Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page remove foreign ip addresses
Register FAQ Calendar Today's Active Topics Search

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old April 19th, 2017, 02:20 AM
infectedone infectedone is offline
New Member
  
Join Date: Apr 2017
Posts: 2
remove foreign ip addresses
My wife could not log in to Facebook. We contacted Facebook and their tech said he could not reset her password. he had me install Anydesk and showed me that there were foreign ip address on my computer and he wanted $199.00
to fix it. I don't have that kind of money so I started searching the web. I ran across your forum an I was hoping you could help me. After I read some posts I followed these instructions: and there I stopped


Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
************************************************** ************





Please download OTL from one of the following mirrors:
This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Push the Quick Scan button.
Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Here are the results:
OTL logfile created on: 4/18/2017 7:39:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18638)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.61 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 53.98% Memory free
7.23 Gb Paging File | 5.28 Gb Available in Paging File | 73.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 379.60 Gb Free Space | 84.64% Space Free | Partition Type: NTFS
Drive D: | 17.19 Gb Total Space | 2.11 Gb Free Space | 12.27% Space Free | Partition Type: NTFS

Computer Name: JIM-HP | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2017/04/18 19:39:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Downloads\OTL.com
PRC - [2017/04/17 19:26:14 | 001,738,952 | ---- | M] () -- C:\Program Files (x86)\AnyDesk\AnyDesk.exe
PRC - [2016/10/18 15:17:02 | 002,275,104 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/02/02 07:45:52 | 001,570,520 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2016/02/02 07:45:52 | 000,837,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2016/02/02 07:45:52 | 000,605,400 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe


========== Modules (No Company Name) ==========

MOD - [2017/04/17 19:26:14 | 001,738,952 | ---- | M] () -- C:\Program Files (x86)\AnyDesk\AnyDesk.exe
MOD - [2016/09/26 14:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
MOD - [2016/06/21 20:30:02 | 000,442,144 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2016/06/21 20:29:58 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2016/06/21 20:29:56 | 000,210,720 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/12/28 14:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2017/03/25 12:56:51 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016/11/14 21:14:42 | 000,361,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2016/11/14 21:14:42 | 000,119,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2016/10/30 12:41:17 | 000,309,368 | ---- | M] (Realtek Semiconductor) [On_Demand | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2016/10/30 12:41:15 | 000,106,952 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2016/10/30 10:19:28 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/01/27 11:07:14 | 000,235,520 | ---- | M] (AMD) [On_Demand | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2017/04/17 19:26:14 | 001,738,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AnyDesk\AnyDesk.exe -- (AnyDesk)
SRV - [2017/04/11 05:24:42 | 000,271,448 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/03/20 00:48:06 | 000,105,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2017/02/02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016/10/28 15:54:10 | 000,360,736 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe -- (IObitUnSvr)
SRV - [2016/02/02 07:45:52 | 001,570,520 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2016/02/02 07:45:52 | 000,837,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/01/18 14:46:42 | 002,439,272 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys -- (panda_url_filteringd)
DRV:64bit: - [2017/04/08 00:48:02 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2017/04/08 00:46:41 | 000,400,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2017/04/08 00:40:02 | 001,044,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2017/02/05 18:21:31 | 000,085,704 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2017/02/05 18:21:31 | 000,043,720 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2017/02/05 18:08:40 | 002,502,288 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2016/10/11 01:58:23 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/09/05 05:47:12 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2016/09/05 05:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2016/08/25 09:46:12 | 000,135,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2016/02/02 07:45:52 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/09/21 14:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/09/21 14:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/06/07 13:24:54 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/07 13:24:54 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/04/17 21:13:31 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/27 11:41:34 | 010,721,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/27 10:06:00 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/11 01:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/14 04:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2016/10/30 12:24:51 | 000,027,552 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{07F87A2F-32AF-4D3B-B2AC-B91F34D33234}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox
IE - HKLM\..\SearchScopes\{07F87A2F-32AF-4D3B-B2AC-B91F34D33234}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = BF B7 FA 55 EA A1 D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "WWW.MSN.COM"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_ 148.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_ 148.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2016/09/24 11:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Extensions
[2017/04/17 20:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\2bhbaxhr.default-1480878431125\extensions
[2016/12/04 14:35:32 | 000,000,000 | ---D | M] (All Aboard) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\2bhbaxhr.default-1480878431125\extensions\@all-aboard-v1-2
[2017/04/17 20:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\dqieauk4.default-1477435337317\extensions
[2016/10/29 00:36:50 | 000,000,000 | ---D | M] (All Aboard) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\dqieauk4.default-1477435337317\extensions\@all-aboard-v1-2
[2017/04/17 20:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\j9ukxvui.default-1479167512909\extensions
[2016/10/26 17:53:17 | 000,005,389 | ---- | M] () (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\dqieauk4.default-1477435337317\features\{c467c64e-4aad-4e4c-a55a-f0df097eb18f}\asyncrendering@mozilla.org.xpi
[2016/12/31 05:34:37 | 000,770,771 | ---- | M] () (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\j9ukxvui.default-1479167512909\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2017/04/07 20:35:13 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\j9ukxvui.default-1479167512909\features\{8121383c-35d5-48b1-8e5b-6e85b1802da1}\disable-prefetch@mozilla.org.xpi
[2017/04/07 20:35:14 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\j9ukxvui.default-1479167512909\features\{8121383c-35d5-48b1-8e5b-6e85b1802da1}\e10srollout@mozilla.org.xpi

========== Chrome ==========

CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2016/10/30 19:51:00 | 000,002,024 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 11 more lines...
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BitTorrent] "C:\Users\jim\AppData\Roaming\BitTorrent\BitTorren t.exe" /MINIMIZED File not found
O4 - HKCU..\Run: [] Reg Error: Value error. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSimpleNetIDList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NolowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/stor...US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{A0726959-778A-4185-8E31-DBBFF8B75E74}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\IMF_ActionCenterDownloader.exe: Debugger - C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe File not found
O27 - HKLM IFEO\IMF_ActionCenterDownloader.exe: Debugger - C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2017/02/05 16:52:14 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2017/04/17 20:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2017/04/17 20:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2017/04/17 20:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2017/04/17 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2017/04/17 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2017/04/17 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Local\WindowsUpdate
[2017/04/17 20:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2017/04/17 19:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
[2017/04/17 19:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AnyDesk
[2017/04/17 19:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyDesk
[2017/04/17 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\AnyDesk
[2017/04/16 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IObit
[2017/04/15 06:51:51 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\Reason
[2017/04/15 06:51:51 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Boost
[2017/04/08 00:46:41 | 000,084,480 | ---- | C] (Realtek Semiconductor.) -- C:\Windows\SysNative\RtCRX64.dll
[2017/04/08 00:40:02 | 001,044,992 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2017/03/29 17:32:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2017/03/21 00:16:05 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\Logitech

========== Files - Modified Within 30 Days ==========

[2017/04/18 03:58:28 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/04/18 03:58:28 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/04/17 21:00:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2017/04/17 20:55:57 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/04/17 20:55:57 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/04/17 20:55:57 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/04/17 20:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/04/17 20:49:30 | 2910,318,592 | -HS- | M] () -- C:\hiberfil.sys
[2017/04/17 20:07:25 | 000,001,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2017/04/17 19:27:52 | 000,001,890 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk
[2017/04/17 19:27:52 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\AnyDesk.lnk
[2017/04/15 17:08:10 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\.....lnk
[2017/04/13 03:33:08 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/04/13 03:03:45 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/04/08 00:49:52 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 4.lnk
[2017/04/08 00:48:01 | 000,040,758 | ---- | M] () -- C:\Windows\SysNative\Repository.reg
[2017/04/08 00:46:41 | 000,084,480 | ---- | M] (Realtek Semiconductor.) -- C:\Windows\SysNative\RtCRX64.dll
[2017/04/08 00:40:02 | 001,044,992 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2017/04/01 10:50:52 | 000,000,000 | -H-- | M] () -- C:\Users\jim\Documents\Default.rdp
[2017/03/23 22:50:48 | 000,001,586 | ---- | M] () -- C:\Users\Public\Desktop\.......lnk

========== Files Created - No Company Name ==========

[2017/04/17 20:37:07 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2017/04/17 20:36:45 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2017/04/17 20:07:25 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2017/04/17 20:07:25 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2017/04/17 19:27:52 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk
[2017/04/17 19:27:52 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\AnyDesk.lnk
[2017/04/08 00:48:01 | 000,040,758 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2017/04/01 10:50:52 | 000,000,000 | -H-- | C] () -- C:\Users\jim\Documents\Default.rdp
[2017/03/23 22:50:48 | 000,001,586 | ---- | C] () -- C:\Users\Public\Desktop\.......lnk
[2016/10/02 17:32:54 | 013,673,881 | ---- | C] () -- C:\Users\jim\AppData\Local\census.cache
[2016/10/02 17:32:07 | 000,860,047 | ---- | C] () -- C:\Users\jim\AppData\Local\ars.cache
[2016/10/02 17:19:40 | 000,000,010 | ---- | C] () -- C:\Users\jim\AppData\Local\sponge.last.runtime.cac he
[2016/10/02 17:07:21 | 000,000,036 | ---- | C] () -- C:\Users\jim\AppData\Local\housecall.guid.cache
[2016/09/25 04:04:58 | 000,007,648 | ---- | C] () -- C:\Users\jim\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/08/29 10:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/08/29 10:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2017/04/17 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\AnyDesk
[2017/01/01 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\IObit
[2016/09/26 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Leadertech
[2017/02/05 19:04:27 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Panda Security
[2017/01/01 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\ProductData
[2016/10/29 11:04:07 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\QuickScan
[2017/04/15 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Reason
[2016/09/25 08:06:38 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
Reply With Quote
  #2  
Old April 19th, 2017, 02:24 AM
infectedone infectedone is offline
New Member
  
Join Date: Apr 2017
Posts: 2
extras
OTL Extras logfile created on: 4/18/2017 7:39:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18638)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.61 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 53.98% Memory free
7.23 Gb Paging File | 5.28 Gb Available in Paging File | 73.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 379.60 Gb Free Space | 84.64% Space Free | Partition Type: NTFS
Drive D: | 17.19 Gb Total Space | 2.11 Gb Free Space | 12.27% Space Free | Partition Type: NTFS

Computer Name: JIM-HP | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{10035D8A-1E2C-471D-A73B-A653F3B08417}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D9119AE-BD79-461E-BC65-8314E0899A00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5702DC0A-61EB-4B3C-A026-0BDC8A642195}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{59AF99FD-5484-41A0-A9DA-115EB2791E11}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6038F87A-3AD1-4F3F-86DA-D8F6C4092C54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{722D12EF-0B6D-4505-B419-06CE905D99D4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{77765EFC-4A21-485B-BC5F-EB3D103BA969}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AC2F832-EE05-4F29-8D82-9C47213E12AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{83ED1953-19EE-4E95-9A71-6CF39973C563}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{994D693B-60A8-4F7C-B019-8330DE4200CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99B4AAEC-123C-4560-AB56-AA45966B8C1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{B060919A-C75F-4705-BB92-4759D58A3045}" = lport=139 | protocol=6 | dir=in | app=system |
"{B6BA9E4B-F3C5-4E8A-AC92-9D07D3478D72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC26354F-22CD-48F1-9C64-0BE859EB4333}" = rport=139 | protocol=6 | dir=out | app=system |
"{BE5BA250-F28B-4457-9B66-452939ABD1B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D0C30EBB-A295-48B9-8E19-BF83D119D9DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9BEBE85-127C-432F-B78D-B98F85C39068}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0B95FC5-A260-40A6-8877-C2E957ADF94C}" = lport=137 | protocol=17 | dir=in | app=system |
"{EAF114C5-89C1-4A38-90CC-EE2043B8FF33}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F1C0C44C-99D6-4876-9313-93C8A58B08F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA74791D-8BCA-44FD-9A5D-ED6B537CCB63}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FAAD9D33-8C7C-4553-AA5C-7D646AD0FE4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB81D5C3-E79C-4965-8A2E-DDBCA98CFD5C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{036A607E-AE36-4C23-B2C8-32DF2825A6C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04A1C910-210A-451F-9177-A058321E19AB}" = dir=out | app=c:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe |
"{0D2B0186-4BC9-4A90-921F-A4021E31A34D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22083D0E-5D81-4796-86D0-3D8C8D796324}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.2.0\dbdownloader.exe |
"{2D2CE1F9-AC28-4E24-A1EF-5790B7962989}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.2.0\driverbooster.exe |
"{36FD1A4C-8EF4-4903-9CA6-A3715C176939}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{390833DD-764C-47C7-9F27-8F348AD33E02}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{3BCBB511-E0C2-4AE1-921B-AAF5E8A80B57}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{3F3F7B5A-1600-489E-867B-0BF0E7C62464}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.2.0\autoupdate.exe |
"{40E04C11-943E-49E0-B628-E01CB1FEB866}" = dir=in | app=c:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe |
"{4735F6BA-5C26-4C31-8AB6-A5070D63B23E}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.2.0\dbdownloader.exe |
"{4788DCD5-D8A3-4AF8-B20D-9DDFAE2E753A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4B343CE6-0697-40AB-93FB-1F2062F8BDFF}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{4C375C0F-799C-450D-A15B-E60F145BAE53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{666ECD59-1BA8-4987-97AC-D8151441D3C1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6FF1BBA7-C125-433B-992D-89F8FE0BD627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FFD0A02-8C9C-497B-9073-C8DE073BC67C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73857A0E-37D4-47D8-80FE-2E6BAD71F943}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73B8CB1C-3E3A-4C48-8F46-06ACCB78C9DC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{78668653-6B55-48AE-A742-273192C34EB6}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.2.0\autoupdate.exe |
"{7D8819DF-B666-44CF-869B-6B9A38080732}" = dir=out | app=c:\program files (x86)\iobit\advanced systemcare\surfing protection\ffnativemessage.exe |
"{7DAC7036-D138-46A2-9B23-2882F93519F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{81D21DD6-FCD8-408E-B0DD-F344260F6CE3}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{8D51F1CE-DD73-4960-A392-2FD2340B4B6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F24A743-47F8-4481-80D2-118C321411F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{916C42F7-43A9-4B7C-B5F0-85363CF14000}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{9EDB56F9-920F-46EE-8EC5-4A608FBDD2EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2B1FF05-3A5C-4BBC-8FA0-F8717ED67703}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AFBC731C-619C-439F-A21F-37E2B0BD2B18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1170D91-8A77-4BAA-99F6-729AC388C057}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.2.0\driverbooster.exe |
"{C628BCEA-02B6-4342-BF06-F24108D74090}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3AF083B-854F-4BCE-9104-6E0E9300019D}" = protocol=6 | dir=out | app=system |
"{D6C237F7-A2CF-4469-A741-60A6CF6EE244}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0103543-0DE4-4E81-99DC-50158B33D997}" = dir=in | app=c:\program files (x86)\iobit\advanced systemcare\surfing protection\ffnativemessage.exe |
"{ECFBADDA-F027-4E10-B7F1-22CC90C14E37}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{F60E04AA-4BEB-4F08-8503-1E00C40F44D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7C0CC0C-2B71-49B1-AC8B-C632D93D29A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA4BF8D4-BAD4-4BAF-81F6-BB66C623B2FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{800686EF-1AE4-485D-BE6A-D768CD407D7C}C:\users\jim\downloads\anydesk.exe" = protocol=6 | dir=in | app=c:\users\jim\downloads\anydesk.exe |
"UDP Query User{3CF0A455-7B88-4C96-B332-77C8920A6D2A}C:\users\jim\downloads\anydesk.exe" = protocol=17 | dir=in | app=c:\users\jim\downloads\anydesk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{115FB0FD-1A0A-4C26-82A7-A6689A799BB9}" = Boost
"{16607FCC-497A-8BB8-8A3C-B337EF2FE436}" = AMD Media Foundation Decoders
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2AA3C13E-0531-41B8-AE48-AE28C940A809}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant
"{B48C6AA1-2D9D-497C-3F16-FFBA6A132E3B}" = ccc-utility64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1A4C1C6-8030-EFD6-8FAF-DC2B275D490B}" = AMD Catalyst Install Manager
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{16F2A132-FD31-4626-07E3-45217EBB09EA}" = CCC Help Czech
"{19687AD5-7E54-4C5E-A796-125C95079C1D}" = Adobe AIR
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{293C9DF5-7669-4826-BBB2-E1F182D71033}" = Nero 7 Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32293B73-191C-E8E2-6DD4-6A6F10E6F63A}" = Catalyst Control Center Localization All
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3C424BD9-E66D-231F-69C6-86B384F5DD6F}" = CCC Help Russian
"{3F9AD135-B095-A159-6156-AB695DFBF9C8}" = CCC Help Finnish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{452479C5-0118-48E9-AA69-0A7339F95FC8}" = HP RSS
"{46A9FBFA-AD27-0E5F-3868-5B93604B0AAA}" = AMD VISION Engine Control Center
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{5CB2D031-E1D4-1B59-15B5-4BD4F87276E3}" = CCC Help German
"{5ED79EBC-7C56-7FB8-852D-650645D503C8}" = Catalyst Control Center InstallProxy
"{66BA24FA-4AE1-C377-A6BB-F2802ECFA738}" = CCC Help French
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68B76AD1-3A97-C8E4-BABC-F35A3F211044}" = CCC Help Danish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{7CF63DC1-A616-8F9C-01B4-F9149516AED3}" = CCC Help Turkish
"{7E19E234-57BD-9EC8-3CDA-024B274D8C3E}" = CCC Help Dutch
"{807BB909-4A95-9C1E-C180-5A5F4A347F8A}" = CCC Help Portuguese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED35E0F-9649-0997-78DA-725759F52DFF}" = CCC Help Chinese Traditional
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{912DF850-2443-42C7-D318-5D66FF4E3407}" = CCC Help Italian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954EFC5C-B4E9-AF03-E75E-011AA4B8B4E7}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F59E40E-50A3-8AA4-F522-053B50A10957}" = CCC Help English
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A50540B6-351C-65E1-D2CA-EA5481FDD934}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA9C8DAB-BBD8-3668-D927-99F712F297B3}" = CCC Help Greek
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-0804-1033-1959-001824214663}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B399B7EA-38B7-9A36-F749-DE9266FBCD34}" = CCC Help Norwegian
"{B7F2528D-14E6-47D5-734C-5E176399C6F0}" = CCC Help Korean
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BA39BDB3-2B97-7E2C-C53B-AAD0DB37D79A}" = CCC Help Thai
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B6097A-80ED-2E6C-80F8-29760F5E96B7}" = CCC Help Polish
"{D60537D3-7DE4-BE3B-7170-C016738FCAE9}" = CCC Help Hungarian
"{DD5FCE1C-E5FA-8349-62A1-5F6503D46FB2}" = CCC Help Chinese Standard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8B8CC8A-17AE-3794-9A1F-5FB364425DB5}" = Catalyst Control Center Graphics Previews Common
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EFA88CC4-478E-42BB-B85A-891E998AB127}" = Catalyst Control Center - Branding
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C1D196-40A1-9A63-3496-B246A7FCB881}" = CCC Help Spanish
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 25 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"AnyDesk" = AnyDesk
"Driver Booster_is1" = Driver Booster 4.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"IObitUninstall" = IObit Uninstaller
"Secunia PSI" = Secunia PSI (3.0.0.11005)
"Smart Defrag_is1" = Smart Defrag 5
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Boost 1.0.2" = Boost
"Should I Remove It 1.0.4" = Should I Remove It

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2017 7:57:07 PM | Computer Name = jim-HP | Source = Windows Search Service | ID = 3029
Description =

Error - 1/1/2017 7:57:07 PM | Computer Name = jim-HP | Source = Windows Search Service | ID = 3028
Description =

Error - 1/1/2017 7:57:07 PM | Computer Name = jim-HP | Source = Windows Search Service | ID = 3058
Description =

Error - 1/1/2017 7:57:07 PM | Computer Name = jim-HP | Source = Windows Search Service | ID = 7010
Description =

Error - 1/1/2017 8:10:48 PM | Computer Name = jim-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Eraser Control driver. System Error: The system cannot find the
file specified. .

Error - 1/1/2017 8:10:48 PM | Computer Name = jim-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASKUTIL. System Error: The system cannot find the file specified. .

Error - 1/1/2017 8:10:48 PM | Computer Name = jim-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Iron Driver. System Error: The system cannot find the file specified.
.

Error - 1/1/2017 8:10:48 PM | Computer Name = jim-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Network Security WFP Driver. System Error: The system cannot find
the file specified. .

Error - 1/2/2017 6:28:50 AM | Computer Name = jim-HP | Source = Application Error | ID = 1000
Description = Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002,
time stamp: 0x57d1070d Faulting module name: devinv.dll, version: 10.0.14913.1002,
time stamp: 0x57d10950 Exception code: 0xc0000005 Fault offset: 0x000000000002431e
Faulting
process id: 0xa8e0 Faulting application start time: 0x01d264dfeb809434 Faulting application
path: C:\Windows\system32\CompatTelRunner.exe Faulting module path: C:\Windows\system32\devinv.dll
Report
Id: 3fb346a9-d0d6-11e6-a710-089e01121b7b

Error - 1/2/2017 10:15:46 AM | Computer Name = jim-HP | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 50.1.0.6186,
time stamp: 0x584a057c Faulting module name: mozglue.dll, version: 50.1.0.6186,
time stamp: 0x5849ff8b Exception code: 0x80000003 Fault offset: 0x0000ec79 Faulting
process id: 0x5c30 Faulting application start time: 0x01d265024bcec3ca Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: f37ba00a-d0f5-11e6-a710-089e01121b7b

Error - 1/3/2017 5:47:53 AM | Computer Name = jim-HP | Source = Application Error | ID = 1000
Description = Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002,
time stamp: 0x57d1070d Faulting module name: devinv.dll, version: 10.0.14913.1002,
time stamp: 0x57d10950 Exception code: 0xc0000005 Fault offset: 0x000000000002431e
Faulting
process id: 0x2b8 Faulting application start time: 0x01d265a341a057ce Faulting application
path: C:\Windows\system32\CompatTelRunner.exe Faulting module path: C:\Windows\system32\devinv.dll
Report
Id: b18895e5-d199-11e6-bcb6-089e01121b7b

[ Hewlett-Packard Events ]
Error - 9/24/2016 8:42:44 AM | Computer Name = jim-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbar Displayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbar Displayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3700 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 9/24/2016 8:42:45 AM | Computer Name = jim-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3700 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ System Events ]
Error - 4/8/2017 1:34:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7031
Description = The Desktop Window Manager Session Manager service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 4/8/2017 1:34:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7031
Description = The WLAN AutoConfig service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 4/8/2017 1:34:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

Error - 4/8/2017 1:34:25 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7031
Description = The Windows Defender service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/8/2017 1:34:57 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7034
Description = The IMF Service service terminated unexpectedly. It has done this
2 time(s).

Error - 4/8/2017 1:35:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the HomeGroup Listener service,
but this action failed with the following error: %%1056

Error - 4/8/2017 1:35:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Audio Endpoint Builder
service, but this action failed with the following error: %%1056

Error - 4/8/2017 5:11:50 PM | Computer Name = jim-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:09:20 PM on ?4/?8/?2017 was unexpected.

Error - 4/8/2017 5:11:55 PM | Computer Name = jim-HP | Source = BugCheck | ID = 1001
Description =

Error - 4/14/2017 4:44:38 AM | Computer Name = jim-HP | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 20.


< End of report >
Reply With Quote
  #3  
Old April 20th, 2017, 01:19 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello infectedone and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
You do not have to give money to anyone. Do not make to mistake.
================================================== ========
Please remove IObit folder and softwares.
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Advanced systemcare
iobit malware fighter
Driver Booster
Smart Defrag 5
IObit Uninstaller
c:\program files (x86)\iobit
Boost
Reason
Should I Remove It
Symantec Eraser
Panda Security
BitTorrent
AnyDesk

And PC restart.
==============================
Please do this;

Usage Instructions:
  1. Download the hosts-perm.bat file and save it somewhere on your computer.
  2. Double-click the hosts-perm.bat file and when it is done you will see a message stating "The Permissions on the HOSTS file have been reset.".
  3. Press any key on your keyboard to exit the batch file.
Or;

How can I reset the Hosts file back to the default?
For windows 7:
Please try run Fixİt.

================================================== =====
Step1:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step2:

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Reply With Quote
Reply

Bookmarks

« Previous Topic | Next Topic »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Foreign IP Addresses and Trojan rebsfan4 Malware Removal 51 September 5th, 2013 07:44 AM
Foreign IP addresses and Trojan rebsfan4 Windows Vista 0 August 5th, 2013 01:12 AM
Why the foreign characters? Calis The Anything Else Board 2 March 25th, 2012 01:55 PM
Foreign Files BPK Windows XP 20 March 3rd, 2003 10:50 AM


All times are GMT +1. The time now is 03:43 AM.