|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
April 3rd, 2020, 11:18 PM
|
|||
|
|||
|
Pandaviewer
All the tiff files that I have are showing up as pandaviewer tiff files. I tried malwarebytes, Zemana, spybot and rogue killer but without success. There must be something in the Registry that I think needs to be modified. Any ideas? Thanks. By the way I am using XP.
|
|
#2
April 3rd, 2020, 11:57 PM
|
||||
|
||||
|
As per the CTH guidelines for the Cyber Safety forum shown Here, this post has been deleted. Members who have not been approved by the CTH Staff to provide infection removal/repair steps are prohibited from posting those procedures.
-------- my bad - was not paying attention to the forum I was in since I was only looking at new posts. Last edited by renegade600; April 4th, 2020 at 05:30 PM.
|
|
#3
April 4th, 2020, 02:40 PM
|
||||
|
||||
|
Howdy luzchurch,
I had to remove renegade600's post, which was very incorrect. Pandaviewer is a potentially unwanted program, that usually gets snuck onto your system, hijacks your browser and search settings and can come bundled with other unwanted programs. And apparently is still set on your system to open tiff files. Let's take a look, then get everything corrected there. For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop. For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop. Please run it and click Scan, post back with the 2 logfiles. Use extra posts here as needed.
|
|
#4
April 4th, 2020, 03:31 PM
|
|||
|
|||
|
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-03-2020
Ran by owner (administrator) on EMACHINE (eMachines EL1200-01h) (04-04-2020 10:15:06) Running from C:\Documents and Settings\owner\My Documents\Downloads Loaded Profiles: owner (Available Profiles: owner & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Canon Inc. -> CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\alg.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2G 1.EXE (Nero AG -> Nero AG) C:\Program Files\Nero\Update\NASvc.exe (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (RealNetworks, Inc. -> ) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Softland SRL -> Microsoft) [File not signed] C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\services.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiprvse.exe (Wondershare) [File not signed] C:\Program Files\Wondershare\WAF\2.4.3.242\WsAppService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3202416 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2016-12-10] (RealNetworks, Inc. -> RealNetworks, Inc.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [81920 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8491008 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) HKLM\...\Run: [EPSON Stylus CX5400 (Copy 1)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Run: [EPSON Stylus CX5400] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [DLADiag] => C:\WINDOWS\DLADiag.EXE [57403 2005-08-25] (Sonic Solutions) [File not signed] HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (Canon Inc. -> CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (Canon Inc. -> CANON INC.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [Chromium] => "c:\documents and settings\owner\local settings\application data\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_ 0_0_238_Plugin.exe [1457208 2019-09-02] (Adobe Inc. -> Adobe) [File not signed] HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\INETPP.DLL [76800 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\WIN32SPL.DLL [104960 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -> C:\WINDOWS\system32\ieudinit.exe [2016-03-09] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\System32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\49.0.2623.112\Inst aller\chrmstp.exe [2018-05-03] (Google Inc -> Google Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{CC83D544-1125-C7EE-8688-26B699B123B5}] -> C:\WINDOWS\system32\ADVPACK.DLL [2009-03-08] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [264480 2014-10-17] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) SecurityProviders: C:\WINDOWS\system32\MSAPSSPC.DLL, C:\WINDOWS\system32\SCHANNEL.DLL, C:\WINDOWS\system32\DIGEST.DLL, C:\WINDOWS\system32\MSNSSPC.DLL Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-12] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION ==================== Scheduled Tasks============================= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_ 0_0_238_Plugin.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\WINDOWS\Tasks\novaPDF Reactivation.job => C:\Program Files\Softland\novaPDF 8\Driver\ActivationClient.exe Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Winsock: Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198 Tcpip\..\Interfaces\{CE5BCC45-4C4F-4586-B869-86ECA889A6D4}: [DhcpNameServer] 64.71.255.204 64.71.255.198 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729848673750&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729847580000&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5 HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE \rndlbrowserrecordplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corporation -> Microsoft Corp.) Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corporation -> Microsoft Corp.) Toolbar: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Toolbar: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files\TurboTax 2013\ic2013pp.dll [2014-02-27] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.) Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation)
|
|
#5
April 4th, 2020, 03:32 PM
|
|||
|
|||
|
FireFox:
======== FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4seut7x1.default-1585692271045 [2020-04-04] FF Extension: (Hotfix for Firefox bug 1548973 (armagaddon 2.0) mitigation) - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4seut7x1.default-1585692271045\features\{77ac282c-2a82-4231-bd5a-628540cecb7d}\hotfix-bug-1548973@mozilla.org.xpi [2020-03-31] [Legacy] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-20] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 => not found FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext [2016-12-10] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_ 238.dll [2019-09-02] (Adobe Inc. -> ) [File not signed] FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed] FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [No File] FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-06] (Nero AG -> Nero AG) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2016-12-10] (RealNetworks, Inc. -> RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-12-10] (RealNetworks, Inc. -> RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\np dlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2020-04-03] CHR DownloadDir: C:\Documents and Settings\owner\My Documents CHR Extension: (RealDownloader) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji [2018-05-03] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Ch rome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2019-09-02] (Adobe Inc. -> Adobe) [File not signed] R3 BITS; C:\WINDOWS\system32\qmgr.dll [408576 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 EventSystem; C:\WINDOWS\System32\ES.DLL [253952 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [134144 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes Corporation -> Malwarebytes) S2 Microsoft DirectX Configuration Service; C:\WINDOWS\system32\dxconfig.exe [64512 2016-04-06] () [File not signed] S3 MSIServer; C:\WINDOWS\System32\msiexec.exe /V [96256 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation -> Microsoft Corporation) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [785904 2015-07-07] (Nero AG -> Nero AG) R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Softland SRL -> Microsoft) [File not signed] R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [155716 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-11-30] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2006-11-09] (Intuit Inc.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2013-08-14] (RealNetworks, Inc. -> ) R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [330752 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{C25A8AC1-6F52-40C6-B9AC-E32B14580D4A} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 TermService; C:\WINDOWS\System32\termsrv.dll [296960 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 W32Time; C:\WINDOWS\system32\w32time.dll [175616 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 Wmi; C:\WINDOWS\System32\advapi32.dll [618496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.242\WsAppService.exe [482304 2018-08-29] (Wondershare) [File not signed] S2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [64512 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483328 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [208824 2020-03-02] (Zemana D.O.O. Sarajevo -> Copyright 2018.) S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice .sys [26032 2014-04-09] (APOWERSOFT LIMITED -> Wondershare) R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [25920 1998-11-12] (Adaptec) [File not signed] S0 Cdr4vsd; C:\Windows\System32\Drivers\Cdr4vsd.sys [72032 2014-08-26] (Adaptec) [File not signed] R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 DLADiagN; C:\WINDOWS\System32\Drivers\DLADiagN.SYS [10908 2005-08-25] (Sonic Solutions) [File not signed] R1 DLAPMonN; C:\WINDOWS\System32\Drivers\DLAPMonN.SYS [22812 2005-08-25] (Sonic Solutions) [File not signed] R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed] S1 DumpDrv; C:\Windows\System32\Drivers\DumpDrv.sys [9472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation -> EldoS Corporation) S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2018-04-08] (Enigma Software Group USA, LLC -> ) S4 exFat; C:\Windows\System32\Drivers\exFat.sys [133632 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R4 Fastfat; C:\Windows\System32\Drivers\Fastfat.sys [143744 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [9216 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Microsoft Windows Component Publisher -> Windows (R) Server 2003 DDK provider) R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4800000 2008-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) R0 KSecDD; C:\Windows\System32\Drivers\KSecDD.sys [92928 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2020-02-29] (Malwarebytes Corporation -> Malwarebytes) R0 MountMgr; C:\Windows\System32\Drivers\MountMgr.sys [42752 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation -> Microsoft Corporation) R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [179968 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [457856 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 Mup; C:\Windows\System32\Drivers\Mup.sys [105472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182912 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91776 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [40960 2013-11-27] (Windows XP SP4 Developer -> Microsoft Corporation) R4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [576512 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6867360 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [70272 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Microsoft Windows Component Publisher -> Parallel Technologies, Inc.) R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [174848 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [195712 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 RDPWD; C:\WINDOWS\System32\Drivers\RDPWD.SYS [139784 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62848 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [358016 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2012-07-19] (Samsung Electronics) [File not signed] R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2016-02-21] (Rocket Division Software Ltd -> ) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 TDTCP; C:\Windows\System32\Drivers\TDTCP.sys [22024 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U5 TDTDP; C:\WINDOWS\System32\Drivers\TDTCP.SYS [22024 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Windows XP SP4 Developer -> Microsoft Corporation) R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30464 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Windows XP SP4 Developer -> Microsoft Corporation) S3 uti0odgx; C:\WINDOWS\system32\Drivers\uti0odgx.sys [7168 2017-04-11] () [File not signed] S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam_prewin8.sys [20256 2016-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [70016 2019-04-02] (Protected Antivirus Limited -> Protected.net) S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [91904 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [132224 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S1 MpKsl353d9e32; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D016E788-E23A-4BD9-A4A7-76B8E86B8EA5}\MpKsl353d9e32.sys [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X] S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-03 11:01 - 2020-04-03 11:01 - 003619267 _____ C:\Documents and Settings\owner\My Documents\database.txt 2020-04-01 17:34 - 2020-04-01 17:34 - 000000130 _____ C:\Documents and Settings\owner\My Documents\TKG's paperback book for sale .txt 2020-03-25 18:09 - 2020-03-25 18:09 - 000064489 _____ C:\Documents and Settings\owner\My Documents\Erls Stanley Gardner booklist.txt 2020-03-25 16:59 - 2020-03-25 16:59 - 000005786 _____ C:\Documents and Settings\owner\My Documents\Ennapadam.txt 2020-03-25 13:08 - 2020-03-25 13:08 - 000003134 _____ C:\Documents and Settings\owner\My Documents\hindi film son links.txt 2020-03-24 19:07 - 2020-03-24 19:07 - 000000043 _____ C:\Documents and Settings\owner\My Documents\notation for kuhU kuhU bOlE kOyaliyA.txt 2020-03-08 10:40 - 2020-03-08 10:40 - 000000000 ____D C:\Documents and Settings\owner\My Documents\New Folder (2) ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-04 10:18 - 2018-05-03 13:10 - 000000000 ____D C:\Documents and Settings\owner\Local Settings\temp 2020-04-04 10:16 - 2016-03-09 08:26 - 000000000 ____D C:\FRST 2020-04-04 10:15 - 2016-03-14 11:15 - 004927095 _____ C:\WINDOWS\ZAM.krnl.trace 2020-04-04 08:46 - 2016-03-25 11:08 - 057327616 _____ C:\New index.accdb 2020-04-04 08:46 - 2016-03-15 06:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\vlc 2020-04-04 07:21 - 2013-04-09 06:56 - 000000000 ____D C:\WINDOWS\Network Diagnostic 2020-04-03 15:37 - 2018-05-03 13:20 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp 2020-04-03 15:02 - 2008-04-14 05:00 - 000000885 _____ C:\WINDOWS\win.ini 2020-04-02 10:28 - 2013-05-12 10:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\XnView 2020-04-01 13:20 - 2013-11-22 17:29 - 000000000 ____D C:\Documents and Settings\owner\My Documents\Outlook Files 2020-03-31 07:31 - 2015-01-13 17:52 - 000000000 ____D C:\Documents and Settings\owner\My Documents\Applian 2020-03-28 15:07 - 2013-04-09 11:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-03-28 15:03 - 2016-11-16 15:52 - 000000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job 2020-03-28 14:42 - 2017-10-23 11:26 - 000000486 _____ C:\WINDOWS\Tasks\novaPDF Reactivation.job 2020-03-28 14:42 - 2013-08-30 21:05 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat 2020-03-28 14:36 - 2018-04-09 18:40 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job 2020-03-28 14:36 - 2013-04-09 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-03-28 14:27 - 2016-02-25 11:07 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2020-03-28 14:16 - 2016-05-10 18:51 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2020-03-28 10:08 - 2018-06-29 20:55 - 000000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job 2020-03-28 10:08 - 2013-04-23 18:36 - 000000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job 2020-03-28 05:27 - 2018-04-09 17:25 - 000000330 ____H C:\WINDOWS\Tasks\CCleaner Update.job 2020-03-27 16:16 - 2016-05-10 18:51 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2020-03-26 09:11 - 2013-04-27 18:00 - 000000308 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job 2020-03-25 13:23 - 2016-01-20 16:12 - 000000000 ____D C:\Documents and Settings\owner\Application Data\Soft Solutions 2020-03-22 02:27 - 2020-01-18 19:40 - 000000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2020-03-21 17:59 - 2013-04-27 17:59 - 000000326 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job 2020-03-21 16:05 - 2017-04-09 21:29 - 000025077 _____ C:\Documents and Settings\owner\My Documents\Bibliography.txt 2020-03-18 11:16 - 2013-04-09 14:22 - 000000000 ____D C:\Ragde-D 2020-03-07 17:38 - 2016-07-10 14:03 - 001122304 _____ C:\Documents and Settings\owner\My Documents\Address book database.accdb 2020-03-07 17:35 - 2017-01-19 09:39 - 002007040 _____ C:\Documents and Settings\owner\My Documents\Database1.accdb 2020-03-07 16:23 - 2013-05-12 11:56 - 000000000 ___RD C:\ACCESS 2020-03-07 12:51 - 2013-05-04 09:15 - 000000000 ____D C:\WINDOWS\system32\NtmsData 2020-03-07 12:24 - 2020-03-02 16:40 - 000000000 ____D C:\Documents and Settings\owner\Local Settings\Application Data\AMSDK 2020-03-07 12:19 - 2016-12-11 21:18 - 000000000 ____D C:\Documents and Settings\owner\My Documents\Music related ==================== Files in the root of some directories ======== 2018-04-13 11:11 - 2018-05-15 07:58 - 000003774 _____ () C:\Documents and Settings\owner\Application Data\RegistrationLog.log 2018-04-13 11:10 - 2018-05-15 07:58 - 000017371 _____ () C:\Documents and Settings\owner\Application Data\ReplayMusicLog.log 2016-03-14 18:48 - 2016-03-14 18:48 - 000000128 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat 2018-04-07 07:00 - 2018-04-07 07:00 - 000000003 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\wbem.ini 2017-10-14 08:38 - 2017-10-14 08:38 - 000000000 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\{0BF9E288-E566-49FE-A583-BB6E955B2DFD} 2014-07-26 17:59 - 2016-01-08 16:35 - 000001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\svchost.exe [2008-04-14 05:00] - [2016-03-09 01:00] - 000014848 _____ (Microsoft Corporation) 67E38B4A549833E02D4D1617B5DBC318 C:\WINDOWS\system32\services.exe [2008-04-14 05:00] - [2016-03-09 01:00] - 000110592 _____ (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\dnsapi.dll => MD5 is legit ==================== End of FRST.txt ========================
|
|
#6
April 4th, 2020, 07:22 PM
|
||||
|
||||
|
It should have created a second Additions.txt logfile, stored in the same location you ran Frst from:
C:\Documents and Settings\owner\My Documents\Downloads Would you locate that and post the contents please.
|
|
#7
April 4th, 2020, 09:41 PM
|
|||
|
|||
|
Sorry I did not realize there were two files generated.
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-03-2020 Ran by owner (04-04-2020 10:19:20) Running from C:\Documents and Settings\owner\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) (2013-04-09 15:19:13) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-507921405-1284227242-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-507921405-1284227242-1417001333-1004 - Limited - Enabled) Guest (S-1-5-21-507921405-1284227242-1417001333-501 - Limited - Disabled) HelpAssistant (S-1-5-21-507921405-1284227242-1417001333-1000 - Limited - Disabled) owner (S-1-5-21-507921405-1284227242-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\owner SUPPORT_388945a0 (S-1-5-21-507921405-1284227242-1417001333-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Out of date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adaptec Easy CD Creator (HKLM\...\CDCreator30) (Version: - ) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) A-PDF Merger (HKLM\...\A-PDF Merger_is1) (Version: - A-PDF.com) autolock wizard (HKLM\...\{CC5E2A47-F660-4763-AA88-75B1FC30CA0D}) (Version: 4.7.1 - HexaLock) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - ) Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - ) CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.) CarMusTy (HKLM\...\CarMusTy) (Version: 2012.12.12 - CineFxLabs) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP) CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DjVuLibre DjView 3.5.27+4.10.4 (HKLM\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone) Easy Bridge (HKLM\...\Easy BridgeDeinstall) (Version: - ) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 8.00 - NCH Software) Family Tree Maker (HKLM\...\FTW) (Version: - ) Free Easy MP3 Joiner 8.8.2 (HKLM\...\Free Easy MP3 Joiner_is1) (Version: - Freeease.net.) Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack) HP Color LaserJet Pro M452 (HKLM\...\{60cc8319-2c81-4d9b-84ca-88a4faa33aff}) (Version: L.15295.889 - Hewlett-Packard) HPCLJProM452 (HKLM\...\{E7E2297B-B657-470B-9575-1B5ED16581D5}) (Version: 0.05.0000 - Hewlett-Packard) Hidden JPG to Word Converter 1.0 (HKLM\...\{BE1475FD-E1F4-4686-B2E2-EDF8E090D2DB}_is1) (Version: 1.0 - Soft Solutions) M3 BitLocker Decryption version 5.5 (HKLM\...\{0AF04533-F913-4ABD-A4DC-8B2CDC226E4F}}_is1) (Version: 5.5 - M3 Data Recovery) Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft .NET Framework 2.0 Client Profile Basic Version 1.0.0.18 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.0.18 - Wondershare, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 14 (HKLM\...\{90140000-0010-0409-0000-0000000FF1CE}) (Version: - ) Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Hidden MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation) Nero Kwik Media (HKLM\...\{283E9B9D-F1B3-45BA-B942-6B10A3948533}) (Version: 12.5.00300 - Nero AG) Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team) novaPDF 8 (HKLM\...\{0BDC1E59-A971-4737-8DDF-E4ABB3A2D33C}) (Version: 8.9.951 - Softland) Hidden novaPDF 8 (HKLM\...\{b237db6e-0a86-4779-9dd4-219781e867c9}) (Version: 8.9.951 - Softland) novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland) novaPDF 8 Printer Driver (HKLM\...\{EEFA260F-AED4-402B-AC7C-418CB69BE662}) (Version: 8.9.951 - Softland) novaPDF 8 SDK COM (x86) (HKLM\...\{E47D57E4-0674-440A-9CBD-A0705684A8C3}) (Version: 8.9.951 - Softland) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0008 - Nero AG) Hidden RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Replay Music 7 (7.0.0.30) (HKLM\...\Replay Music 7) (Version: 7.0.0.30 - Applian Technologies) RogueKiller version 12.12.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.14.0 - Adlice Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VC_CRT_x86 (HKLM\...\{8054D734-39C7-463D-B764-9C883982B8F9}) (Version: 1.02.0000 - Intel Corporation) Hidden VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) WD Quick View (HKLM\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) WD Security (HKLM\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{7F7425DB-530D-48D8-A3A6-3184B2E07FDD}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows XP Service Pack 4 (HKLM\...\Windows XP Service Pack) (Version: 20160308.230000 - Charalampos Kazakos ) WinRAR 5.71 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) XnView 2.43 (HKLM\...\XnView_is1) (Version: 2.43 - Gougelet Pierre-e) Zemana AntiMalware version 3.1.495 (HKLM\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.495 - Zemana) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit, Inc. -> Intuit) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Windows XP SP4 Developer -> Microsoft Corporation) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Windows XP SP4 Developer -> Microsoft Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Windows XP SP4 Developer -> Microsoft Corporation) SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Windows XP SP4 Developer -> Microsoft Corporation) ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8463872 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana\AntiMalware\AM_ShellExt32.dll [2019-11-04] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-03-18] (Notepad++ -> ) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed] ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed] ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2008-02-25] () [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana\AntiMalware\AM_ShellExt32.dll [2019-11-04] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed] ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2008-04-14] (Microsoft Windows Component Publisher -> DSP GROUP, INC.) HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> ) HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> ) HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation) HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.) HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation) HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation) HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed] HKLM\...\Drivers32: [vidc.yv12] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
|
|
#8
April 4th, 2020, 09:52 PM
|
|||
|
|||
|
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name =\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFi lter.Name=\"Microsoft WMI Updating Consumer Scenario Control\":: WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario'] Shortcut: C:\Documents and Settings\owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Online documentation.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net/doc/index.html ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit Djvu.org.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.org ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjVuLibre download page.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://sourceforge.net/projects/djvu/files/DjVuLibre_Windows/ ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjvuLibre.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net ==================== Loaded Modules (Whitelisted) ============= 2013-09-06 12:52 - 2013-09-06 12:52 - 000043520 _____ () [File not signed] C:\WINDOWS\system32\CmdLineExt03.dll 2008-02-25 12:29 - 2008-02-25 12:29 - 001482752 _____ () [File not signed] C:\WINDOWS\system32\nview.dll 2008-02-25 12:29 - 2008-02-25 12:29 - 000466944 _____ () [File not signed] C:\WINDOWS\system32\nvshell.dll 2012-02-09 06:45 - 2015-04-24 07:43 - 000018432 _____ () [File not signed] C:\WINDOWS\system32\ssd4clm.dll 2014-05-08 09:48 - 2014-05-08 09:48 - 013071971 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\AcroForm.api 2014-05-08 09:48 - 2014-05-08 09:48 - 008138339 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\Annots.api 2014-05-08 09:48 - 2014-05-08 09:48 - 001476707 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\DigSig.api 2014-05-08 09:48 - 2014-05-08 09:48 - 000109667 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\IA32.api 2014-05-08 09:48 - 2014-05-08 09:48 - 000438883 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\PDDom.api 2014-05-08 09:48 - 2014-05-08 09:48 - 007342179 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\PPKLite.api 2014-05-08 09:48 - 2014-05-08 09:48 - 000172643 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\Updater.api 2015-09-16 15:41 - 2010-03-24 13:50 - 000073728 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\BJMyRes.dll 2018-03-30 16:22 - 2010-04-08 13:43 - 000028672 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll 2015-09-16 15:38 - 2010-02-04 21:37 - 000340992 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\CNMNPPM.DLL 2009-09-16 19:37 - 2009-09-16 19:37 - 000118784 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\system32\hptcpmib.dll 2009-09-16 19:38 - 2009-09-16 19:38 - 000200704 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\system32\HpTcpMon.dll 2009-09-16 12:44 - 2009-09-16 12:44 - 000139264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\system32\hpzjrd01.dll 2010-11-18 12:08 - 2010-11-18 12:08 - 000055808 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2018-08-16 16:33 - 2018-05-01 11:10 - 001137152 _____ (Igor Pavlov) [File not signed] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll 2011-09-13 02:06 - 2011-09-13 02:06 - 003214056 _____ (Microsoft Corporation (Internal Use Only) -> Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Office\OFFICE14\PROOF\1033\MSGR3EN.DLL 2013-11-25 12:42 - 2010-01-25 14:09 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Canon\Solution Menu EX\MFC80U.DLL 2009-09-16 19:40 - 2009-09-16 19:40 - 000245760 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\HPTcpMUI.dll 2016-04-19 12:02 - 2016-04-19 12:02 - 001006080 ____R (Robert Simpson, et al.) [File not signed] C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll 2017-08-16 14:18 - 2017-08-16 14:18 - 000138672 _____ (Softland SRL -> ) [File not signed] C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll 2017-08-16 14:16 - 2017-08-16 14:16 - 002051512 _____ (Softland SRL -> Softland) [File not signed] C:\Program Files\Softland\Office Add-In\NovaPDFOfficeAddIn86.dll 2017-08-16 14:15 - 2017-08-16 14:15 - 000016384 _____ (Softland) [File not signed] C:\WINDOWS\system32\novamn8.dll 2018-08-16 16:33 - 2018-01-18 16:16 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll 2018-08-16 16:33 - 2018-01-18 16:15 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll 2018-08-16 16:33 - 2018-01-18 16:16 - 000031232 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll 2018-08-16 16:33 - 2018-01-18 16:15 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2018-08-16 16:33 - 2018-01-18 16:15 - 000242688 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll 2018-08-16 16:33 - 2018-01-18 16:16 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2018-08-16 16:33 - 2018-01-18 16:16 - 000018944 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll 2018-08-16 16:33 - 2018-01-18 16:16 - 000318976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll 2018-08-16 16:33 - 2018-01-18 16:16 - 000017920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll 2018-08-16 16:33 - 2018-01-18 16:16 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll 2018-08-16 16:33 - 2018-01-18 16:15 - 000993792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2018-08-16 16:33 - 2018-05-09 09:35 - 004809728 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2018-08-16 16:33 - 2018-01-18 16:12 - 005100032 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2018-08-16 16:33 - 2018-01-18 16:10 - 002012672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2018-08-16 16:33 - 2018-01-18 16:18 - 002522112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2018-08-16 16:33 - 2018-01-18 16:20 - 002570752 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2018-08-16 16:33 - 2018-01-18 16:16 - 000247808 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2018-08-16 16:33 - 2018-01-18 16:14 - 004482048 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2018-08-16 16:33 - 2018-01-18 16:24 - 000206336 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2018-08-16 16:33 - 2018-01-18 16:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2018-08-16 16:33 - 2018-01-18 16:22 - 000013824 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2018-08-16 16:33 - 2018-01-18 16:27 - 000698368 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2018-08-16 16:33 - 2018-01-18 16:27 - 000173056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2018-08-16 16:33 - 2018-01-18 16:26 - 000069632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2018-08-16 16:33 - 2018-01-18 16:27 - 000097280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2018-08-16 16:33 - 2018-01-18 16:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2018-08-16 16:33 - 2018-01-18 16:29 - 000102400 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll 2013-09-10 09:20 - 2012-12-10 21:47 - 000103936 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\smc410pp .dll 2012-12-18 07:26 - 2015-02-27 07:26 - 000029696 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ssd4cpc. dll 2014-04-10 16:53 - 2001-11-27 06:10 - 000020552 _____ (WinZip Computing, Inc.) [File not signed] C:\RAGDE-D\WINZIP\WZSHLSTB.DLL
|
|
#9
April 4th, 2020, 09:54 PM
|
|||
|
|||
|
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""="" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 05:00 - 2019-09-02 17:29 - 000000028 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost
|
|
#10
April 4th, 2020, 09:59 PM
|
|||
|
|||
|
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.) HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp DNS Servers: 64.71.255.204 - 64.71.255.198 HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp DomainProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000 DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019 DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation DomainProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNet  isabled:Windows® NetMeeting®DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNet isabled:Windows® NetMeeting® Remote Desktop SharingDomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNet isabled:Offer Remote AssistanceDomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNet isabled:Remote Assistance - Windows Messenger and VoiceStandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe] => Enabled:QuickBooks 2009 Data Manager StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE] => Enabled:SAgent4 StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe] => Enabled:Nero Blu-ray Player StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\KM\NMDllHost.exe] => Enabled:NMDllHost StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000 StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019 StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation StandardProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNet isabled:Windows® NetMeeting®StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNet isabled:Windows® NetMeeting® Remote Desktop SharingStandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player
|
|
#11
April 4th, 2020, 10:00 PM
|
|||
|
|||
|
StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player
StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNet isabled:Offer Remote AssistanceStandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNet isabled:Remote Assistance - Windows Messenger and VoiceStandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Music 7\jrmp.exe] => Enabled:Replay Music 7 StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update StandardProfile\AuthorizedApplications: [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe] => Enabled:Avast Emergency Update StandardProfile\AuthorizedApplications: [D:\LEGACY_INSTALLER\HPBCSIINSTALLER.EXE] => Enabled:HP Networked Printer Installer DomainProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019 DomainProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22002 DomainProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22005 DomainProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003 DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007 DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008 DomainProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009 DomainProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017 DomainProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016 DomainProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015 DomainProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018 DomainProfile\GloballyOpenPorts: [80:TCP] => :LocalSubNet isabled:Windows® Remote ManagementDomainProfile\GloballyOpenPorts: [443:TCP] => :LocalSubNet isabled:Windows® Remote ManagementStandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management StandardProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet isabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22001StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet isabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22002StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet isabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22004StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet isabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22005StandardProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003 StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008 StandardProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009 StandardProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017 StandardProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016 StandardProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015 StandardProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018 StandardProfile\GloballyOpenPorts: [8501:TCP] => Enabled:NovaPDFTCPPortException StandardProfile\GloballyOpenPorts: [8501:UDP] => Enabled:NovaPDFUDPPortException ==================== Restore Points ========================= 29-12-2019 14:06:57 System Checkpoint 30-12-2019 17:40:57 System Checkpoint 31-12-2019 18:06:13 System Checkpoint 01-01-2020 18:51:02 System Checkpoint 02-01-2020 20:46:32 System Checkpoint 03-01-2020 23:45:55 System Checkpoint 05-01-2020 08:08:45 System Checkpoint 06-01-2020 09:03:45 System Checkpoint 07-01-2020 09:21:58 System Checkpoint 08-01-2020 10:10:21 System Checkpoint 09-01-2020 10:18:23 System Checkpoint 10-01-2020 11:05:09 System Checkpoint 11-01-2020 12:36:32 System Checkpoint 12-01-2020 14:44:42 System Checkpoint 13-01-2020 19:17:19 System Checkpoint 14-01-2020 19:54:33 System Checkpoint 15-01-2020 20:16:06 System Checkpoint 16-01-2020 20:25:09 System Checkpoint 18-01-2020 08:22:42 System Checkpoint 19-01-2020 08:32:47 System Checkpoint
|
|
#12
April 4th, 2020, 10:00 PM
|
|||
|
|||
|
20-01-2020 08:44:49 System Checkpoint
21-01-2020 10:14:18 System Checkpoint 22-01-2020 11:56:44 System Checkpoint 23-01-2020 12:02:06 System Checkpoint 24-01-2020 14:19:57 System Checkpoint 25-01-2020 15:39:01 System Checkpoint 26-01-2020 16:24:40 System Checkpoint 27-01-2020 18:26:49 System Checkpoint 28-01-2020 20:43:32 System Checkpoint 29-01-2020 20:59:10 System Checkpoint 31-01-2020 08:45:32 System Checkpoint 01-02-2020 11:03:09 System Checkpoint 02-02-2020 12:10:55 System Checkpoint 03-02-2020 14:30:01 System Checkpoint 04-02-2020 16:03:53 System Checkpoint 05-02-2020 16:59:05 System Checkpoint 06-02-2020 19:02:24 System Checkpoint 07-02-2020 19:59:52 System Checkpoint 08-02-2020 20:13:53 System Checkpoint 09-02-2020 20:21:02 System Checkpoint 10-02-2020 20:21:49 System Checkpoint 12-02-2020 00:01:44 System Checkpoint 13-02-2020 07:29:22 System Checkpoint 14-02-2020 10:40:07 System Checkpoint 29-02-2020 11:47:54 System Checkpoint 01-03-2020 12:22:21 System Checkpoint 02-03-2020 14:26:07 System Checkpoint 03-03-2020 16:37:05 System Checkpoint 04-03-2020 17:07:59 System Checkpoint 05-03-2020 17:17:09 System Checkpoint 06-03-2020 17:33:40 System Checkpoint 07-03-2020 17:55:13 System Checkpoint 08-03-2020 18:10:17 System Checkpoint 09-03-2020 20:00:25 System Checkpoint 10-03-2020 20:10:17 System Checkpoint 11-03-2020 21:10:19 System Checkpoint 12-03-2020 22:10:19 System Checkpoint 13-03-2020 23:10:20 System Checkpoint 15-03-2020 00:10:20 System Checkpoint 16-03-2020 01:10:21 System Checkpoint 17-03-2020 02:10:20 System Checkpoint 18-03-2020 03:10:22 System Checkpoint 19-03-2020 03:20:46 System Checkpoint 20-03-2020 04:10:22 System Checkpoint 21-03-2020 05:10:25 System Checkpoint 22-03-2020 05:11:31 System Checkpoint 23-03-2020 07:30:20 System Checkpoint 24-03-2020 08:12:38 System Checkpoint 25-03-2020 13:40:09 System Checkpoint 26-03-2020 13:41:02 System Checkpoint 27-03-2020 13:57:40 System Checkpoint 31-03-2020 18:28:16 Checkpoint by HitmanPro 31-03-2020 18:28:31 Checkpoint by HitmanPro 31-03-2020 18:28:43 Checkpoint by HitmanPro 31-03-2020 18:28:52 Checkpoint by HitmanPro 31-03-2020 18:28:59 Checkpoint by HitmanPro 31-03-2020 18:29:06 Checkpoint by HitmanPro 31-03-2020 18:29:50 Checkpoint by HitmanPro ==================== Faulty Device Manager Devices ============ Name: USB Mass Storage Device Description: USB Mass Storage Device Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: Compatible USB storage device Service: USBSTOR Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47) Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
|
|
#13
April 4th, 2020, 10:01 PM
|
|||
|
|||
|
==================== Event log errors: ========================
Application errors: ================== Error: (04/04/2020 10:24:54 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified. Error: (04/04/2020 10:24:14 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified. Error: (04/04/2020 10:24:11 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified. Error: (04/04/2020 10:19:46 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified. Error: (04/04/2020 10:19:46 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified. Error: (04/04/2020 10:19:41 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified. Error: (04/04/2020 10:19:40 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified. Error: (04/04/2020 10:18:01 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified. System errors: ============= Error: (04/04/2020 03:48:55 AM) (Source: 0) (EventID: 4199) (User: ) Description: Event-ID 4199 Error: (04/04/2020 03:48:49 AM) (Source: 0) (EventID: 4199) (User: ) Description: Event-ID 4199 Error: (04/04/2020 03:48:46 AM) (Source: 0) (EventID: 4199) (User: ) Description: Event-ID 4199 Error: (04/04/2020 03:48:34 AM) (Source: 0) (EventID: 4199) (User: ) Description: Event-ID 4199 Error: (04/04/2020 03:48:28 AM) (Source: 0) (EventID: 4199) (User: ) Description: Event-ID 4199 Error: (04/04/2020 03:48:25 AM) (Source: 0) (EventID: 4199) (User: ) Description: Event-ID 4199 Error: (04/03/2020 11:33:31 PM) (Source: 0) (EventID: 4199) (User: ) Description: Event-ID 4199 Error: (04/03/2020 11:33:29 PM) (Source: 0) (EventID: 4199) (User: ) Description: Event-ID 4199 ==================== Memory info =========================== BIOS: Phoenix Technologies, LTD ACRSYS - 42302e31 08/29/2008 Motherboard: eMachines WMCP61M Processor: AMD Athlon(tm) Processor 2650e Percentage of memory in use: 96% Total physical RAM: 894.42 MB Available physical RAM: 29.32 MB Total Virtual: 3423.59 MB Available Virtual: 1219.19 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.31 GB) (Free:16.66 GB) NTFS ==>[drive with boot components (Windows XP)] ==================== MBR & Partition Table ==================== ================================================== ======== Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 987E987E) Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 10:35 AM.