 7
StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update
StandardProfile\AuthorizedApplications: [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe] => Enabled:Avast Emergency Update
StandardProfile\AuthorizedApplications: [D:\LEGACY_INSTALLER\HPBCSIINSTALLER.EXE] => Enabled:HP Networked Printer Installer
DomainProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
DomainProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22002
DomainProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22005
DomainProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008
DomainProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009
DomainProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017
DomainProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016
DomainProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015
DomainProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018
DomainProfile\GloballyOpenPorts: [80:TCP] => :LocalSubNetisabled:Windows® Remote Management
DomainProfile\GloballyOpenPorts: [443:TCP] => :LocalSubNetisabled:Windows® Remote Management
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22005
StandardProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009
StandardProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017
StandardProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016
StandardProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015
StandardProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018
StandardProfile\GloballyOpenPorts: [8501:TCP] => Enabled:NovaPDFTCPPortException
StandardProfile\GloballyOpenPorts: [8501:UDP] => Enabled:NovaPDFUDPPortException

==================== Restore Points =========================

29-12-2019 14:06:57 System Checkpoint
30-12-2019 17:40:57 System Checkpoint
31-12-2019 18:06:13 System Checkpoint
01-01-2020 18:51:02 System Checkpoint
02-01-2020 20:46:32 System Checkpoint
03-01-2020 23:45:55 System Checkpoint
05-01-2020 08:08:45 System Checkpoint
06-01-2020 09:03:45 System Checkpoint
07-01-2020 09:21:58 System Checkpoint
08-01-2020 10:10:21 System Checkpoint
09-01-2020 10:18:23 System Checkpoint
10-01-2020 11:05:09 System Checkpoint
11-01-2020 12:36:32 System Checkpoint
12-01-2020 14:44:42 System Checkpoint
13-01-2020 19:17:19 System Checkpoint
14-01-2020 19:54:33 System Checkpoint
15-01-2020 20:16:06 System Checkpoint
16-01-2020 20:25:09 System Checkpoint
18-01-2020 08:22:42 System Checkpoint
19-01-2020 08:32:47 System Checkpoint
Reply With Quote
  #12  
Old April 4th, 2020, 10:00 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
20-01-2020 08:44:49 System Checkpoint
21-01-2020 10:14:18 System Checkpoint
22-01-2020 11:56:44 System Checkpoint
23-01-2020 12:02:06 System Checkpoint
24-01-2020 14:19:57 System Checkpoint
25-01-2020 15:39:01 System Checkpoint
26-01-2020 16:24:40 System Checkpoint
27-01-2020 18:26:49 System Checkpoint
28-01-2020 20:43:32 System Checkpoint
29-01-2020 20:59:10 System Checkpoint
31-01-2020 08:45:32 System Checkpoint
01-02-2020 11:03:09 System Checkpoint
02-02-2020 12:10:55 System Checkpoint
03-02-2020 14:30:01 System Checkpoint
04-02-2020 16:03:53 System Checkpoint
05-02-2020 16:59:05 System Checkpoint
06-02-2020 19:02:24 System Checkpoint
07-02-2020 19:59:52 System Checkpoint
08-02-2020 20:13:53 System Checkpoint
09-02-2020 20:21:02 System Checkpoint
10-02-2020 20:21:49 System Checkpoint
12-02-2020 00:01:44 System Checkpoint
13-02-2020 07:29:22 System Checkpoint
14-02-2020 10:40:07 System Checkpoint
29-02-2020 11:47:54 System Checkpoint
01-03-2020 12:22:21 System Checkpoint
02-03-2020 14:26:07 System Checkpoint
03-03-2020 16:37:05 System Checkpoint
04-03-2020 17:07:59 System Checkpoint
05-03-2020 17:17:09 System Checkpoint
06-03-2020 17:33:40 System Checkpoint
07-03-2020 17:55:13 System Checkpoint
08-03-2020 18:10:17 System Checkpoint
09-03-2020 20:00:25 System Checkpoint
10-03-2020 20:10:17 System Checkpoint
11-03-2020 21:10:19 System Checkpoint
12-03-2020 22:10:19 System Checkpoint
13-03-2020 23:10:20 System Checkpoint
15-03-2020 00:10:20 System Checkpoint
16-03-2020 01:10:21 System Checkpoint
17-03-2020 02:10:20 System Checkpoint
18-03-2020 03:10:22 System Checkpoint
19-03-2020 03:20:46 System Checkpoint
20-03-2020 04:10:22 System Checkpoint
21-03-2020 05:10:25 System Checkpoint
22-03-2020 05:11:31 System Checkpoint
23-03-2020 07:30:20 System Checkpoint
24-03-2020 08:12:38 System Checkpoint
25-03-2020 13:40:09 System Checkpoint
26-03-2020 13:41:02 System Checkpoint
27-03-2020 13:57:40 System Checkpoint
31-03-2020 18:28:16 Checkpoint by HitmanPro
31-03-2020 18:28:31 Checkpoint by HitmanPro
31-03-2020 18:28:43 Checkpoint by HitmanPro
31-03-2020 18:28:52 Checkpoint by HitmanPro
31-03-2020 18:28:59 Checkpoint by HitmanPro
31-03-2020 18:29:06 Checkpoint by HitmanPro
31-03-2020 18:29:50 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices ============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
Reply With Quote
  #13  
Old April 4th, 2020, 10:01 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
==================== Event log errors: ========================

Application errors:
==================
Error: (04/04/2020 10:24:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

Error: (04/04/2020 10:24:14 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

Error: (04/04/2020 10:24:11 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

Error: (04/04/2020 10:19:46 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

Error: (04/04/2020 10:19:46 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

Error: (04/04/2020 10:19:41 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

Error: (04/04/2020 10:19:40 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.

Error: (04/04/2020 10:18:01 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.


System errors:
=============
Error: (04/04/2020 03:48:55 AM) (Source: 0) (EventID: 4199) (User: )
Description: Event-ID 4199

Error: (04/04/2020 03:48:49 AM) (Source: 0) (EventID: 4199) (User: )
Description: Event-ID 4199

Error: (04/04/2020 03:48:46 AM) (Source: 0) (EventID: 4199) (User: )
Description: Event-ID 4199

Error: (04/04/2020 03:48:34 AM) (Source: 0) (EventID: 4199) (User: )
Description: Event-ID 4199

Error: (04/04/2020 03:48:28 AM) (Source: 0) (EventID: 4199) (User: )
Description: Event-ID 4199

Error: (04/04/2020 03:48:25 AM) (Source: 0) (EventID: 4199) (User: )
Description: Event-ID 4199

Error: (04/03/2020 11:33:31 PM) (Source: 0) (EventID: 4199) (User: )
Description: Event-ID 4199

Error: (04/03/2020 11:33:29 PM) (Source: 0) (EventID: 4199) (User: )
Description: Event-ID 4199


==================== Memory info ===========================

BIOS: Phoenix Technologies, LTD ACRSYS - 42302e31 08/29/2008
Motherboard: eMachines WMCP61M
Processor: AMD Athlon(tm) Processor 2650e
Percentage of memory in use: 96%
Total physical RAM: 894.42 MB
Available physical RAM: 29.32 MB
Total Virtual: 3423.59 MB
Available Virtual: 1219.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:16.66 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 987E987E)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Reply With Quote
  #14  
Old April 4th, 2020, 10:02 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 356
Sorry I had to split the file into several sections to post. I was not sure what the illustrations were and where they were in the file.
Reply With Quote
  #15  
Old April 4th, 2020, 11:39 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,040
You did just fine. I won't be able to scan through that until tomorrow, but I'll post back as soon as I can.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 04:27 AM.