|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Roguekiller malware
I have the 13.1.8.0 version which invariably crashes after about 45 minutes. I have tried this at least 5 times.
Is there a reason for this? If there is an updated version of this to try, please let me know. Thanks. |
#2
|
||||
|
||||
Howdy luzchurch,
I assume when you say "Roguekiller malware" you are talking about the scan tool Roguekiller. Often it only runs into problems when your existing security software interferes, or actual malware is involved. Of course I do have to mention we really do not recommend you use Roguekiller without someone skilled in malware removal involved. Too many chances of a false positive removal of a legit item. Are you sure you have all your security software disabled when running it. We can always check things here, if you want. If so, for x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop. For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop. Please run it and click Scan, post back with the 2 logfiles. Use extra posts here as needed. |
#3
|
|||
|
|||
Thanks. I run XP professional and have Microsoft Essentials. I tried to disable t to run Roguekiller but there is no provision for it. I will try what you suggest.
|
#4
|
|||
|
|||
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-03-2019
Ran by owner (administrator) on EMACHINE (25-03-2019 20:24:54) Running from C:\Documents and Settings\owner\My Documents\Downloads Loaded Profiles: owner (Available Profiles: owner & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\services.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2G 1.EXE (DivX, LLC -> ) C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Canon Inc. -> CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE () [File not signed] C:\WINDOWS\system32\dxconfig.exe (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Nero AG -> Nero AG) C:\Program Files\Nero\Update\NASvc.exe () [File not signed] C:\WINDOWS\system32\dxconfig.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Softland SRL -> Microsoft) [File not signed] C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (RealNetworks, Inc. -> ) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe (HP Inc. -> ) [File not signed] C:\WINDOWS\system32\spdsvc.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\alg.exe (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E (Windows XP SP4 Developer -> Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiprvse.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3202416 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2016-12-10] (RealNetworks, Inc. -> RealNetworks, Inc.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [81920 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8491008 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [EPSON Stylus CX5400 (Copy 1)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Run: [EPSON Stylus CX5400] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [DLADiag] => C:\WINDOWS\DLADiag.EXE [57403 2005-08-25] (Sonic Solutions) [File not signed] HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] (DivX, LLC -> ) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC) [File not signed] HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] (Samsung Electronics CO., LTD. -> ) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (Canon Inc. -> CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (Canon Inc. -> CANON INC.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\INETPP.DLL [76800 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\WIN32SPL.DLL [104960 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2008-04-14] (Microsoft Windows Component Publisher -> DSP GROUP, INC.) HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> ) HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2008-04-14] (Microsoft Windows Component Publisher -> ) HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation) HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.) HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation) HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation) HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed] HKLM\...\Drivers32: [vidc.yv12] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -> C:\WINDOWS\system32\ieudinit.exe [2016-03-09] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\System32\advpack.dll [2009-03-08] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\49.0.2623.112\Inst aller\chrmstp.exe [2018-05-03] (Google Inc -> Google Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{CC83D544-1125-C7EE-8688-26B699B123B5}] -> C:\WINDOWS\system32\ADVPACK.DLL [2009-03-08] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [264480 2014-10-17] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) SecurityProviders: C:\WINDOWS\system32\MSAPSSPC.DLL, C:\WINDOWS\system32\SCHANNEL.DLL, C:\WINDOWS\system32\DIGEST.DLL, C:\WINDOWS\system32\MSNSSPC.DLL Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-12] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{CE5BCC45-4C4F-4586-B869-86ECA889A6D4}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://firefox.com/ BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE \rndlbrowserrecordplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-04-02] (DivX, LLC -> DivX, LLC) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corporation -> Microsoft Corp.) Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corporation -> Microsoft Corp.) Toolbar: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Toolbar: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files\TurboTax 2013\ic2013pp.dll [2014-02-27] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.) Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\0vqfogiu.default-1552324074171 [2019-03-25] FF Homepage: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\0vqfogiu.default-1552324074171 -> www.google.com FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-20] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-23] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext [2016-12-10] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_31_0_0_ 153.dll [2018-11-28] (Adobe Systems Incorporated -> ) [File not signed] FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] (Apple Inc. -> ) FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed] FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-04-02] (DivX, LLC -> DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-06] (Nero AG -> Nero AG) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2016-12-10] (RealNetworks, Inc. -> RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) [File not signed] FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-12-10] (RealNetworks, Inc. -> RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\np dlplugin.dll [2013-08-14] (RealNetworks, Inc. -> RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> inline.go.mail.ru/homepage?inline_comp=hp&inline_hp_cnt=11956636 CHR Profile: C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2019-03-25] CHR Extension: (Домашняя страница Mail.Ru) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bobeehhgpnppdghmfffdjadmbj baeeod [2018-08-03] CHR Extension: (RealDownloader) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji [2018-05-03] CHR HKLM\...\Chrome\Extension: [bobeehhgpnppdghmfffdjadmbjbaeeod] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Ch rome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe [335872 2018-11-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated) [File not signed] R3 BITS; C:\WINDOWS\system32\qmgr.dll [408576 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 EventSystem; C:\WINDOWS\System32\ES.DLL [253952 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [134144 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes Corporation -> Malwarebytes) R2 Microsoft DirectX Configuration Service; C:\WINDOWS\system32\dxconfig.exe [64512 2016-04-06] () [File not signed] S3 MSIServer; C:\WINDOWS\System32\msiexec.exe /V [96256 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation -> Microsoft Corporation) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [785904 2015-07-07] (Nero AG -> Nero AG) R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Softland SRL -> Microsoft) [File not signed] R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [155716 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-11-30] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2006-11-09] (Intuit Inc.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2013-08-14] (RealNetworks, Inc. -> ) R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Samsung Printer Dianostics Service; C:\WINDOWS\system32\\spdsvc.exe [508488 2018-04-25] (HP Inc. -> ) [File not signed] R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [330752 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [685752 2018-04-08] (Enigma Software Group USA, LLC -> Enigma Software Group USA, LLC.) [File not signed] S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{C25A8AC1-6F52-40C6-B9AC-E32B14580D4A} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation) R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 TermService; C:\WINDOWS\System32\termsrv.dll [296960 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 W32Time; C:\WINDOWS\system32\w32time.dll [175616 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 Wmi; C:\WINDOWS\System32\advapi32.dll [618496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [64512 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483328 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice .sys [26032 2014-04-09] (APOWERSOFT LIMITED -> Wondershare) R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [25920 1998-11-12] (Adaptec) [File not signed] S0 Cdr4vsd; C:\Windows\System32\Drivers\Cdr4vsd.sys [72032 2014-08-26] (Adaptec) [File not signed] R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 DLADiagN; C:\WINDOWS\System32\Drivers\DLADiagN.SYS [10908 2005-08-25] (Sonic Solutions) [File not signed] R1 DLAPMonN; C:\WINDOWS\System32\Drivers\DLAPMonN.SYS [22812 2005-08-25] (Sonic Solutions) [File not signed] R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed] S1 DumpDrv; C:\Windows\System32\Drivers\DumpDrv.sys [9472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation -> EldoS Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2018-04-08] (Enigma Software Group USA, LLC -> Enigma Software Group USA, LLC.) S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2018-04-08] (Enigma Software Group USA, LLC -> ) S4 exFat; C:\Windows\System32\Drivers\exFat.sys [133632 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S4 Fastfat; C:\Windows\System32\Drivers\Fastfat.sys [143744 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [9216 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4800000 2008-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) R0 KSecDD; C:\Windows\System32\Drivers\KSecDD.sys [92928 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220896 2018-09-01] (Malwarebytes Corporation -> Malwarebytes) R0 MountMgr; C:\Windows\System32\Drivers\MountMgr.sys [42752 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation -> Microsoft Corporation) R1 MpKsl3aa0e0b8; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0A66A3D-D66F-4811-943C-2F116535BCB5}\MpKsl3aa0e0b8.sys [49504 2019-03-24] (Microsoft Corporation -> Microsoft Corporation) R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [179968 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [457856 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 Mup; C:\Windows\System32\Drivers\Mup.sys [105472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182912 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91776 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [40960 2013-11-27] (Windows XP SP4 Developer -> Microsoft Corporation) R4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [576512 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6867360 2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [70272 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [174848 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [195712 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 RDPWD; C:\WINDOWS\System32\Drivers\RDPWD.SYS [139784 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62848 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [358016 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2012-07-19] (Samsung Electronics) [File not signed] R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [13120 2013-08-25] (Rocket Division Software Ltd -> ) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 TDTCP; C:\Windows\System32\Drivers\TDTCP.sys [22024 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U5 TDTDP; C:\WINDOWS\System32\Drivers\TDTCP.SYS [22024 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2019-03-23] (Adlice -> ) S1 UdfReadr; C:\Windows\System32\Drivers\UdfReadr.sys [206272 2000-02-22] (Adaptec) [File not signed] S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Windows XP SP4 Developer -> Microsoft Corporation) R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30464 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Windows XP SP4 Developer -> Microsoft Corporation) S3 uti0odgx; C:\WINDOWS\system32\Drivers\uti0odgx.sys [7168 2017-04-11] () [File not signed] R3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam_prewin8.sys [20256 2016-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [91904 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [132224 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X] S3 eapihdrv; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\ehdrv.sys [X] S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X] S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-25 14:28 - 2019-03-25 14:28 - 000000000 __SHD C:\Documents and Settings\TEMP.NT AUTHORITY\IETldCache 2019-03-25 14:25 - 2019-03-25 14:46 - 000000000 __SHD C:\Documents and Settings\TEMP 2019-03-25 14:25 - 2019-03-25 14:38 - 000000000 ____D C:\Documents and Settings\TEMP\Local Settings\Temp 2019-03-25 14:25 - 2019-03-25 14:28 - 000000000 __SHD C:\Documents and Settings\TEMP.NT AUTHORITY 2019-03-25 14:25 - 2019-03-25 14:25 - 000000020 ___SH C:\Documents and Settings\TEMP\ntuser.ini 2019-03-25 14:25 - 2019-03-25 14:25 - 000000020 ___SH C:\Documents and Settings\TEMP.NT AUTHORITY\ntuser.ini 2019-03-25 14:25 - 2019-03-25 14:25 - 000000000 ____D C:\Documents and Settings\TEMP.NT AUTHORITY\Local Settings\Temp 2019-03-25 14:25 - 2019-03-25 14:25 - 000000000 ____D C:\Documents and Settings\TEMP.NT AUTHORITY\Application Data\Apple Computer ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-03-25 20:29 - 2018-05-03 13:10 - 000000000 ____D C:\Documents and Settings\owner\Local Settings\temp 2019-03-25 20:28 - 2016-11-16 15:52 - 000000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job 2019-03-25 20:27 - 2016-02-25 11:07 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2019-03-25 20:24 - 2016-03-09 08:26 - 000000000 ____D C:\FRST 2019-03-25 19:55 - 2016-05-10 18:51 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2019-03-25 17:53 - 2017-04-20 11:04 - 000032656 ____N C:\WINDOWS\SchedLgU.Txt 2019-03-25 17:27 - 2018-04-09 17:25 - 000000330 ____H C:\WINDOWS\Tasks\CCleaner Update.job 2019-03-25 16:38 - 2016-03-15 06:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\vlc 2019-03-25 14:50 - 2017-10-23 11:26 - 000000486 _____ C:\WINDOWS\Tasks\novaPDF Reactivation.job 2019-03-25 14:43 - 2013-08-30 21:05 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat 2019-03-25 14:37 - 2018-11-12 00:12 - 000000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2019-03-25 14:28 - 2018-10-22 20:56 - 000008192 _____ C:\WINDOWS\system32\WDPABKP.dat 2019-03-25 14:28 - 2018-06-29 20:55 - 000000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job 2019-03-25 14:28 - 2013-04-23 18:36 - 000000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job 2019-03-25 14:27 - 2008-04-14 05:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl 2019-03-25 14:26 - 2017-10-22 09:51 - 000000157 _____ C:\WINDOWS\ssdiag.ini 2019-03-25 14:25 - 2016-05-10 18:51 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2019-03-25 14:25 - 2013-04-27 18:00 - 000000300 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-507921405-1284227242-1417001333-1003.job 2019-03-25 14:25 - 2013-04-09 11:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-03-25 14:25 - 2013-04-09 07:03 - 000364120 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-03-25 14:25 - 2013-04-09 07:03 - 000000000 ____D C:\Documents and Settings 2019-03-25 14:23 - 2013-11-12 15:56 - 000196608 _____ C:\WINDOWS\system32\config\OAlerts.evt 2019-03-25 14:19 - 2013-05-23 11:52 - 000000000 ____D C:\Program Files\CCleaner 2019-03-25 13:56 - 2016-03-25 11:08 - 057327616 _____ C:\New index.accdb 2019-03-25 13:04 - 2013-05-04 09:15 - 000000000 ____D C:\WINDOWS\system32\NtmsData 2019-03-24 17:21 - 2008-04-14 05:00 - 000000885 _____ C:\WINDOWS\win.ini 2019-03-24 10:43 - 2013-04-09 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-03-23 23:36 - 2018-04-09 18:40 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job 2019-03-23 20:08 - 2017-03-28 11:44 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2019-03-23 14:41 - 2013-04-09 11:13 - 000000000 ____D C:\WINDOWS\Registration 2019-03-23 08:47 - 2013-04-09 18:03 - 000000000 ____D C:\program downloads 2019-03-21 18:10 - 2013-09-18 20:06 - 000000000 ____D C:\Documents and Settings\owner\My Documents\Shanta 2019-03-21 09:11 - 2013-04-27 18:00 - 000000308 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job 2019-03-18 13:28 - 2013-04-09 14:22 - 000000000 ____D C:\Ragde-D 2019-03-18 07:22 - 2013-04-09 07:04 - 000718530 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-03-17 20:41 - 2013-05-12 10:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\XnView 2019-03-17 17:59 - 2013-04-27 17:59 - 000000326 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job 2019-03-14 11:49 - 2016-03-22 10:38 - 005338884 _____ C:\Documents and Settings\owner\My Documents\New index.txt 2019-03-04 17:12 - 2016-03-23 17:04 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk 2019-02-26 12:14 - 2018-05-10 09:46 - 000000000 ____D C:\Documents and Settings\owner\Application Data\Notepad++ ==================== Files in the root of some directories ======= 2018-04-13 11:11 - 2018-05-15 07:58 - 000003774 _____ () C:\Documents and Settings\owner\Application Data\RegistrationLog.log 2018-04-13 11:10 - 2018-05-15 07:58 - 000017371 _____ () C:\Documents and Settings\owner\Application Data\ReplayMusicLog.log 2016-03-14 18:48 - 2016-03-14 18:48 - 000000128 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat 2018-04-07 07:00 - 2018-04-07 07:00 - 000000003 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\wbem.ini 2017-10-14 08:38 - 2017-10-14 08:38 - 000000000 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\{0BF9E288-E566-49FE-A583-BB6E955B2DFD} 2014-07-26 17:59 - 2016-01-08 16:35 - 000001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Some files in TEMP: ==================== 2019-03-17 20:42 - 2016-03-09 01:00 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\owner\Local Settings\temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ |
#5
|
|||
|
|||
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-03-2019
Ran by owner (25-03-2019 20:30:31) Running from C:\Documents and Settings\owner\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) (2013-04-09 15:19:13) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-507921405-1284227242-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-507921405-1284227242-1417001333-1004 - Limited - Enabled) Guest (S-1-5-21-507921405-1284227242-1417001333-501 - Limited - Disabled) HelpAssistant (S-1-5-21-507921405-1284227242-1417001333-1000 - Limited - Disabled) owner (S-1-5-21-507921405-1284227242-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\owner SUPPORT_388945a0 (S-1-5-21-507921405-1284227242-1417001333-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adaptec Easy CD Creator (HKLM\...\CDCreator30) (Version: - ) Adaptec UDF Reader (HKLM\...\Adaptec UDF Reader) (Version: - ) Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) A-PDF Merger (HKLM\...\A-PDF Merger_is1) (Version: - A-PDF.com) Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.) Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) autolock wizard (HKLM\...\{CC5E2A47-F660-4763-AA88-75B1FC30CA0D}) (Version: 4.7.1 - HexaLock) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - ) Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - ) CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - ) Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DjVuLibre DjView 3.5.27+4.10.4 (HKLM\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone) Easy Bridge (HKLM\...\Easy BridgeDeinstall) (Version: - ) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Family Tree Maker (HKLM\...\FTW) (Version: - ) Free Easy MP3 Joiner 8.8.2 (HKLM\...\Free Easy MP3 Joiner_is1) (Version: - Freeease.net.) Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack) iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.) JPG to Word Converter 1.0 (HKLM\...\{BE1475FD-E1F4-4686-B2E2-EDF8E090D2DB}_is1) (Version: 1.0 - Soft Solutions) M3 BitLocker Decryption version 5.5 (HKLM\...\{0AF04533-F913-4ABD-A4DC-8B2CDC226E4F}}_is1) (Version: 5.5 - M3 Data Recovery) Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft .NET Framework 2.0 Client Profile Basic Version 1.0.0.18 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.0.18 - Wondershare, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 14 (HKLM\...\{90140000-0010-0409-0000-0000000FF1CE}) (Version: - ) Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Hidden MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation) Nero Kwik Media (HKLM\...\{283E9B9D-F1B3-45BA-B942-6B10A3948533}) (Version: 12.5.00300 - Nero AG) Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team) novaPDF 8 (HKLM\...\{0BDC1E59-A971-4737-8DDF-E4ABB3A2D33C}) (Version: 8.9.951 - Softland) Hidden novaPDF 8 (HKLM\...\{b237db6e-0a86-4779-9dd4-219781e867c9}) (Version: 8.9.951 - Softland) novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland) novaPDF 8 Printer Driver (HKLM\...\{EEFA260F-AED4-402B-AC7C-418CB69BE662}) (Version: 8.9.951 - Softland) novaPDF 8 SDK COM (x86) (HKLM\...\{E47D57E4-0674-440A-9CBD-A0705684A8C3}) (Version: 8.9.951 - Softland) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0008 - Nero AG) Hidden RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Replay Music 7 (7.0.0.30) (HKLM\...\Replay Music 7) (Version: 7.0.0.30 - Applian Technologies) RogueKiller version 12.12.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.14.0 - Adlice Software) Samsung CLP-410 Series (HKLM\...\Samsung CLP-410 Series) (Version: 1.17 (6/10/2015) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.4.28 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) WD Quick View (HKLM\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) WD Security (HKLM\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{7F7425DB-530D-48D8-A3A6-3184B2E07FDD}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows XP Service Pack 4 (HKLM\...\Windows XP Service Pack) (Version: 20160308.230000 - Charalampos Kazakos ) WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) XnView 2.43 (HKLM\...\XnView_is1) (Version: 2.43 - Gougelet Pierre-e) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc. -> Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit, Inc. -> Intuit) CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Canada Limited) SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Windows XP SP4 Developer -> Microsoft Corporation) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Windows XP SP4 Developer -> Microsoft Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Windows XP SP4 Developer -> Microsoft Corporation) SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Windows XP SP4 Developer -> Microsoft Corporation) ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8463872 2016-03-09] (Windows XP SP4 Developer -> Microsoft Corporation) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-03-18] (Notepad++ -> ) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed] ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed] ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2008-02-25] () [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2008-02-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed] ==================== Scheduled Tasks============================= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_31_ 0_0_153_Plugin.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\WINDOWS\Tasks\novaPDF Reactivation.job => C:\Program Files\Softland\novaPDF 8\Driver\ActivationClient.exe Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name =\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFi lter.Name=\"Microsoft WMI Updating Consumer Scenario Control\":: WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario'] Shortcut: C:\Documents and Settings\owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Online documentation.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net/doc/index.html ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit Djvu.org.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.org ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjVuLibre download page.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://sourceforge.net/projects/djvu/files/DjVuLibre_Windows/ ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjvuLibre.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net ==================== Loaded Modules (Whitelisted) ============== 2015-09-16 15:38 - 2010-02-04 21:37 - 000340992 _____ () C:\WINDOWS\system32\CNMNPPM.DLL 2017-08-16 14:15 - 2017-08-16 14:15 - 000016384 _____ () C:\WINDOWS\system32\novamn8.dll 2008-02-25 12:29 - 2008-02-25 12:29 - 001482752 _____ () C:\WINDOWS\system32\nview.dll 2014-07-21 06:04 - 2014-07-21 06:04 - 000041984 _____ () C:\Program Files\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor.dll 2008-02-25 12:29 - 2008-02-25 12:29 - 000466944 _____ () C:\WINDOWS\system32\nvshell.dll 2013-11-25 12:42 - 2010-01-25 14:09 - 001093120 _____ () C:\Program Files\Canon\Solution Menu EX\MFC80U.DLL 2018-03-30 16:22 - 2010-04-08 13:43 - 000028672 _____ () C:\Program Files\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll 2015-09-16 15:41 - 2010-03-24 13:50 - 000073728 _____ () C:\Program Files\Canon\MyPrinter\BJMyRes.dll 2016-04-06 19:18 - 2016-04-06 19:18 - 000064512 _____ () C:\WINDOWS\system32\dxconfig.exe 2017-08-16 14:19 - 2017-08-16 14:19 - 000053176 _____ () C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe 2017-08-16 14:18 - 2017-08-16 14:18 - 000138672 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll 2018-07-01 14:45 - 2018-04-25 04:38 - 000508488 ____N () C:\WINDOWS\system32\spdsvc.exe 2015-09-23 16:14 - 2015-09-14 09:15 - 002073600 ____N () C:\WINDOWS\system32\DlgSearchEngine.dll 2016-04-19 12:02 - 2016-04-19 12:02 - 001006080 ____R () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll 2018-08-16 16:33 - 2018-05-01 11:10 - 001137152 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 05:00 - 2018-05-03 13:12 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp DNS Servers: 192.168.0.1 HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation) HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) |
#6
|
|||
|
|||
DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
DomainProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000 DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019 DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation DomainProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNetisabled:Windows® NetMeeting® DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNetisabled:Windows® NetMeeting® Remote Desktop Sharing DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNetisabled:Offer Remote Assistance DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNetisabled:Remote Assistance - Windows Messenger and Voice |
#7
|
|||
|
|||
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe] => Enabled:QuickBooks 2009 Data Manager
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE] => Enabled:SAgent4 StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe] => Enabled:Easy Printer Manager StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe] => Enabled:EPM Order Supplies StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe] => Enabled:EPM Alert StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe] => Enabled:Samsung uninstaller StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe] => Enabled:EPM CDA Scan2PC StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe] => Enabled:EPM ScanProcess StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe] => Enabled:EPM Scan2PCNotify StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe] => Enabled:Nero Blu-ray Player StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\KM\NMDllHost.exe] => Enabled:NMDllHost StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000 StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019 StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation StandardProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNetisabled:Windows® NetMeeting® StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNetisabled:Windows® NetMeeting® Remote Desktop Sharing StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNetisabled:Offer Remote Assistance StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNetisabled:Remote Assistance - Windows Messenger and Voice StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Music 7\jrmp.exe] => Enabled:Replay Music 7 StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update DomainProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019 DomainProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22002 DomainProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22005 DomainProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003 DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007 DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008 DomainProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009 DomainProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017 DomainProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016 DomainProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015 DomainProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018 DomainProfile\GloballyOpenPorts: [80:TCP] => :LocalSubNetisabled:Windows® Remote Management DomainProfile\GloballyOpenPorts: [443:TCP] => :LocalSubNetisabled:Windows® Remote Management StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management StandardProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22002 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22005 StandardProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003 StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008 StandardProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009 StandardProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017 StandardProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016 StandardProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015 StandardProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018 StandardProfile\GloballyOpenPorts: [8501:TCP] => Enabled:NovaPDFTCPPortException StandardProfile\GloballyOpenPorts: [8501:UDP] => Enabled:NovaPDFUDPPortException ==================== Restore Points ========================= 26-12-2018 10:05:45 System Checkpoint 27-12-2018 10:08:58 System Checkpoint 28-12-2018 11:02:26 System Checkpoint 29-12-2018 11:46:20 System Checkpoint 30-12-2018 12:27:19 System Checkpoint 31-12-2018 13:12:06 System Checkpoint 01-01-2019 15:16:21 System Checkpoint 02-01-2019 15:35:14 System Checkpoint 03-01-2019 15:49:07 System Checkpoint 04-01-2019 16:49:06 System Checkpoint 05-01-2019 17:49:10 System Checkpoint 06-01-2019 20:15:16 System Checkpoint 07-01-2019 23:10:31 System Checkpoint 08-01-2019 23:46:27 System Checkpoint 09-01-2019 23:47:30 System Checkpoint 11-01-2019 00:46:24 System Checkpoint 12-01-2019 00:58:11 System Checkpoint 13-01-2019 00:59:15 System Checkpoint 14-01-2019 01:58:09 System Checkpoint 15-01-2019 02:58:10 System Checkpoint 01-02-2019 10:09:24 System Checkpoint 02-02-2019 10:59:38 System Checkpoint 03-02-2019 12:23:29 System Checkpoint 04-02-2019 14:35:56 System Checkpoint 05-02-2019 17:02:17 System Checkpoint 06-02-2019 19:57:35 System Checkpoint 07-02-2019 20:11:02 System Checkpoint 08-02-2019 21:10:00 System Checkpoint 09-02-2019 22:04:05 System Checkpoint 10-02-2019 23:33:55 System Checkpoint 12-02-2019 00:04:26 System Checkpoint 13-02-2019 01:04:32 System Checkpoint 14-02-2019 01:16:39 System Checkpoint 15-02-2019 01:19:51 System Checkpoint 16-02-2019 02:19:50 System Checkpoint 17-02-2019 03:13:10 System Checkpoint 18-02-2019 03:14:22 System Checkpoint 19-02-2019 03:48:37 System Checkpoint 20-02-2019 03:53:16 System Checkpoint 21-02-2019 04:53:15 System Checkpoint 22-02-2019 05:53:23 System Checkpoint 23-02-2019 07:27:32 System Checkpoint 26-02-2019 10:17:03 System Checkpoint 27-02-2019 10:52:07 System Checkpoint 28-02-2019 11:08:39 System Checkpoint 01-03-2019 14:25:40 System Checkpoint 02-03-2019 15:47:37 System Checkpoint 03-03-2019 18:02:56 System Checkpoint 04-03-2019 19:32:35 System Checkpoint 05-03-2019 19:47:48 System Checkpoint 06-03-2019 20:47:46 System Checkpoint 07-03-2019 21:47:51 System Checkpoint 08-03-2019 22:47:48 System Checkpoint 09-03-2019 22:55:50 System Checkpoint 10-03-2019 23:46:18 System Checkpoint 12-03-2019 00:10:00 System Checkpoint 13-03-2019 01:10:04 System Checkpoint 14-03-2019 02:10:02 System Checkpoint 15-03-2019 03:10:06 System Checkpoint 16-03-2019 04:10:03 System Checkpoint 17-03-2019 05:10:07 System Checkpoint 18-03-2019 07:56:19 System Checkpoint 19-03-2019 08:14:16 System Checkpoint 20-03-2019 08:42:38 System Checkpoint 21-03-2019 08:49:49 System Checkpoint 22-03-2019 09:55:22 System Checkpoint 23-03-2019 09:59:28 System Checkpoint 24-03-2019 12:34:40 System Checkpoint 25-03-2019 12:36:29 System Checkpoint |
#8
|
|||
|
|||
==================== Faulty Device Manager Devices =============
==================== Event log errors: ========================= Application errors: ================== Error: (03/25/2019 08:15:24 PM) (Source: nview_info) (EventID: 1) (User: ) Description: Event-ID 1 Error: (03/25/2019 06:17:40 PM) (Source: nview_info) (EventID: 1) (User: ) Description: Event-ID 1 Error: (03/25/2019 04:02:00 PM) (Source: nview_info) (EventID: 1) (User: ) Description: Event-ID 1 Error: (03/25/2019 02:50:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: ActivationClient.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ServiceModel.CommunicationObjectAbortedExce ption Stack: Server stack trace: at System.ServiceModel.Channels.HttpInput.WebResponse HttpInput.WebResponseInputStream.Read(Byte[] buffer, Int32 offset, Int32 count) at System.ServiceModel.Channels.HttpInput.ReadBuffere dMessage(Stream inputStream) at System.ServiceModel.Channels.HttpInput.ParseIncomi ngMessage(Exception& requestException) at System.ServiceModel.Channels.HttpChannelFactory.Ht tpRequestChannel.HttpChannelRequest.WaitForReply(T imeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Reques t(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinde r.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(S tring action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.I nvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.I nvoke(IMessage message) at System.Runtime.Remoting.Proxies.RealProxy.HandleRe turnMessage(System.Runtime.Remoting.Messaging.IMes sage, System.Runtime.Remoting.Messaging.IMessage) at System.Runtime.Remoting.Proxies.RealProxy.PrivateI nvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) at ServiceClient.WAFService.WAFServiceContract.GetMan ualActivationStartDate(System.String) at ServiceClient.WAFService.WAFServiceContractClient. GetManualActivationStartDate(System.String) at DynamicClass.(System.Object, System.String) at ActivationClient.App.Application_Startup(System.Ob ject, System.Windows.StartupEventArgs) at System.Windows.Application.OnStartup(System.Window s.StartupEventArgs) at ActivationClient.App.OnStartup(System.Windows.Star tupEventArgs) at System.Windows.Application.<.ctor>b__1(System.Obje ct) at System.Windows.Threading.ExceptionWrapper.Internal RealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCat chWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.Invok eImpl() at System.Windows.Threading.DispatcherOperation.Invok eInSecurityContext(System.Object) at System.Threading.ExecutionContext.runTryCode(Syste m.Object) at System.Runtime.CompilerServices.RuntimeHelpers.Exe cuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invok e() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(In tPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation( System.Object) at System.Windows.Threading.ExceptionWrapper.Internal RealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCat chWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.InvokeImpl(Sys tem.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(Syste m.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl( System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(Syst em.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunDispatcher(System.Ob ject) at System.Windows.Application.RunInternal(System.Wind ows.Window) at System.Windows.Application.Run(System.Windows.Wind ow) at DynamicClass.(System.Object) at ActivationClient.App.Main() Error: (03/25/2019 02:46:22 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 activationclient.exe, P2 8.9.951.0, P3 599429ce, P4 system, P5 4.0.0.0, P6 5073c71b, P7 281d, P8 b5, P9 qmrxe1nbkngilzvynzbus0xnp33dumbe, P10 NIL. Error: (03/25/2019 02:31:15 PM) (Source: nview_info) (EventID: 1) (User: ) Description: Event-ID 1 Error: (03/25/2019 02:25:30 PM) (Source: Userenv) (EventID: 1511) (User: NT AUTHORITY) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (03/25/2019 02:25:30 PM) (Source: Userenv) (EventID: 1515) (User: NT AUTHORITY) Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on. System errors: ============= Error: (03/25/2019 06:06:39 PM) (Source: DCOM) (EventID: 10000) (User: EMACHINE) Description: Unable to start a DCOM Server: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}. The error: "%"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding4001" Happened while starting this command: "C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding Error: (03/25/2019 06:06:39 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Generate Activation Context failed for C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe. Reference error message: The operation completed successfully. . Error: (03/25/2019 06:06:39 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/25/2019 06:06:39 PM) (Source: SideBySide) (EventID: 32) (User: ) Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. Error: (03/25/2019 04:48:24 PM) (Source: DCOM) (EventID: 10000) (User: EMACHINE) Description: Unable to start a DCOM Server: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}. The error: "%"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding4001" Happened while starting this command: "C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding Error: (03/25/2019 04:48:24 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Generate Activation Context failed for C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe. Reference error message: The operation completed successfully. . Error: (03/25/2019 04:48:24 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . Error: (03/25/2019 04:48:24 PM) (Source: SideBySide) (EventID: 32) (User: ) Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. ==================== Memory info =========================== Processor: AMD Athlon(tm) Processor 2650e Percentage of memory in use: 97% Total physical RAM: 894.42 MB Available physical RAM: 18.56 MB Total Virtual: 3423.39 MB Available Virtual: 1607.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.31 GB) (Free:10.01 GB) NTFS ==>[drive with boot components (Windows XP)] Drive g: (My Passport) (Fixed) (Total:1397.23 GB) (Free:820.12 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 987E987E) Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS) ================================================== ====== Disk: 1 (Size: 1397.2 GB) (Disk ID: 428A44DB) Partition 1: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ |
#9
|
||||
|
||||
No real terrible bad guys jumping out at me in this. Since XP ended with SP3, what does this do?
Windows XP Service Pack 4 (HKLM\...\Windows XP Service Pack) (Version: 20160308.230000 - Charalampos Kazakos ) Microsoft Security Essentials does not update or monitor on XP any longer, and really could be the issue there. For now, go to Add/Remove Programs and uninstall it, being sure to reboot after. =============== After the reboot, you need to refresh the WMI, which shows Avast enabled but no hint it's actually installed. Go to Start - Run, and copy/paste or type the following. rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf This will start the process of rebuilding your WMI, which you need for many ongoing operations there. When you are prompted to locate the files, use the browse button to locate the following. It will at first default to your CD drive, so use the browser to redirect it: C:\WINDOWS\ServicePackFiles\i386 The repair will take some time to complete. You will get a display popup when done. Reboot again, then try RogueKiller again. |
#10
|
|||
|
|||
Tom: Your analysis was on the dot. I disconnected the Internet connection and ran Roguekiller and it worked fine. Found 16 suspicious file which I deleted.
Are you also suggesting that I totally uninstall Security Essentials and install Avast antivirus program? Thanks. |
#11
|
||||
|
||||
Security Essentials no longer works correctly on XP and Vista. And yes, Avast is one choice that you can use on XP.
One of the things the log shows is it you only have 10% of your hard drive free. This means the things like system restore will stop working if they're under 12%. So you need to delete a lot of files, or move picture files or videos to an external hard drive. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
malware help! | Yin101 | Malware Removal | 1 | October 31st, 2011 09:24 PM |
Can Malwarebytes Anti Malware actually get rid of malware such as Windows System? | dwilliams1578 | Malware Removal | 2 | June 4th, 2011 09:39 AM |
AVG keeps blocking "UK9.exe" malware, Firefox keeps redirecting to malware. | Vulpix | Malware Removal | 5 | March 2nd, 2010 03:00 AM |
All times are GMT +1. The time now is 09:16 PM.