View Single Post
  #17  
Old January 16th, 2021, 05:17 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
second file part 2

2011-02-23 14:28 - 2012-04-01 09:02 - 000028160 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocEGCreatives.dll
2011-02-23 14:30 - 2012-04-01 09:02 - 003727360 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESApp.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000172032 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESColl.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000626688 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESDeviceSetup.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000159744 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000167936 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESPrint.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000018944 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUIWireless.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000212992 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000009728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll
2011-02-23 14:25 - 2012-04-01 09:02 - 000010752 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
2011-02-23 14:30 - 2012-04-01 09:02 - 000073728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBBook.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000073728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll
2011-02-23 14:26 - 2012-04-01 09:02 - 000151552 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
2011-02-23 14:26 - 2012-04-01 09:02 - 000688128 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000552960 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaEdit.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000090112 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
2011-02-23 16:54 - 2012-04-01 09:02 - 000794624 _____ (Eastman Kodak Company) [File not signed] [File is in use] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliFacebookAPI.esx
2011-02-23 16:40 - 2012-04-01 09:02 - 000517120 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Acqmod.esx
2011-02-23 16:34 - 2012-04-01 09:02 - 000192512 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CreativeProjects.esx
2011-02-23 16:50 - 2012-04-01 09:02 - 000374784 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EGCreatives.esx
2011-02-23 17:01 - 2012-04-01 09:02 - 001509376 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESApp.dll
2011-02-23 16:52 - 2012-04-01 09:02 - 001686528 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESColl.esx
2011-02-23 17:03 - 2012-04-01 09:02 - 000122880 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEverestEditPipe.esx
2011-02-23 16:20 - 2012-04-01 09:02 - 000544768 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFacialRetouch.dll
2011-02-23 16:44 - 2012-04-01 09:02 - 000602112 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESPrint.esx
2011-02-23 16:14 - 2012-04-01 09:02 - 000025600 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESRendezvousInfc.DLL
2011-02-23 16:53 - 2012-04-01 09:02 - 000098816 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESShastaEditPipe.esx
2011-02-23 16:51 - 2012-04-01 09:02 - 000118784 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSlideShow.esx
2011-02-23 16:47 - 2012-04-01 09:02 - 000230400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUIWireless.esx
2011-02-23 16:45 - 2012-04-01 09:02 - 000790528 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUpload.esx
2011-02-23 16:35 - 2012-04-01 09:02 - 000141312 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESWireless.esx
2011-02-23 16:29 - 2012-04-01 09:02 - 000710144 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KCat40.dll
2011-02-23 16:22 - 2012-04-01 09:02 - 000078336 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kcor40.dll
2011-02-23 16:18 - 2012-04-01 09:02 - 003293184 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KDCImagePath.esx
2011-02-23 16:32 - 2012-04-01 09:02 - 000959488 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\PTP.esx
2006-03-01 14:34 - 2012-04-01 09:02 - 000208896 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ShastaPath.dll
2011-02-23 16:15 - 2012-04-01 09:02 - 000108544 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UIFx.dll
2011-02-23 16:40 - 2012-04-01 09:02 - 000164864 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBBook.esx
2011-02-23 16:31 - 2012-04-01 09:02 - 000102400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBrowser.esx
2011-02-23 16:24 - 2012-04-01 09:02 - 000614400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaDB.esx
2011-02-23 17:07 - 2012-04-01 09:02 - 000512000 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaEdit.esx
2011-02-23 16:36 - 2012-04-01 09:02 - 000698368 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaImage.dll
2011-02-23 16:33 - 2012-04-01 09:02 - 000847872 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\XMIApi.esx
2011-02-23 16:26 - 2012-04-01 09:02 - 000139776 _____ (Eastman Kodak) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AddressBook.esx
2016-12-18 07:38 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000174592 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSOnlineProtocol.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000098816 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000637952 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineNSE.gtl
2020-03-05 17:07 - 2016-12-13 07:44 - 001504256 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineShellRes.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000090624 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSUpdater.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000648704 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieAFX.dll
2016-12-13 05:18 - 2016-12-13 05:18 - 000029184 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEnManager.dll
2016-12-13 05:18 - 2016-12-13 05:18 - 000113152 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSGlobalMFC.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000036352 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSEMGR.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000152064 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSMTP.dll
2016-12-07 13:44 - 2016-12-07 13:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
1999-07-19 14:47 - 2012-04-01 09:02 - 000229888 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll
1999-03-28 21:42 - 2012-04-01 09:02 - 000221184 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll
1999-07-19 14:48 - 2012-04-01 09:02 - 000108032 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL
1999-07-19 14:49 - 2012-04-01 09:02 - 000114176 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll
1999-07-19 14:46 - 2012-04-01 09:02 - 000297984 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll
2019-03-27 23:34 - 2019-03-27 23:34 - 000130560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_64\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.Wrapper.dll
2011-12-28 00:01 - 2011-12-28 00:01 - 000479232 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm 80.dll
2003-01-29 14:10 - 2003-01-29 14:10 - 000764928 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DbgHelp.dll
2003-03-18 20:14 - 2012-04-01 09:02 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MSVCP71.dll
2003-02-21 03:42 - 2012-04-01 09:02 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MSVCR71.dll
2003-03-18 20:14 - 2003-03-18 20:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\MSVCP71.dll
2003-02-21 04:42 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\MSVCR71.dll
2011-12-28 00:01 - 2011-12-28 00:01 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 .DLL
2011-12-28 00:01 - 2011-12-28 00:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL
2011-12-28 00:01 - 2011-12-28 00:01 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL
2008-06-12 13:36 - 2012-04-01 09:02 - 004055040 _____ (SOLIDFX, LLC) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MediaEngine.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 003501056 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\htmlayout.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 000222720 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libcurl.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\LIBEAY32.dll
2020-03-05 17:07 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libeay32.gtl
2012-02-02 04:16 - 2012-02-02 04:16 - 000301568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\SSLEAY32.dll
2020-09-21 03:15 - 2020-09-21 03:15 - 003849101 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libcrypto-1_1-x64.dll
2020-09-21 03:15 - 2020-09-21 03:15 - 001096971 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libssl-1_1-x64.dll
2011-02-23 16:26 - 2012-04-01 09:02 - 000222208 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CameraCollection.esx
2011-02-23 16:44 - 2012-04-01 09:02 - 000291840 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESDeviceSetup.esx
2011-02-23 16:38 - 2012-04-01 09:02 - 000077824 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFlickrAPI.esx
2011-02-23 16:11 - 2012-04-01 09:02 - 000241664 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\FlickrAPI.dll
2010-11-17 10:28 - 2010-11-17 10:28 - 000111616 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\DiscMgrAPI.DLL
2011-04-29 18:13 - 2011-04-29 18:13 - 018908672 _____ (Unlimited Realities) [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (Canon Inc. -> CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7721 more sites.

IE trusted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12539 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2012-08-19 20:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared;C:\Program Files (x86)\Roxio\OEM\AudioCore;C:\Program Files (x86)\QuickTime\QTSystem;%systemroot%\System32\Win dowsPowerShell\v1.0\;%systemroot%\System32\Windows PowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 10.18.0.1 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{673BAE18-6223-454E-8C96-A404DC8391FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1C205064-3431-405D-A20E-976D1F578CF1}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{0CB602E4-73BC-4E67-8793-99A5073FAD29}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{06CB4B9E-165D-4EA8-A94F-886C09AC01F5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{1ED14FE4-B8CF-4A9C-BDEF-2C477BE6B492}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{A6CEA8AA-5396-488D-B1AD-A2DBCE4130D8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [TCP Query User{80D10834-2555-4921-A011-9BD86B64361F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{07E6E5AE-22BE-4DF1-A9F3-C8D24A76381B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File
FirewallRules: [{56EA8C79-82B6-466B-84F9-58DC74CFBDEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{784800E0-76E8-49F9-97EC-2A11D051857A}] => (Allow) LPort=2869
FirewallRules: [{BADCDFE7-9F62-44B2-A289-DD48C4575314}] => (Allow) LPort=1900
FirewallRules: [{21B926DC-87BC-43BB-8E63-B45D2E591000}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5FEE0B98-2EEE-4164-B27E-5E8345712187}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F167EFD9-0D2B-423E-AF94-92F284AE0B9C}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [TCP Query User{DC70B0E8-B491-4E28-A717-821F5018286D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0B4CF4E2-8E00-41C0-B754-8FC5D3AAC65D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{573A03D1-54F0-4018-A65A-B725D9066CDD}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{82B9417A-EE6F-4DEB-A7F3-6D1976BCF2F5}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{78115ACF-B1B1-4568-9A6D-C6E92FF58F14}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FB66895A-C0D4-43C5-8876-827293C7AB6F}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [TCP Query User{0E05BE06-51C6-43B3-B1F1-AFE4BF42BF19}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{119CF0E3-DE7C-4C94-AAA9-B056D38D4581}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [{92C8FB58-CB64-4DFB-BD3F-96F1A08855C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF33EF06-3E91-4442-82CA-45C02D012CCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5DC4BE5-0698-469D-853A-E412000D9AEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E6B8C4CA-3985-492D-9129-AC326448373C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2703FD34-D72D-4B4F-9DC9-CFCC5D36690B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{DE4BB905-1F70-4EBB-9F53-46CD1476D813}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{BFD561A2-BE79-4718-80AA-B8DFE0ADBD9F}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{0CDAD4C7-83B9-4124-958E-DA0A24199B10}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{4D3DB4CB-9C93-41F2-A5FD-3E776F60DE57}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{6D7930DA-F279-4584-8962-B479F7E86994}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{EC43C18E-7120-43AD-BACE-FD874FB4C638}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{57AAB2EB-82D0-4FC3-867A-5DAE6C9F82A3}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.)
FirewallRules: [{865DCC19-005A-477F-85B7-DC884EC1A3E7}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.)
FirewallRules: [{A31116D1-A8F6-46D2-8C06-A9E3FC458024}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{8CD20C05-A030-4A57-8B0E-75FC3C274C7E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{5C907A8D-92B0-4A12-95FD-3A5EAEA93ED8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{4FFB93F8-98D6-45F1-A0A6-B722E625EEAA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [TCP Query User{5F4701F9-1D45-451F-9263-E5FBC59F92FC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [UDP Query User{2C34CC31-EDF1-4EC8-BC81-C3BB19CF2917}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{8374C504-754C-4211-9E9C-008F03A1757A}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{5F5D77F1-7A52-443A-AE3D-78ABE7822EDA}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{3DBFD78A-48ED-44F9-9AFF-574D28E2B741}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

14-01-2021 17:01:55 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/16/2021 08:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x132c
Faulting application start time: 0x01d6ec0da809400b
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: eddb005b-5800-11eb-928d-f04da2fb7194

Error: (01/16/2021 08:43:38 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2021 08:42:09 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1008) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (01/16/2021 09:10:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2021 09:10:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x12b4
Faulting application start time: 0x01d6ec1148a82307
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: 89a8da89-5804-11eb-8b21-f04da2fb7194

Error: (01/16/2021 09:08:38 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1060) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (01/16/2021 09:08:38 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1060) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (01/16/2021 09:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x1278
Faulting application start time: 0x01d6ec1072d35d9f
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: b3eda802-5803-11eb-9376-f04da2fb7194


System errors:
=============
Error: (01/16/2021 09:45:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 09:45:11 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 08:47:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/16/2021 08:46:36 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 09:12:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 09:06:14 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 09:03:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.

Error: (01/16/2021 09:02:46 AM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: Microsoft Antimalware engine has been terminated due to an unexpected error.

Failure Type: Crash

Exception code: 0xc0000005

Resource:


Windows Defender:
===================================
Date: 2014-11-09 17:43:27.405
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{400753C1-16D6-4256-804A-A82D48987A40}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2014-11-09 10:08:00.033
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{76775AE8-FD8D-4535-9B6C-C8BDF3A9EACF}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2012-08-11 21:41:01.835
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C0A97D8E-B54F-4615-AAC7-E7E2603BBE60}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2012-01-15 11:37:16.215
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...threatid=13052
Name:RemoteAccess:Win32/TightVNC
ID:13052
Severity:Medium
Category:Remote Control Software
Path Found:containerfile:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe;containerfile:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe;file:C:\Users\Hans\Documents\Downloads\Unin stalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057)
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe

CodeIntegrity:
===================================

Date: 2016-12-19 19:59:05.519
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:59:05.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:43.652
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:43.589
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:41.733
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:41.668
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:57:57.274
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:57:57.211
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A00 04/12/2011
Motherboard: Dell Inc. 0GDG8Y
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 56%
Total physical RAM: 8104.63 MB
Available physical RAM: 3510.39 MB
Total Virtual: 16207.4 MB
Available Virtual: 11129.15 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:40.61 GB) NTFS
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
Drive h: (Windows) (Network) (Total:222.33 GB) (Free:67.1 GB) NTFS

\\?\Volume{b2abe718-c944-11e0-9762-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.19 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 626C198E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================



Hans
Reply With Quote