|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
remove foreign ip addresses
My wife could not log in to Facebook. We contacted Facebook and their tech said he could not reset her password. he had me install Anydesk and showed me that there were foreign ip address on my computer and he wanted $199.00
to fix it. I don't have that kind of money so I started searching the web. I ran across your forum an I was hoping you could help me. After I read some posts I followed these instructions: and there I stopped Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. ************************************************** ************ Please download OTL from one of the following mirrors: This is THE Mirror Save it to your desktop. Double click on the icon on your desktop. Push the Quick Scan button. Two reports will open, copy and paste them in a reply here: OTL.txt <-- Will be opened Extra.txt <-- Will be minimized Here are the results: OTL logfile created on: 4/18/2017 7:39:46 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jim\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18638) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.61 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 53.98% Memory free 7.23 Gb Paging File | 5.28 Gb Available in Paging File | 73.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448.47 Gb Total Space | 379.60 Gb Free Space | 84.64% Space Free | Partition Type: NTFS Drive D: | 17.19 Gb Total Space | 2.11 Gb Free Space | 12.27% Space Free | Partition Type: NTFS Computer Name: JIM-HP | User Name: jim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2017/04/18 19:39:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Downloads\OTL.com PRC - [2017/04/17 19:26:14 | 001,738,952 | ---- | M] () -- C:\Program Files (x86)\AnyDesk\AnyDesk.exe PRC - [2016/10/18 15:17:02 | 002,275,104 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe PRC - [2016/02/02 07:45:52 | 001,570,520 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2016/02/02 07:45:52 | 000,837,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2016/02/02 07:45:52 | 000,605,400 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe ========== Modules (No Company Name) ========== MOD - [2017/04/17 19:26:14 | 001,738,952 | ---- | M] () -- C:\Program Files (x86)\AnyDesk\AnyDesk.exe MOD - [2016/09/26 14:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll MOD - [2016/06/21 20:30:02 | 000,442,144 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl MOD - [2016/06/21 20:29:58 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl MOD - [2016/06/21 20:29:56 | 000,210,720 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl MOD - [2015/12/28 14:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll ========== Services (SafeList) ========== SRV:64bit: - [2017/03/25 12:56:51 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2016/11/14 21:14:42 | 000,361,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2016/11/14 21:14:42 | 000,119,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2016/10/30 12:41:17 | 000,309,368 | ---- | M] (Realtek Semiconductor) [On_Demand | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:64bit: - [2016/10/30 12:41:15 | 000,106,952 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2016/10/30 10:19:28 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012/01/27 11:07:14 | 000,235,520 | ---- | M] (AMD) [On_Demand | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2017/04/17 19:26:14 | 001,738,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AnyDesk\AnyDesk.exe -- (AnyDesk) SRV - [2017/04/11 05:24:42 | 000,271,448 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2017/03/20 00:48:06 | 000,105,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2017/02/02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2016/10/28 15:54:10 | 000,360,736 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe -- (IObitUnSvr) SRV - [2016/02/02 07:45:52 | 001,570,520 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2016/02/02 07:45:52 | 000,837,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2012/01/18 14:46:42 | 002,439,272 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys -- (panda_url_filteringd) DRV:64bit: - [2017/04/08 00:48:02 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2017/04/08 00:46:41 | 000,400,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2017/04/08 00:40:02 | 001,044,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2017/02/05 18:21:31 | 000,085,704 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2017/02/05 18:21:31 | 000,043,720 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2017/02/05 18:08:40 | 002,502,288 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2016/10/11 01:58:23 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2016/09/05 05:47:12 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2016/09/05 05:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2016/08/25 09:46:12 | 000,135,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2016/02/02 07:45:52 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI) DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/09/21 14:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64) DRV:64bit: - [2012/09/21 14:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/06/07 13:24:54 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/06/07 13:24:54 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/04/17 21:13:31 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 05:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012/01/27 11:41:34 | 010,721,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/01/27 10:06:00 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/01/11 01:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011/12/14 04:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2016/10/30 12:24:51 | 000,027,552 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE:64bit: - HKLM\..\SearchScopes\{07F87A2F-32AF-4D3B-B2AC-B91F34D33234}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE - HKLM\..\SearchScopes\{07F87A2F-32AF-4D3B-B2AC-B91F34D33234}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = BF B7 FA 55 EA A1 D2 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error. IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=I E-SearchBox IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "US" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.region: "US" FF - prefs.js..browser.startup.homepage: "WWW.MSN.COM" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_ 148.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_ 148.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2016/09/24 11:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Extensions [2017/04/17 20:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\2bhbaxhr.default-1480878431125\extensions [2016/12/04 14:35:32 | 000,000,000 | ---D | M] (All Aboard) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\2bhbaxhr.default-1480878431125\extensions\@all-aboard-v1-2 [2017/04/17 20:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\dqieauk4.default-1477435337317\extensions [2016/10/29 00:36:50 | 000,000,000 | ---D | M] (All Aboard) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\dqieauk4.default-1477435337317\extensions\@all-aboard-v1-2 [2017/04/17 20:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\j9ukxvui.default-1479167512909\extensions [2016/10/26 17:53:17 | 000,005,389 | ---- | M] () (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\dqieauk4.default-1477435337317\features\{c467c64e-4aad-4e4c-a55a-f0df097eb18f}\asyncrendering@mozilla.org.xpi [2016/12/31 05:34:37 | 000,770,771 | ---- | M] () (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\j9ukxvui.default-1479167512909\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017/04/07 20:35:13 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\j9ukxvui.default-1479167512909\features\{8121383c-35d5-48b1-8e5b-6e85b1802da1}\disable-prefetch@mozilla.org.xpi [2017/04/07 20:35:14 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profi les\j9ukxvui.default-1479167512909\features\{8121383c-35d5-48b1-8e5b-6e85b1802da1}\e10srollout@mozilla.org.xpi ========== Chrome ========== CHR - plugin: Error reading preferences file O1 HOSTS File: ([2016/10/30 19:51:00 | 000,002,024 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com O1 - Hosts: 0.0.0.0 media.opencandy.com O1 - Hosts: 0.0.0.0 cdn.opencandy.com O1 - Hosts: 0.0.0.0 tracking.opencandy.com O1 - Hosts: 0.0.0.0 api.opencandy.com O1 - Hosts: 0.0.0.0 api.recommendedsw.com O1 - Hosts: 0.0.0.0 installer.betterinstaller.com O1 - Hosts: 0.0.0.0 installer.filebulldog.com O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net O1 - Hosts: 0.0.0.0 inno.bisrv.com O1 - Hosts: 0.0.0.0 nsis.bisrv.com O1 - Hosts: 0.0.0.0 cdn.file2desktop.com O1 - Hosts: 0.0.0.0 cdn.goateastcach.us O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us O1 - Hosts: 0.0.0.0 cdn.montiera.com O1 - Hosts: 0.0.0.0 cdn.msdwnld.com O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com O1 - Hosts: 0.0.0.0 cdn.ppdownload.com O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us O1 - Hosts: 0.0.0.0 cdn.shyapotato.us O1 - Hosts: 11 more lines... O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BitTorrent] "C:\Users\jim\AppData\Roaming\BitTorrent\BitTorren t.exe" /MINIMIZED File not found O4 - HKCU..\Run: [] Reg Error: Value error. File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSimpleNetIDList = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NolowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/stor...US&keywords=%w O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{A0726959-778A-4185-8E31-DBBFF8B75E74}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\IMF_ActionCenterDownloader.exe: Debugger - C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe File not found O27 - HKLM IFEO\IMF_ActionCenterDownloader.exe: Debugger - C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2017/02/05 16:52:14 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2017/04/17 20:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2017/04/17 20:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2017/04/17 20:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2017/04/17 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2017/04/17 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2017/04/17 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Local\WindowsUpdate [2017/04/17 20:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2017/04/17 19:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk [2017/04/17 19:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AnyDesk [2017/04/17 19:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyDesk [2017/04/17 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\AnyDesk [2017/04/16 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IObit [2017/04/15 06:51:51 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\Reason [2017/04/15 06:51:51 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Boost [2017/04/08 00:46:41 | 000,084,480 | ---- | C] (Realtek Semiconductor.) -- C:\Windows\SysNative\RtCRX64.dll [2017/04/08 00:40:02 | 001,044,992 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2017/03/29 17:32:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2017/03/21 00:16:05 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\Logitech ========== Files - Modified Within 30 Days ========== [2017/04/18 03:58:28 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2017/04/18 03:58:28 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2017/04/17 21:00:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2017/04/17 20:55:57 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2017/04/17 20:55:57 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2017/04/17 20:55:57 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2017/04/17 20:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2017/04/17 20:49:30 | 2910,318,592 | -HS- | M] () -- C:\hiberfil.sys [2017/04/17 20:07:25 | 000,001,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017/04/17 19:27:52 | 000,001,890 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017/04/17 19:27:52 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\AnyDesk.lnk [2017/04/15 17:08:10 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\.....lnk [2017/04/13 03:33:08 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2017/04/13 03:03:45 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2017/04/08 00:49:52 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 4.lnk [2017/04/08 00:48:01 | 000,040,758 | ---- | M] () -- C:\Windows\SysNative\Repository.reg [2017/04/08 00:46:41 | 000,084,480 | ---- | M] (Realtek Semiconductor.) -- C:\Windows\SysNative\RtCRX64.dll [2017/04/08 00:40:02 | 001,044,992 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2017/04/01 10:50:52 | 000,000,000 | -H-- | M] () -- C:\Users\jim\Documents\Default.rdp [2017/03/23 22:50:48 | 000,001,586 | ---- | M] () -- C:\Users\Public\Desktop\.......lnk ========== Files Created - No Company Name ========== [2017/04/17 20:37:07 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2017/04/17 20:36:45 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2017/04/17 20:07:25 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017/04/17 20:07:25 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2017/04/17 19:27:52 | 000,001,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017/04/17 19:27:52 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\AnyDesk.lnk [2017/04/08 00:48:01 | 000,040,758 | ---- | C] () -- C:\Windows\SysNative\Repository.reg [2017/04/01 10:50:52 | 000,000,000 | -H-- | C] () -- C:\Users\jim\Documents\Default.rdp [2017/03/23 22:50:48 | 000,001,586 | ---- | C] () -- C:\Users\Public\Desktop\.......lnk [2016/10/02 17:32:54 | 013,673,881 | ---- | C] () -- C:\Users\jim\AppData\Local\census.cache [2016/10/02 17:32:07 | 000,860,047 | ---- | C] () -- C:\Users\jim\AppData\Local\ars.cache [2016/10/02 17:19:40 | 000,000,010 | ---- | C] () -- C:\Users\jim\AppData\Local\sponge.last.runtime.cac he [2016/10/02 17:07:21 | 000,000,036 | ---- | C] () -- C:\Users\jim\AppData\Local\housecall.guid.cache [2016/09/25 04:04:58 | 000,007,648 | ---- | C] () -- C:\Users\jim\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2016/08/29 10:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2016/08/29 10:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2017/04/17 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\AnyDesk [2017/01/01 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\IObit [2016/09/26 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Leadertech [2017/02/05 19:04:27 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Panda Security [2017/01/01 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\ProductData [2016/10/29 11:04:07 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\QuickScan [2017/04/15 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Reason [2016/09/25 08:06:38 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report > |
#2
|
|||
|
|||
extras
OTL Extras logfile created on: 4/18/2017 7:39:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jim\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18638) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.61 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 53.98% Memory free 7.23 Gb Paging File | 5.28 Gb Available in Paging File | 73.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448.47 Gb Total Space | 379.60 Gb Free Space | 84.64% Space Free | Partition Type: NTFS Drive D: | 17.19 Gb Total Space | 2.11 Gb Free Space | 12.27% Space Free | Partition Type: NTFS Computer Name: JIM-HP | User Name: jim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{10035D8A-1E2C-471D-A73B-A653F3B08417}" = lport=138 | protocol=17 | dir=in | app=system | "{2D9119AE-BD79-461E-BC65-8314E0899A00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5702DC0A-61EB-4B3C-A026-0BDC8A642195}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{59AF99FD-5484-41A0-A9DA-115EB2791E11}" = lport=2869 | protocol=6 | dir=in | app=system | "{6038F87A-3AD1-4F3F-86DA-D8F6C4092C54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{722D12EF-0B6D-4505-B419-06CE905D99D4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{77765EFC-4A21-485B-BC5F-EB3D103BA969}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7AC2F832-EE05-4F29-8D82-9C47213E12AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{83ED1953-19EE-4E95-9A71-6CF39973C563}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{994D693B-60A8-4F7C-B019-8330DE4200CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99B4AAEC-123C-4560-AB56-AA45966B8C1C}" = rport=138 | protocol=17 | dir=out | app=system | "{B060919A-C75F-4705-BB92-4759D58A3045}" = lport=139 | protocol=6 | dir=in | app=system | "{B6BA9E4B-F3C5-4E8A-AC92-9D07D3478D72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BC26354F-22CD-48F1-9C64-0BE859EB4333}" = rport=139 | protocol=6 | dir=out | app=system | "{BE5BA250-F28B-4457-9B66-452939ABD1B7}" = rport=10243 | protocol=6 | dir=out | app=system | "{D0C30EBB-A295-48B9-8E19-BF83D119D9DD}" = rport=137 | protocol=17 | dir=out | app=system | "{D9BEBE85-127C-432F-B78D-B98F85C39068}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E0B95FC5-A260-40A6-8877-C2E957ADF94C}" = lport=137 | protocol=17 | dir=in | app=system | "{EAF114C5-89C1-4A38-90CC-EE2043B8FF33}" = lport=10243 | protocol=6 | dir=in | app=system | "{F1C0C44C-99D6-4876-9313-93C8A58B08F1}" = rport=445 | protocol=6 | dir=out | app=system | "{FA74791D-8BCA-44FD-9A5D-ED6B537CCB63}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FAAD9D33-8C7C-4553-AA5C-7D646AD0FE4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FB81D5C3-E79C-4965-8A2E-DDBCA98CFD5C}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{036A607E-AE36-4C23-B2C8-32DF2825A6C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{04A1C910-210A-451F-9177-A058321E19AB}" = dir=out | app=c:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe | "{0D2B0186-4BC9-4A90-921F-A4021E31A34D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{22083D0E-5D81-4796-86D0-3D8C8D796324}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.2.0\dbdownloader.exe | "{2D2CE1F9-AC28-4E24-A1EF-5790B7962989}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.2.0\driverbooster.exe | "{36FD1A4C-8EF4-4903-9CA6-A3715C176939}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{390833DD-764C-47C7-9F27-8F348AD33E02}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe | "{3BCBB511-E0C2-4AE1-921B-AAF5E8A80B57}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe | "{3F3F7B5A-1600-489E-867B-0BF0E7C62464}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.2.0\autoupdate.exe | "{40E04C11-943E-49E0-B628-E01CB1FEB866}" = dir=in | app=c:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe | "{4735F6BA-5C26-4C31-8AB6-A5070D63B23E}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.2.0\dbdownloader.exe | "{4788DCD5-D8A3-4AF8-B20D-9DDFAE2E753A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4B343CE6-0697-40AB-93FB-1F2062F8BDFF}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe | "{4C375C0F-799C-450D-A15B-E60F145BAE53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{666ECD59-1BA8-4987-97AC-D8151441D3C1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{6FF1BBA7-C125-433B-992D-89F8FE0BD627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6FFD0A02-8C9C-497B-9073-C8DE073BC67C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{73857A0E-37D4-47D8-80FE-2E6BAD71F943}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{73B8CB1C-3E3A-4C48-8F46-06ACCB78C9DC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{78668653-6B55-48AE-A742-273192C34EB6}" = dir=in | app=c:\program files (x86)\iobit\driver booster\4.2.0\autoupdate.exe | "{7D8819DF-B666-44CF-869B-6B9A38080732}" = dir=out | app=c:\program files (x86)\iobit\advanced systemcare\surfing protection\ffnativemessage.exe | "{7DAC7036-D138-46A2-9B23-2882F93519F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{81D21DD6-FCD8-408E-B0DD-F344260F6CE3}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe | "{8D51F1CE-DD73-4960-A392-2FD2340B4B6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8F24A743-47F8-4481-80D2-118C321411F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{916C42F7-43A9-4B7C-B5F0-85363CF14000}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe | "{9EDB56F9-920F-46EE-8EC5-4A608FBDD2EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A2B1FF05-3A5C-4BBC-8FA0-F8717ED67703}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AFBC731C-619C-439F-A21F-37E2B0BD2B18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B1170D91-8A77-4BAA-99F6-729AC388C057}" = dir=out | app=c:\program files (x86)\iobit\driver booster\4.2.0\driverbooster.exe | "{C628BCEA-02B6-4342-BF06-F24108D74090}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D3AF083B-854F-4BCE-9104-6E0E9300019D}" = protocol=6 | dir=out | app=system | "{D6C237F7-A2CF-4469-A741-60A6CF6EE244}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E0103543-0DE4-4E81-99DC-50158B33D997}" = dir=in | app=c:\program files (x86)\iobit\advanced systemcare\surfing protection\ffnativemessage.exe | "{ECFBADDA-F027-4E10-B7F1-22CC90C14E37}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe | "{F60E04AA-4BEB-4F08-8503-1E00C40F44D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F7C0CC0C-2B71-49B1-AC8B-C632D93D29A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA4BF8D4-BAD4-4BAF-81F6-BB66C623B2FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{800686EF-1AE4-485D-BE6A-D768CD407D7C}C:\users\jim\downloads\anydesk.exe" = protocol=6 | dir=in | app=c:\users\jim\downloads\anydesk.exe | "UDP Query User{3CF0A455-7B88-4C96-B332-77C8920A6D2A}C:\users\jim\downloads\anydesk.exe" = protocol=17 | dir=in | app=c:\users\jim\downloads\anydesk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{115FB0FD-1A0A-4C26-82A7-A6689A799BB9}" = Boost "{16607FCC-497A-8BB8-8A3C-B337EF2FE436}" = AMD Media Foundation Decoders "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{2AA3C13E-0531-41B8-AE48-AE28C940A809}" = Microsoft Security Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant "{B48C6AA1-2D9D-497C-3F16-FFBA6A132E3B}" = ccc-utility64 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1 "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E1A4C1C6-8030-EFD6-8FAF-DC2B275D490B}" = AMD Catalyst Install Manager "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{16F2A132-FD31-4626-07E3-45217EBB09EA}" = CCC Help Czech "{19687AD5-7E54-4C5E-A796-125C95079C1D}" = Adobe AIR "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{293C9DF5-7669-4826-BBB2-E1F182D71033}" = Nero 7 Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{32293B73-191C-E8E2-6DD4-6A6F10E6F63A}" = Catalyst Control Center Localization All "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{3C424BD9-E66D-231F-69C6-86B384F5DD6F}" = CCC Help Russian "{3F9AD135-B095-A159-6156-AB695DFBF9C8}" = CCC Help Finnish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{452479C5-0118-48E9-AA69-0A7339F95FC8}" = HP RSS "{46A9FBFA-AD27-0E5F-3868-5B93604B0AAA}" = AMD VISION Engine Control Center "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics "{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader "{5CB2D031-E1D4-1B59-15B5-4BD4F87276E3}" = CCC Help German "{5ED79EBC-7C56-7FB8-852D-650645D503C8}" = Catalyst Control Center InstallProxy "{66BA24FA-4AE1-C377-A6BB-F2802ECFA738}" = CCC Help French "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68B76AD1-3A97-C8E4-BABC-F35A3F211044}" = CCC Help Danish "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio "{7CF63DC1-A616-8F9C-01B4-F9149516AED3}" = CCC Help Turkish "{7E19E234-57BD-9EC8-3CDA-024B274D8C3E}" = CCC Help Dutch "{807BB909-4A95-9C1E-C180-5A5F4A347F8A}" = CCC Help Portuguese "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials "{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes "{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ED35E0F-9649-0997-78DA-725759F52DFF}" = CCC Help Chinese Traditional "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card "{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader "{912DF850-2443-42C7-D318-5D66FF4E3407}" = CCC Help Italian "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{954EFC5C-B4E9-AF03-E75E-011AA4B8B4E7}" = CCC Help Swedish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F59E40E-50A3-8AA4-F522-053B50A10957}" = CCC Help English "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A50540B6-351C-65E1-D2CA-EA5481FDD934}" = CCC Help Japanese "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA9C8DAB-BBD8-3668-D927-99F712F297B3}" = CCC Help Greek "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-0804-1033-1959-001824214663}" = Adobe Refresh Manager "{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information "{B399B7EA-38B7-9A36-F749-DE9266FBCD34}" = CCC Help Norwegian "{B7F2528D-14E6-47D5-734C-5E176399C6F0}" = CCC Help Korean "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{BA39BDB3-2B97-7E2C-C53B-AAD0DB37D79A}" = CCC Help Thai "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4B6097A-80ED-2E6C-80F8-29760F5E96B7}" = CCC Help Polish "{D60537D3-7DE4-BE3B-7170-C016738FCAE9}" = CCC Help Hungarian "{DD5FCE1C-E5FA-8349-62A1-5F6503D46FB2}" = CCC Help Chinese Standard "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E8B8CC8A-17AE-3794-9A1F-5FB364425DB5}" = Catalyst Control Center Graphics Previews Common "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EFA88CC4-478E-42BB-B85A-891E998AB127}" = Catalyst Control Center - Branding "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3C1D196-40A1-9A63-3496-B246A7FCB881}" = CCC Help Spanish "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 25 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI "AnyDesk" = AnyDesk "Driver Booster_is1" = Driver Booster 4.2 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "IObitUninstall" = IObit Uninstaller "Secunia PSI" = Secunia PSI (3.0.0.11005) "Smart Defrag_is1" = Smart Defrag 5 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "Boost 1.0.2" = Boost "Should I Remove It 1.0.4" = Should I Remove It ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/1/2017 7:57:07 PM | Computer Name = jim-HP | Source = Windows Search Service | ID = 3029 Description = Error - 1/1/2017 7:57:07 PM | Computer Name = jim-HP | Source = Windows Search Service | ID = 3028 Description = Error - 1/1/2017 7:57:07 PM | Computer Name = jim-HP | Source = Windows Search Service | ID = 3058 Description = Error - 1/1/2017 7:57:07 PM | Computer Name = jim-HP | Source = Windows Search Service | ID = 7010 Description = Error - 1/1/2017 8:10:48 PM | Computer Name = jim-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver. System Error: The system cannot find the file specified. . Error - 1/1/2017 8:10:48 PM | Computer Name = jim-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . Error - 1/1/2017 8:10:48 PM | Computer Name = jim-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error - 1/1/2017 8:10:48 PM | Computer Name = jim-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error - 1/2/2017 6:28:50 AM | Computer Name = jim-HP | Source = Application Error | ID = 1000 Description = Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950 Exception code: 0xc0000005 Fault offset: 0x000000000002431e Faulting process id: 0xa8e0 Faulting application start time: 0x01d264dfeb809434 Faulting application path: C:\Windows\system32\CompatTelRunner.exe Faulting module path: C:\Windows\system32\devinv.dll Report Id: 3fb346a9-d0d6-11e6-a710-089e01121b7b Error - 1/2/2017 10:15:46 AM | Computer Name = jim-HP | Source = Application Error | ID = 1000 Description = Faulting application name: plugin-container.exe, version: 50.1.0.6186, time stamp: 0x584a057c Faulting module name: mozglue.dll, version: 50.1.0.6186, time stamp: 0x5849ff8b Exception code: 0x80000003 Fault offset: 0x0000ec79 Faulting process id: 0x5c30 Faulting application start time: 0x01d265024bcec3ca Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: f37ba00a-d0f5-11e6-a710-089e01121b7b Error - 1/3/2017 5:47:53 AM | Computer Name = jim-HP | Source = Application Error | ID = 1000 Description = Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950 Exception code: 0xc0000005 Fault offset: 0x000000000002431e Faulting process id: 0x2b8 Faulting application start time: 0x01d265a341a057ce Faulting application path: C:\Windows\system32\CompatTelRunner.exe Faulting module path: C:\Windows\system32\devinv.dll Report Id: b18895e5-d199-11e6-bcb6-089e01121b7b [ Hewlett-Packard Events ] Error - 9/24/2016 8:42:44 AM | Computer Name = jim-HP | Source = HPSFMsgr.exe | ID = 4000 Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbar Displayed() StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbar Displayed() Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3700 Ram Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) Error - 9/24/2016 8:42:45 AM | Computer Name = jim-HP | Source = HPSFMsgr.exe | ID = 4000 Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar() StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeTyp e type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskB ar() Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3700 Ram Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) [ System Events ] Error - 4/8/2017 1:34:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7031 Description = The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 4/8/2017 1:34:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7031 Description = The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 4/8/2017 1:34:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7031 Description = The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 4/8/2017 1:34:25 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7031 Description = The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 4/8/2017 1:34:57 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7034 Description = The IMF Service service terminated unexpectedly. It has done this 2 time(s). Error - 4/8/2017 1:35:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Listener service, but this action failed with the following error: %%1056 Error - 4/8/2017 1:35:23 AM | Computer Name = jim-HP | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: %%1056 Error - 4/8/2017 5:11:50 PM | Computer Name = jim-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 4:09:20 PM on ?4/?8/?2017 was unexpected. Error - 4/8/2017 5:11:55 PM | Computer Name = jim-HP | Source = BugCheck | ID = 1001 Description = Error - 4/14/2017 4:44:38 AM | Computer Name = jim-HP | Source = Schannel | ID = 36887 Description = The following fatal alert was received: 20. < End of report > |
#3
|
||||
|
||||
Hello infectedone and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems. Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools (if possible). 7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software. 8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Thanks ************************************************** ******************************************* You do not have to give money to anyone. Do not make to mistake. ================================================== ======== Please remove IObit folder and softwares. Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists: Advanced systemcare iobit malware fighter Driver Booster Smart Defrag 5 IObit Uninstaller c:\program files (x86)\iobit Boost Reason Should I Remove It Symantec Eraser Panda Security BitTorrent AnyDesk And PC restart. ============================== Please do this; Usage Instructions:
How can I reset the Hosts file back to the default? For windows 7: Please try run Fixİt. ================================================== ===== Step1: Please download AdwCleaner by Xplode onto your desktop.
Please download Junkware Removal Tool to your desktop.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Foreign IP Addresses and Trojan | rebsfan4 | Malware Removal | 51 | September 5th, 2013 07:44 AM |
Foreign IP addresses and Trojan | rebsfan4 | Windows Vista | 0 | August 5th, 2013 01:12 AM |
Why the foreign characters? | Calis | The Anything Else Board | 2 | March 25th, 2012 01:55 PM |
Foreign Files | BPK | Windows XP | 20 | March 3rd, 2003 10:50 AM |
All times are GMT +1. The time now is 03:43 AM.