View Single Post
  #54  
Old January 23rd, 2021, 07:44 AM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
2011-02-23 14:28 - 2012-04-01 09:02 - 000028160 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocEGCreatives.dll
2011-02-23 14:30 - 2012-04-01 09:02 - 003727360 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESApp.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000172032 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESColl.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000626688 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESDeviceSetup.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000159744 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000167936 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESPrint.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000018944 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUIWireless.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000212992 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000009728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll
2011-02-23 14:25 - 2012-04-01 09:02 - 000010752 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
2011-02-23 14:30 - 2012-04-01 09:02 - 000073728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBBook.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000073728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll
2011-02-23 14:26 - 2012-04-01 09:02 - 000151552 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
2011-02-23 14:26 - 2012-04-01 09:02 - 000688128 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000552960 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaEdit.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000090112 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
2011-02-23 16:54 - 2012-04-01 09:02 - 000794624 _____ (Eastman Kodak Company) [File not signed] [File is in use] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliFacebookAPI.esx
2011-02-23 16:40 - 2012-04-01 09:02 - 000517120 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Acqmod.esx
2011-02-23 16:34 - 2012-04-01 09:02 - 000192512 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CreativeProjects.esx
2011-02-23 16:50 - 2012-04-01 09:02 - 000374784 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EGCreatives.esx
2011-02-23 17:01 - 2012-04-01 09:02 - 001509376 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESApp.dll
2011-02-23 16:52 - 2012-04-01 09:02 - 001686528 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESColl.esx
2011-02-23 17:03 - 2012-04-01 09:02 - 000122880 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEverestEditPipe.esx
2011-02-23 16:20 - 2012-04-01 09:02 - 000544768 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFacialRetouch.dll
2011-02-23 16:44 - 2012-04-01 09:02 - 000602112 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESPrint.esx
2011-02-23 16:14 - 2012-04-01 09:02 - 000025600 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESRendezvousInfc.DLL
2011-02-23 16:53 - 2012-04-01 09:02 - 000098816 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESShastaEditPipe.esx
2011-02-23 16:51 - 2012-04-01 09:02 - 000118784 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSlideShow.esx
2011-02-23 16:47 - 2012-04-01 09:02 - 000230400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUIWireless.esx
2011-02-23 16:45 - 2012-04-01 09:02 - 000790528 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUpload.esx
2011-02-23 16:35 - 2012-04-01 09:02 - 000141312 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESWireless.esx
2011-02-23 16:29 - 2012-04-01 09:02 - 000710144 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KCat40.dll
2011-02-23 16:22 - 2012-04-01 09:02 - 000078336 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kcor40.dll
2011-02-23 16:18 - 2012-04-01 09:02 - 003293184 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KDCImagePath.esx
2011-02-23 16:32 - 2012-04-01 09:02 - 000959488 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\PTP.esx
2006-03-01 14:34 - 2012-04-01 09:02 - 000208896 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ShastaPath.dll
2011-02-23 16:15 - 2012-04-01 09:02 - 000108544 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UIFx.dll
2011-02-23 16:40 - 2012-04-01 09:02 - 000164864 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBBook.esx
2011-02-23 16:31 - 2012-04-01 09:02 - 000102400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBrowser.esx
2011-02-23 16:24 - 2012-04-01 09:02 - 000614400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaDB.esx
2011-02-23 17:07 - 2012-04-01 09:02 - 000512000 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaEdit.esx
2011-02-23 16:36 - 2012-04-01 09:02 - 000698368 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaImage.dll
2011-02-23 16:33 - 2012-04-01 09:02 - 000847872 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\XMIApi.esx
2011-02-23 16:26 - 2012-04-01 09:02 - 000139776 _____ (Eastman Kodak) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AddressBook.esx
2016-12-18 07:38 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000174592 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSOnlineProtocol.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000098816 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000637952 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineNSE.gtl
2020-03-05 17:07 - 2016-12-13 07:44 - 001504256 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineShellRes.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000090624 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSUpdater.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000648704 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieAFX.dll
2016-12-13 05:18 - 2016-12-13 05:18 - 000029184 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEnManager.dll
2016-12-13 05:18 - 2016-12-13 05:18 - 000113152 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSGlobalMFC.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000036352 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSEMGR.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000152064 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSMTP.dll
2016-12-07 13:44 - 2016-12-07 13:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
1999-07-19 14:47 - 2012-04-01 09:02 - 000229888 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll
1999-03-28 21:42 - 2012-04-01 09:02 - 000221184 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll
1999-07-19 14:48 - 2012-04-01 09:02 - 000108032 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL
1999-07-19 14:49 - 2012-04-01 09:02 - 000114176 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll
1999-07-19 14:46 - 2012-04-01 09:02 - 000297984 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll
2019-03-27 23:34 - 2019-03-27 23:34 - 000130560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_64\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.Wrapper.dll
2011-12-28 00:01 - 2011-12-28 00:01 - 000479232 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm 80.dll
2003-01-29 14:10 - 2003-01-29 14:10 - 000764928 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DbgHelp.dll
2003-03-18 20:14 - 2012-04-01 09:02 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MSVCP71.dll
2003-02-21 03:42 - 2012-04-01 09:02 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MSVCR71.dll
2011-12-28 00:01 - 2011-12-28 00:01 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 .DLL
2011-12-28 00:01 - 2011-12-28 00:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL
2011-12-28 00:01 - 2011-12-28 00:01 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL
2008-06-12 13:36 - 2012-04-01 09:02 - 004055040 _____ (SOLIDFX, LLC) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MediaEngine.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 003501056 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\htmlayout.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 000222720 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libcurl.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\LIBEAY32.dll
2020-03-05 17:07 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libeay32.gtl
2012-02-02 04:16 - 2012-02-02 04:16 - 000301568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\SSLEAY32.dll
2020-09-21 03:15 - 2020-09-21 03:15 - 003849101 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libcrypto-1_1-x64.dll
2020-09-21 03:15 - 2020-09-21 03:15 - 001096971 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libssl-1_1-x64.dll
2011-02-23 16:26 - 2012-04-01 09:02 - 000222208 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CameraCollection.esx
2011-02-23 16:44 - 2012-04-01 09:02 - 000291840 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESDeviceSetup.esx
2011-02-23 16:38 - 2012-04-01 09:02 - 000077824 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFlickrAPI.esx
2011-02-23 16:11 - 2012-04-01 09:02 - 000241664 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\FlickrAPI.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 018908672 _____ (Unlimited Realities) [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (Canon Inc. -> CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7721 more sites.

IE trusted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12539 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2021-01-17 15:15 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared;C:\Program Files (x86)\Roxio\OEM\AudioCore;C:\Program Files (x86)\QuickTime\QTSystem;%systemroot%\System32\Win dowsPowerShell\v1.0\;%systemroot%\System32\Windows PowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 10.18.0.1 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{E1F21D8B-2439-4356-AFC7-CC506CF35450}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{0C3DA41D-3BE0-4631-83E2-7A38DE56947B}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [TCP Query User{A22BEB84-91A6-4EE7-B377-77A011FC6A86}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [UDP Query User{B670D7E1-A8FE-4B46-9005-7858C9EB9783}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [TCP Query User{74CE6E9A-5FC0-48C5-B0CB-B5612DCE6764}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{4169D8AB-4712-4368-BADF-0A1B7F5C0E42}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3C1B9990-50FA-4232-A226-93E0F81C377E}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{E31554A6-F62A-4FF9-AA0F-4A9A3387C21A}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [TCP Query User{F0C35492-771F-4F1B-875C-91C813A74DA2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{27D7B9BA-05A5-4936-B8AE-684FBAD9A878}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

17-01-2021 15:15:13 Restore Point Created by FRST
20-01-2021 17:50:05 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/22/2021 08:57:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Plex Media Server.exe, version: 1.18.5.2309, time stamp: 0x5e2a30fa
Faulting module name: boost_thread.dll, version: 0.0.0.0, time stamp: 0x5dc29247
Exception code: 0xc0000005
Fault offset: 0x000083ad
Faulting process id: 0x12ac
Faulting application start time: 0x01d6f0c66b94d45b
Faulting application path: C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
Faulting module path: C:\Program Files (x86)\Plex\Plex Media Server\boost_thread.dll
Report Id: b80c8c8f-5cb9-11eb-bdd9-f04da2fb7194

Error: (01/22/2021 08:54:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Plex Update Service.exe, version: 1.18.5.2309, time stamp: 0x5e2a2f0d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007d5d6c
Faulting process id: 0x490
Faulting application start time: 0x01d6f0c61c0cafbf
Faulting application path: C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
Faulting module path: unknown
Report Id: 64b28f55-5cb9-11eb-bdd9-f04da2fb7194

Error: (01/21/2021 04:05:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8050

Error: (01/21/2021 04:05:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8050

Error: (01/21/2021 04:05:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2021 04:05:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7052

Error: (01/21/2021 04:05:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7052

Error: (01/21/2021 04:05:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/23/2021 01:02:16 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/23/2021 01:02:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/23/2021 12:01:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/23/2021 12:01:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/22/2021 11:22:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (01/22/2021 11:01:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/22/2021 11:01:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/22/2021 10:00:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


Windows Defender:
===================================
Date: 2014-11-09 17:43:27.405
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{400753C1-16D6-4256-804A-A82D48987A40}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2014-11-09 10:08:00.033
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{76775AE8-FD8D-4535-9B6C-C8BDF3A9EACF}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2012-08-11 21:41:01.835
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C0A97D8E-B54F-4615-AAC7-E7E2603BBE60}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2012-01-15 11:37:16.215
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...threatid=13052
Name:RemoteAccess:Win32/TightVNC
ID:13052
Severity:Medium
Category:Remote Control Software
Path Found:containerfile:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe;containerfile:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe;file:C:\Users\Hans\Documents\Downloads\Unin stalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057)
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe

CodeIntegrity:
===================================

Date: 2016-12-19 19:59:05.519
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:59:05.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:43.652
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:43.589
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:41.733
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:41.668
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:57:57.274
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:57:57.211
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A00 04/12/2011
Motherboard: Dell Inc. 0GDG8Y
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 45%
Total physical RAM: 8104.63 MB
Available physical RAM: 4439.6 MB
Total Virtual: 16207.4 MB
Available Virtual: 12171.42 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:66.49 GB) NTFS
Drive h: (Windows) (Network) (Total:222.33 GB) (Free:56.38 GB) NTFS
Drive z: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT

\\?\Volume{b2abe718-c944-11e0-9762-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.19 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 626C198E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Reply With Quote