Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old April 10th, 2018, 11:54 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Panda viewer

Somehow this virus got into my computer though I did not download any new programs. It has changed the icons and extensions of many of my bmp and tif files. Is there some way to remove this virus? Thanks.
Reply With Quote


  #2  
Old April 11th, 2018, 10:54 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hello luzchurch,

I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check.

Please do this the following,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #3  
Old April 12th, 2018, 01:45 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by owner (administrator) on EMACHINE (12-04-2018 07:34:56)
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner & (Available Profiles: owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
() C:\WINDOWS\system32\dxconfig.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\WINDOWS\system32\dxconfig.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2G 1.EXE
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Farbar) C:\Documents and Settings\owner\My Documents\Downloads\FRST(2).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3202416 2016-04-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2016-12-10] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [SpyHunter Security Suite] => "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [EPSON Stylus CX5400 (Copy 1)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus CX5400] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE [99840 2003-05-26] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKLM\...\Run: [DLADiag] => C:\WINDOWS\DLADiag.EXE [57403 2005-08-25] (Sonic Solutions)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] ()
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063523562\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063636265\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [ZAM.krnl.trace.exe] => "C:\Documents and Settings\owner\Local Settings\Application Data\ESET\ESETOnlineScanner\Modules\data\updfiles\ http_update.eset.com\download\engineols3\ZAM.krnl. trace.exe"
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [ZAM.krnl.trace.exe] => "C:\Documents and Settings\owner\Local Settings\Application Data\ESET\ESETOnlineScanner\Modules\data\updfiles\ http_update.eset.com\download\engineols3\ZAM.krnl. trace.exe"
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [ZAM.krnl.trace.exe] => "C:\Documents and Settings\owner\Local Settings\Application Data\ESET\ESETOnlineScanner\Modules\data\updfiles\ http_update.eset.com\download\engineols3\ZAM.krnl. trace.exe"
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [262096 2015-11-10] (Jaksta Technologies Pty Ltd)
SecurityProviders: C:\WINDOWS\system32\MSAPSSPC.DLL, C:\WINDOWS\system32\SCHANNEL.DLL, C:\WINDOWS\system32\DIGEST.DLL, C:\WINDOWS\system32\MSNSSPC.DLL
Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-12]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CE5BCC45-4C4F-4586-B869-86ECA889A6D4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729848673750&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063528750\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729848673750&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063637687\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729848673750&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729847580000&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063539718\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729847580000&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638125\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729847580000&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729849767500&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729849767500&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131675729849767500&GUID=A0A 527A0-09EE-4567-87A3-C8DC37E59CE5
URLSearchHook: [S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063621187] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063652656] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE \rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-04-02] (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-09] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-14] (Oracle Corporation)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll [2009-08-31] (Microsoft Corp.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files\TurboTax 2013\ic2013pp.dll [2014-02-27] (Intuit Canada, a general partnership/une société en nom collectif.)

FireFox:
========
FF DefaultProfile: zgljijw3.default-1507986621468
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\l0eutqyb.default-1494803957500 [not found] <==== ATTENTION
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zgljijw3.default-1507986621468 [2018-04-12]
FF Extension: (Avast SafePrice) - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zgljijw3.default-1507986621468\Extensions\sp@avast.com.xpi [2018-04-09]
FF Extension: (Avast Online Security) - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zgljijw3.default-1507986621468\Extensions\wrc@avast.com.xpi [2018-04-09]
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ltjf2z84.default-1523304993468 [2018-04-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-20] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-23] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext
FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext [2016-12-10] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_29_0_0_ 113.dll [2018-04-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-04-02] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1 .dll [2017-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-06] (Nero AG)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2016-12-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-12-10] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\np dlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-04-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Ch rome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe [272384 2018-04-09] (Adobe Systems Incorporated) [File not signed]
S4 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-09] (AVAST Software)
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
R2 Microsoft DirectX Configuration Service; C:\WINDOWS\system32\dxconfig.exe [64512 2016-04-06] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [785904 2015-07-07] (Nero AG)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Microsoft)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-11-30] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2013-08-14] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [685752 2018-04-08] (Enigma Software Group USA, LLC.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice .sys [26032 2014-04-09] (Wondershare)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [25920 1998-11-12] (Adaptec)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-04-09] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-04-09] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-04-09] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-04-09] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [180984 2018-04-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-04-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-04-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783600 2018-04-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-04-09] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205352 2018-04-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-04-09] (AVAST Software)
S0 Cdr4vsd; C:\WINDOWS\system32\Drivers\Cdr4vsd.sys [72032 2014-08-26] (Adaptec) [File not signed]
R1 DLADiagN; C:\WINDOWS\System32\Drivers\DLADiagN.SYS [10908 2005-08-25] (Sonic Solutions) [File not signed]
R1 DLAPMonN; C:\WINDOWS\System32\Drivers\DLAPMonN.SYS [22812 2005-08-25] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2016-03-09] (Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2018-04-08] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2018-04-08] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [58656 2018-03-19] ()
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [151672 2018-04-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40160 2018-04-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2018-04-11] (Malwarebytes)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsld5a574d5; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED55B3F1-F8F4-4599-BF36-DA05B70DE66C}\MpKsld5a574d5.sys [49504 2018-04-11] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2012-07-19] (Samsung Electronics) [File not signed]
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S1 UdfReadr; C:\WINDOWS\system32\Drivers\UdfReadr.sys [206272 2000-02-22] (Adaptec)
S3 uti0odgx; C:\WINDOWS\system32\Drivers\uti0odgx.sys [7168 2017-04-11] () [File not signed]
R3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam_prewin8.sys [20256 2016-04-19] (Western Digital Technologies)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2018-04-03] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2018-04-03] (Zemana Ltd.)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2016-03-09] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2016-03-09] (Microsoft Corporation)
U5 TDTDP; C:\WINDOWS\System32\Drivers\TDTCP.SYS [22024 2016-03-09] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-11 08:40 - 2018-04-11 08:40 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zemana
2018-04-10 09:41 - 2018-04-11 17:53 - 000000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2018-04-10 07:29 - 2018-04-11 17:31 - 000167328 _____ C:\WINDOWS\ntbtlog.txt
2018-04-09 18:40 - 2018-04-09 18:40 - 000000880 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-04-09 17:32 - 2018-04-09 17:32 - 000000000 ____D C:\Documents and Settings\owner\Application Data\AVAST Software
2018-04-09 17:28 - 2018-04-09 17:28 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2018-04-09 17:28 - 2018-04-09 17:28 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2018-04-09 17:25 - 2018-04-11 17:49 - 000000280 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-04-09 17:24 - 2018-04-11 21:24 - 000000308 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-04-09 17:23 - 2018-04-09 17:22 - 000391856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-09 17:23 - 2018-04-09 17:22 - 000310784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-09 17:23 - 2018-04-09 17:22 - 000205352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-04-09 17:23 - 2018-04-09 17:22 - 000167040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-09 17:23 - 2018-04-09 17:22 - 000124392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-09 17:23 - 2018-04-09 17:22 - 000070816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-09 17:23 - 2018-04-09 17:22 - 000070576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-04-09 17:23 - 2018-04-09 17:22 - 000042808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-09 17:23 - 2018-04-09 17:21 - 001142072 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2018-04-09 17:23 - 2018-04-09 17:21 - 000320728 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-09 17:23 - 2018-04-09 17:20 - 000783600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-09 17:23 - 2018-04-09 17:20 - 000276688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-04-09 17:23 - 2018-04-09 17:20 - 000185432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-04-09 17:23 - 2018-04-09 17:20 - 000180984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-09 17:23 - 2018-04-09 17:20 - 000157368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-04-09 17:23 - 2018-04-09 17:20 - 000050336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-04-09 17:18 - 2018-04-09 17:18 - 000000000 ____D C:\Program Files\AVAST Software
2018-04-09 17:17 - 2018-04-09 18:37 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2018-04-09 12:02 - 2018-04-11 17:53 - 000040160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-09 12:02 - 2018-04-09 12:02 - 000151672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-09 12:01 - 2018-04-11 17:52 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-04-09 12:00 - 2018-04-09 12:00 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2018-04-09 12:00 - 2018-04-09 12:00 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2018-04-09 12:00 - 2018-03-19 12:57 - 000058656 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2018-04-09 11:59 - 2018-04-09 11:59 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-09 07:47 - 2018-04-09 12:23 - 000000064 _____ C:\New index.laccdb
2018-04-08 10:16 - 2018-04-08 10:16 - 000000000 _____ C:\autoexec.bat
2018-04-08 10:12 - 2018-04-09 18:10 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Enigma Software Group
2018-04-08 10:11 - 2018-04-08 10:11 - 000000935 _____ C:\Documents and Settings\owner\Desktop\SpyHunter.lnk
2018-04-08 10:11 - 2018-04-08 10:11 - 000000000 ____D C:\sh4ldr
2018-04-08 10:11 - 2018-04-08 10:11 - 000000000 ____D C:\Documents and Settings\owner\Start Menu\Programs\SpyHunter
2018-04-08 10:08 - 2018-04-08 10:08 - 000019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2018-04-08 10:08 - 2018-04-08 10:08 - 000000000 ____D C:\Program Files\Enigma Software Group
2018-04-07 07:36 - 2018-04-09 15:39 - 003072054 _____ C:\Documents and Settings\owner\.bmp
2018-04-07 07:36 - 2018-04-09 15:39 - 000000000 _____ C:\Documents and Settings\owner\mp
2018-04-07 07:09 - 2018-04-07 07:09 - 000000807 _____ C:\Documents and Settings\owner\Start Menu\Programs\Internet Explorer.lnk
2018-04-07 07:09 - 2018-04-07 07:09 - 000000807 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2018-04-07 07:04 - 2018-04-07 07:49 - 003072054 _____ C:\Documents and Settings\owner\Local Settings\Application Data\.bmp
2018-04-07 07:04 - 2018-04-07 07:49 - 000000000 _____ C:\Documents and Settings\owner\Local Settings\Application Data\mp
2018-04-07 07:00 - 2018-04-07 07:00 - 000000003 _____ C:\Documents and Settings\owner\Local Settings\Application Data\wbem.ini
2018-04-07 06:59 - 2018-04-07 07:00 - 000000000 ____D C:\Program Files\frgtrh
2018-04-03 15:15 - 2018-04-03 15:15 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Zemana AntiMalware
2018-04-03 15:14 - 2018-04-03 15:15 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2018-04-03 15:14 - 2018-04-03 15:15 - 000181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2018-04-03 15:14 - 2018-04-03 15:15 - 000001605 _____ C:\Documents and Settings\All Users\Desktop\Zemana AntiMalware.lnk
2018-04-03 09:03 - 2008-02-25 12:29 - 000136797 _____ C:\WINDOWS\system32\nvapps.nvb
2018-04-03 09:00 - 2008-03-06 17:23 - 000442368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvunrm.exe
2018-04-03 09:00 - 2007-12-07 16:12 - 000005836 _____ C:\WINDOWS\system32\nvnrm.nvu
2018-03-30 16:38 - 2018-03-30 16:38 - 000276578 _____ C:\Documents and Settings\owner\My Documents\hamsanada.bmp
2018-03-30 16:33 - 2018-03-30 16:33 - 000115390 _____ C:\Documents and Settings\owner\My Documents\skandamanorama.bmp
2018-03-30 16:22 - 2018-03-30 16:22 - 000001716 _____ C:\Documents and Settings\All Users\Desktop\Canon Solution Menu EX.lnk
2018-03-30 16:19 - 2018-03-30 16:19 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CanoScan LiDE 210
2018-03-26 18:59 - 2018-04-06 11:05 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-12 07:38 - 2016-11-16 15:52 - 000000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job
2018-04-12 07:38 - 2013-04-09 11:21 - 000000000 ____D C:\Documents and Settings\owner\Local Settings\Temp
2018-04-12 07:36 - 2016-03-14 11:15 - 000074835 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-12 07:36 - 2016-03-14 11:15 - 000047360 _____ C:\WINDOWS\ZAM.krnl.trace
2018-04-12 07:34 - 2016-03-09 08:26 - 000000000 ____D C:\FRST
2018-04-12 07:27 - 2016-02-25 11:07 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-04-12 06:51 - 2016-05-10 18:51 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-04-12 06:48 - 2017-04-20 11:04 - 000032182 _____ C:\WINDOWS\SchedLgU.Txt
2018-04-12 06:40 - 2013-04-09 11:20 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2018-04-11 19:24 - 2017-05-09 06:52 - 000000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2018-04-11 17:53 - 2017-11-04 09:03 - 000008192 _____ C:\WINDOWS\system32\WDPABKP.dat
2018-04-11 17:53 - 2013-04-23 18:36 - 000000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job
2018-04-11 17:52 - 2017-10-22 09:51 - 000000157 _____ C:\WINDOWS\ssdiag.ini
2018-04-11 17:49 - 2016-05-10 18:51 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-04-11 17:49 - 2013-04-27 18:00 - 000000300 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-507921405-1284227242-1417001333-1003.job
2018-04-11 17:49 - 2013-04-09 11:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-11 17:48 - 2013-04-09 07:03 - 000364120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-11 17:17 - 2013-08-20 13:59 - 000000000 ____D C:\WINDOWS\pss
2018-04-11 17:17 - 2013-04-09 07:02 - 000000211 ____N C:\boot.ini
2018-04-11 17:17 - 2008-04-14 05:00 - 000000885 _____ C:\WINDOWS\win.ini
2018-04-11 17:17 - 2008-04-14 05:00 - 000000227 _____ C:\WINDOWS\system.ini
2018-04-11 17:12 - 2013-05-05 08:04 - 000373650 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2018-04-11 14:43 - 2017-10-23 11:26 - 000000486 _____ C:\WINDOWS\Tasks\novaPDF Reactivation.job
2018-04-11 14:42 - 2013-08-30 21:05 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2018-04-11 09:33 - 2017-03-28 11:44 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-04-11 09:13 - 2013-04-09 11:21 - 000000178 ___SH C:\Documents and Settings\owner\ntuser.ini
2018-04-10 19:01 - 2016-07-09 21:46 - 000000000 ____D C:\Documents and Settings\owner\My Documents\tesla 1
2018-04-10 18:57 - 2013-04-09 14:22 - 000000000 ____D C:\Ragde-D
2018-04-10 09:22 - 2013-04-09 11:21 - 000000000 ____D C:\Documents and Settings\owner
2018-04-10 09:04 - 2016-01-10 15:43 - 000000000 ____D C:\Program Files\WinRAR
2018-04-10 09:04 - 2014-05-12 20:48 - 000000000 ____D C:\Documents and Settings\owner\Start Menu\Programs\WinRAR
2018-04-10 09:04 - 2014-05-12 20:48 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2018-04-10 09:04 - 2013-04-09 18:03 - 000000000 ____D C:\program downloads
2018-04-10 07:46 - 2013-11-12 15:56 - 000196608 _____ C:\WINDOWS\system32\config\OAlerts.evt
2018-04-09 18:48 - 2016-03-23 17:04 - 000000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2018-04-09 18:40 - 2013-04-10 10:22 - 000804352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-04-09 18:40 - 2013-04-10 10:22 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-04-09 18:39 - 2013-04-09 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-09 17:27 - 2013-04-09 06:56 - 000000000 ___HD C:\WINDOWS\inf
2018-04-09 17:25 - 2013-05-23 11:52 - 000000000 ____D C:\Program Files\CCleaner
2018-04-09 15:40 - 2016-01-13 17:27 - 000000825 _____ C:\Documents and Settings\owner\Desktop\chrome.lnk
2018-04-09 15:38 - 2008-04-14 05:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2018-04-09 15:36 - 2017-10-31 13:55 - 000373650 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
2018-04-09 11:59 - 2014-05-11 15:44 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2018-04-09 11:00 - 2016-03-15 06:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\vlc
2018-04-09 10:56 - 2013-05-04 09:15 - 000000000 ____D C:\WINDOWS\system32\NtmsData
2018-04-09 09:54 - 2017-03-28 11:43 - 000000718 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
2018-04-09 09:54 - 2017-03-28 11:43 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-09 09:54 - 2017-03-28 11:43 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2018-04-09 07:47 - 2016-03-25 11:08 - 020193280 _____ C:\New index.accdb
2018-04-07 09:58 - 2013-04-09 11:13 - 000000000 ____D C:\WINDOWS\Registration
2018-04-06 10:27 - 2016-03-14 11:14 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2018-04-05 09:11 - 2013-04-27 18:00 - 000000308 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2018-04-03 09:36 - 2013-04-09 12:30 - 000000000 ____D C:\WINDOWS\nview
2018-04-03 09:36 - 2013-04-09 06:56 - 000000000 ____D C:\WINDOWS\Help
2018-04-03 09:02 - 2013-04-09 12:25 - 000000000 ____D C:\WINDOWS\system32\ReinstallBackups
2018-04-03 09:02 - 2013-04-09 06:56 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2018-04-03 08:21 - 2013-11-25 12:44 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2018-04-02 10:03 - 2013-04-11 12:49 - 000000000 ____D C:\Documents and Settings\owner\Local Settings\Application Data\ApplicationHistory
2018-04-01 17:59 - 2013-04-27 17:59 - 000000326 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job
2018-03-30 16:30 - 2013-11-25 12:40 - 000000000 ____D C:\Program Files\Canon
2018-03-30 16:26 - 2017-05-11 08:22 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-30 16:24 - 2013-05-05 08:04 - 001632706 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-1284227242-1417001333-1003-0.dat
2018-03-30 16:22 - 2013-11-25 12:42 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2018-03-30 16:20 - 2013-11-25 12:42 - 000001987 _____ C:\Documents and Settings\All Users\Desktop\Canon CanoScan LiDE 210 On-screen Manual.lnk
2018-03-23 10:41 - 2013-04-09 07:04 - 000718530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-23 10:37 - 2018-02-23 11:38 - 000000000 ____D C:\WINDOWS\SxsCaPendDel
2018-03-23 10:37 - 2013-05-05 07:58 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2018-03-22 10:47 - 2013-05-12 10:57 - 000000000 ____D C:\Documents and Settings\owner\Application Data\XnView
2018-03-16 08:03 - 2017-04-09 21:29 - 000022883 _____ C:\Documents and Settings\owner\My Documents\Bibliography.txt

==================== Files in the root of some directories =======

1618-10-21 21:05 - 1618-10-21 21:05 - 000096256 ____N (Microsoft Corporation) C:\Program Files\NYqasgsZY.exe
2018-04-07 07:04 - 2018-04-07 07:49 - 003072054 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\.bmp
2016-03-14 18:48 - 2016-03-14 18:48 - 000000128 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
2018-04-07 07:04 - 2018-04-07 07:49 - 000000000 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\mp
2018-04-07 07:00 - 2018-04-07 07:00 - 000000003 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\wbem.ini
2017-10-14 08:38 - 2017-10-14 08:38 - 000000000 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\{0BF9E288-E566-49FE-A583-BB6E955B2DFD}
2014-07-26 17:59 - 2016-01-08 16:35 - 000001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
2018-04-09 17:24 - 2018-04-09 17:24 - 000503208 _____ (Piriform Ltd) C:\Documents and Settings\owner\Local Settings\Temp\ccupdate.exe
2018-04-09 09:49 - 2016-03-09 01:00 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\owner\Local Settings\Temp\dllnt_dump.dll
2018-04-07 07:00 - 2018-04-07 06:59 - 000457016 _____ () C:\Documents and Settings\owner\Local Settings\Temp\DoubleClick.exe
2018-04-07 06:59 - 2018-04-07 07:00 - 002158592 _____ () C:\Documents and Settings\owner\Local Settings\Temp\installer_mi.exe
2018-04-07 06:58 - 2018-04-07 06:59 - 000860523 _____ ( ) C:\Documents and Settings\owner\Local Settings\Temp\setup.exe
2015-08-14 08:29 - 2015-07-29 16:08 - 000681097 _____ (SQLite Development Team) C:\Documents and Settings\owner\Local Settings\Temp\sqlite3.dll
2018-04-07 07:00 - 2018-04-07 07:00 - 004450288 _____ ( ) C:\Documents and Settings\owner\Local Settings\Temp\SystemHealer.exe
2018-04-07 06:59 - 2018-04-07 06:59 - 000457016 _____ () C:\Documents and Settings\owner\Local Settings\Temp\zdj.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
Reply With Quote
  #4  
Old April 12th, 2018, 01:48 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Part 1
Reply With Quote
  #5  
Old April 12th, 2018, 01:50 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Part 1
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by owner (12-04-2018 07:41:58)
Running from C:\Documents and Settings\owner\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-04-09 15:19:13)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-507921405-1284227242-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-507921405-1284227242-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-507921405-1284227242-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-507921405-1284227242-1417001333-1000 - Limited - Disabled)
owner (S-1-5-21-507921405-1284227242-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\owner
SUPPORT_388945a0 (S-1-5-21-507921405-1284227242-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adaptec Easy CD Creator (HKLM\...\CDCreator30) (Version: - )
Adaptec UDF Reader (HKLM\...\Adaptec UDF Reader) (Version: - )
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Reader Packages (HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Adobe Reader Packages) (Version: - ) <==== ATTENTION
Adobe Reader Packages (HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Adobe Reader Packages) (Version: - ) <==== ATTENTION
Adobe Reader Packages (HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Adobe Reader Packages) (Version: - ) <==== ATTENTION
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
A-PDF Merger (HKLM\...\A-PDF Merger_is1) (Version: - A-PDF.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
autolock wizard (HKLM\...\{CC5E2A47-F660-4763-AA88-75B1FC30CA0D}) (Version: 4.7.1 - HexaLock)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DjVuLibre DjView 3.5.27+4.10.4 (HKLM\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Easy Bridge (HKLM\...\Easy BridgeDeinstall) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Family Tree Maker (HKLM\...\FTW) (Version: - )
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JPG to Word Converter 1.0 (HKLM\...\{BE1475FD-E1F4-4686-B2E2-EDF8E090D2DB}_is1) (Version: 1.0 - Soft Solutions)
M3 BitLocker Decryption version 5.5 (HKLM\...\{0AF04533-F913-4ABD-A4DC-8B2CDC226E4F}}_is1) (Version: 5.5 - M3 Data Recovery)
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 2.0 Client Profile Basic Version 1.0.0.18 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.0.18 - Wondershare, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 14 (HKLM\...\{90140000-0010-0409-0000-0000000FF1CE}) (Version: - )
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Mozilla Firefox 52.0.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.3.6655 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Hidden
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
Nero Kwik Media (HKLM\...\{283E9B9D-F1B3-45BA-B942-6B10A3948533}) (Version: 12.5.00300 - Nero AG)
novaPDF 8 (HKLM\...\{0BDC1E59-A971-4737-8DDF-E4ABB3A2D33C}) (Version: 8.9.951 - Softland) Hidden
novaPDF 8 (HKLM\...\{b237db6e-0a86-4779-9dd4-219781e867c9}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{EEFA260F-AED4-402B-AC7C-418CB69BE662}) (Version: 8.9.951 - Softland)
novaPDF 8 SDK COM (x86) (HKLM\...\{E47D57E4-0674-440A-9CBD-A0705684A8C3}) (Version: 8.9.951 - Softland)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0008 - Nero AG) Hidden
RealDownloader (HKLM\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Music 7 (7.0.0.96) (HKLM\...\Replay Music 7) (Version: 7.0.0.96 - Applian Technologies)
RogueKiller version 12.12.12.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.12.0 - Adlice Software)
Samsung CLP-410 Series (HKLM\...\Samsung CLP-410 Series) (Version: 1.17 (6/10/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.4.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.28.7.4850 - Enigma Software Group, LLC)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
WD Quick View (HKLM\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7F7425DB-530D-48D8-A3A6-3184B2E07FDD}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows XP Service Pack 4 (HKLM\...\Windows XP Service Pack) (Version: 20160308.230000 - Charalampos Kazakos )
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{2D64E404-9216-4232-B360-ADC95520AB28}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{2D64E404-9216-4232-B360-ADC95520AB28}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{2D64E404-9216-4232-B360-ADC95520AB28}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID:
Reply With Quote
  #6  
Old April 12th, 2018, 01:56 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Part 2

HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Canada Limited)
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Canada Limited)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-04-03] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2013-01-27] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2008-02-25] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2008-02-25] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-04-03] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\RAGDE-D\WINZIP\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_29_ 0_0_113_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\novaPDF Reactivation.job => C:\Program Files\Softland\novaPDF 8\Driver\ActivationClient.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-507921405-1284227242-1417001333-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0F3B82B-776E-484E-ADF4-E0E06392C8AE}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Documents and Settings\owner\Desktop\chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-http2
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Online documentation.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net/doc/index.html
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit Djvu.org.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.org
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjVuLibre download page.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://sourceforge.net/projects/djvu/files/DjVuLibre_Windows/
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DjVuLibre\Help\Visit DjvuLibre.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> url.dll,FileProtocolHandler hxxp://djvu.sourceforge.net

==================== Loaded Modules (Whitelisted) ==============

2012-02-09 06:45 - 2015-04-24 07:43 - 000018432 _____ () C:\WINDOWS\system32\ssd4clm.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 000073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 001044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-30 16:29 - 2010-04-05 15:55 - 000116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2016-04-06 19:18 - 2016-04-06 19:18 - 000064512 _____ () C:\WINDOWS\system32\dxconfig.exe
2017-08-16 14:18 - 2017-08-16 14:18 - 000138672 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 000039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
2018-04-09 12:00 - 2018-03-12 15:09 - 001936672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-02-25 12:29 - 2008-02-25 12:29 - 001482752 _____ () C:\WINDOWS\system32\nview.dll
2013-02-12 22:37 - 2013-02-12 22:37 - 001263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-12 22:38 - 2013-02-12 22:38 - 000100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-08 13:30 - 2014-09-08 13:30 - 000351968 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 008801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2008-02-25 12:29 - 2008-02-25 12:29 - 000466944 _____ () C:\WINDOWS\system32\nvshell.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPDCCB2FA [306]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\regfile\shell\open\command: C:\WINDOWS\REGEDIT.EXE /M "%L" <==== ATTENTION
HKLM\...\batfile\shell\open\command: C:\WINDOWS\system32\CMD.EXE /C Call "%L" %* <==== ATTENTION
HKLM\...\cmdfile\shell\open\command: C:\WINDOWS\system32\CMD.EXE /C Call "%L" %* <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 05:00 - 2017-01-10 18:06 - 000000029 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
Reply With Quote
  #7  
Old April 12th, 2018, 02:01 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Part 3

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063528750\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063637687\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063539718\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638125\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063621187\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063652656\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
DomainProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation
DomainProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNetisabled:Windows® NetMeeting®
DomainProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNetisabled:Windows® NetMeeting® Remote Desktop Sharing
DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player
DomainProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player
DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNetisabled:Offer Remote Assistance
DomainProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNetisabled:Remote Assistance - Windows Messenger and Voice
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe] => Enabled:QuickBooks 2009 Data Manager
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE] => Enabled:SAgent4
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
Reply With Quote
  #8  
Old April 12th, 2018, 02:05 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [D:\Installation\Setupx.exe] => Enabled:Nero ProductSetup
StandardProfile\AuthorizedApplications: [C:\Program Files\JFileManager\JFileManager.exe] => Disabled:JFileManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Maxthon\Bin\MxUp.exe] => Enabled:MxUp
StandardProfile\AuthorizedApplications: [C:\Program Files\Maxthon\Bin\Maxthon.exe] => Enabled:Maxthon
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\owner\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe] => Enabled:Apowersoft Free Audio Recorder
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe] => Enabled:Easy Printer Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe] => Enabled:EPM Order Supplies
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe] => Enabled:EPM Alert
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe] => Enabled:Samsung uninstaller
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe] => Enabled:EPM CDA Scan2PC
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe] => Enabled:EPM ScanProcess
Reply With Quote
  #9  
Old April 12th, 2018, 02:09 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Part 5

StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe] => Enabled:EPM ScanProcess
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe] => Enabled:EPM Scan2PCNotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe] => Enabled:Nero Blu-ray Player
StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\KM\NMDllHost.exe] => Enabled:NMDllHost
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Music 7\jrmp.exe] => Enabled:Replay Music 7
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [%SystemRoot%\Network Diagnostic\XPNetDiag.Exe] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP3R es.Dll,-20000
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMAdmin.Exe] => :LocalSubnet:Enabled:Logical Disk Manager service process
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\DMRemote.Exe] => :LocalSubnet:Enabled:Logical Disk Manager component
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\FTP.Exe] => Enabled:Windows® FTP Client
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MMC.Exe] => :LocalSubNet:Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\SessMgr.Exe] => :LocalSubnet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TCPSvcS.Exe] => :LocalSubNet:Enabled:Windows® TCP/IP Services Application
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\TlntSvr.Exe] => :LocalSubnet:Enabled:Windows® Telnet Service
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\WBEM\UnSecApp.Exe] => :LocalSubNet:Enabled:Windows® Management Instrumentation
StandardProfile\AuthorizedApplications: [%ProgramFiles%\NetMeeting\Conf.Exe] => :LocalSubNetisabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [%SystemRoot%\System32\MNMSrvC.Exe] => :LocalSubNetisabled:Windows® NetMeeting® Remote Desktop Sharing
Reply With Quote
  #10  
Old April 12th, 2018, 02:10 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Part 6

StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\MPlayer2.Exe] => :LocalSubnet:Enabled:Windows® Media Player
StandardProfile\AuthorizedApplications: [%ProgramFiles%\Windows Media Player\WMPlayer.Exe] => :LocalSubnet:Enabled:Windows® Media Player
StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe :LocalSubNetisabled:Offer Remote Assistance
StandardProfile\AuthorizedApplications: [%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.Exe] => %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe :LocalSubNetisabled:Remote Assistance - Windows Messenger and Voice
DomainProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
DomainProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22002
DomainProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22005
DomainProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008
DomainProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009
DomainProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017
DomainProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016
DomainProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015
DomainProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018
DomainProfile\GloballyOpenPorts: [80:TCP] => :LocalSubNetisabled:Windows® Remote Management
DomainProfile\GloballyOpenPorts: [443:TCP] => :LocalSubNetisabled:Windows® Remote Management
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => :LocalSubNetisabled:Windows® Remote Management
StandardProfile\GloballyOpenPorts: [135:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22019
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNetisabled:@%SystemRoot%\System32\XPSP2 Res.Dll,-22005
StandardProfile\GloballyOpenPorts: [445:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22003
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => :LocalSubNet:Enabled:@%SystemRoot%\System32\XPSP2R es.Dll,-22009
StandardProfile\GloballyOpenPorts: [500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22017
StandardProfile\GloballyOpenPorts: [1701:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22016
StandardProfile\GloballyOpenPorts: [1723:TCP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22015
StandardProfile\GloballyOpenPorts: [4500:UDP] => Disabled:@%SystemRoot%\System32\XPSP2Res.Dll,-22018
StandardProfile\GloballyOpenPorts: [8501:TCP] => Enabled:NovaPDFTCPPortException
StandardProfile\GloballyOpenPorts: [8501:UDP] => Enabled:NovaPDFUDPPortException

==================== Restore Points =========================

11-04-2018 09:27:13 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2018 07:27:36 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.14700.5, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 NIL, P10 NIL.

Error: (04/12/2018 06:30:44 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.14700.5, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 NIL, P10 NIL.

Error: (04/12/2018 06:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32710328

Error: (04/12/2018 06:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32710328

Error: (04/12/2018 06:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2018 09:25:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2141

Error: (04/11/2018 09:25:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2141

Error: (04/11/2018 09:25:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Reply With Quote
  #11  
Old April 12th, 2018, 02:11 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Parat 7


System errors:
=============
Error: (04/12/2018 06:40:52 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.265.206.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: Default URL

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.14700.5

Error code: 0x80070422

Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (04/12/2018 06:40:51 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/12/2018 06:40:51 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/12/2018 06:30:38 AM) (Source: DCOM) (EventID: 10000) (User: EMACHINE)
Description: Unable to start a DCOM Server: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}.
The error:
"%"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding4001"
Happened while starting this command:
"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding

Error: (04/12/2018 06:30:38 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe.
Reference error message: The operation completed successfully.
.

Error: (04/12/2018 06:30:38 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (04/12/2018 06:30:38 AM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (04/11/2018 09:25:21 PM) (Source: DCOM) (EventID: 10000) (User: EMACHINE)
Description: Unable to start a DCOM Server: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}.
The error:
"%"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding4001"
Happened while starting this command:
"C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding


==================== Memory info ===========================

Processor: AMD Athlon(tm) Processor 2650e
Percentage of memory in use: 86%
Total physical RAM: 894.42 MB
Available physical RAM: 117.06 MB
Total Virtual: 3422.89 MB
Available Virtual: 2468.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:13.82 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (My Passport) (Fixed) (Total:1397.23 GB) (Free:850.65 GB) NTFS


==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 987E987E)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (Size: 1397.2 GB) (Disk ID: 428A44DB)
Partition 1: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #12  
Old April 12th, 2018, 07:29 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hi luzchurch,

Did you make GloballyOpenPorts settings?

------------------------

Quote:
Microsoft Security Essentials (Enabled)
Avast Antivirus (Enabled)
:Multiple Anti Virus programs:
  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:Please uninstall other of the following leaving just one Antivirus.


    AV: avast! Antivirus
    AV: Microsoft Security Essentials



    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
------------------------

Uninstall some programs

NOTE: Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove
    • Adobe Reader Packages
    • Adobe Reader XI
    • Java 8
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.================================================= =====
Disable anti-virus and firewall programs.

Run FRST Script:
Please download this attached Fixlist.txt (9.6 KB, 0 views)and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
Attached Files
File Type: txt Fixlist.txt (9.6 KB, 2 views)
Reply With Quote
  #13  
Old April 13th, 2018, 02:51 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
I deleted the programs as you have suggested and ran FRST which worked fine. But during the fix part of the program I got a message indicating that an error had occured and the program has to close. I tried it a second time with the same result.
Reply With Quote
  #14  
Old April 13th, 2018, 03:27 PM
luzchurch luzchurch is offline
Senior Member
 
Join Date: Nov 2004
Posts: 333
Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by owner (13-04-2018 09:25:06) Run:2
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner (Available Profiles: owner & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
URLSearchHook: [S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063621187] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063652656] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\l0eutqyb.default-1494803957500 [not found] <==== ATTENTION
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
2018-04-09 17:24 - 2018-04-09 17:24 - 000503208 _____ (Piriform Ltd) C:\Documents and Settings\owner\Local Settings\Temp\ccupdate.exe
2018-04-09 09:49 - 2016-03-09 01:00 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\owner\Local Settings\Temp\dllnt_dump.dll
2018-04-07 07:00 - 2018-04-07 06:59 - 000457016 _____ () C:\Documents and Settings\owner\Local Settings\Temp\DoubleClick.exe
2018-04-07 06:59 - 2018-04-07 07:00 - 002158592 _____ () C:\Documents and Settings\owner\Local Settings\Temp\installer_mi.exe
2018-04-07 06:58 - 2018-04-07 06:59 - 000860523 _____ ( ) C:\Documents and Settings\owner\Local Settings\Temp\setup.exe
2015-08-14 08:29 - 2015-07-29 16:08 - 000681097 _____ (SQLite Development Team) C:\Documents and Settings\owner\Local Settings\Temp\sqlite3.dll
2018-04-07 07:00 - 2018-04-07 07:00 - 004450288 _____ ( ) C:\Documents and Settings\owner\Local Settings\Temp\SystemHealer.exe
2018-04-07 06:59 - 2018-04-07 06:59 - 000457016 _____ () C:\Documents and Settings\owner\Local Settings\Temp\zdj.exe
C:\Documents and Settings\owner\Local Settings\Temp\dllnt_dump.dll
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPDCCB2FA [306]
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063528750\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063637687\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063539718\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638125\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063528750\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063637687\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063539718\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638125\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063621187\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063652656\Control Panel\Desktop\\Wallpaper -> (None)
HKLM\...\regfile\shell\open\command: C:\WINDOWS\REGEDIT.EXE /M "%L" <==== ATTENTION
HKLM\...\batfile\shell\open\command: C:\WINDOWS\system32\CMD.EXE /C Call "%L" %* <==== ATTENTION
HKLM\...\cmdfile\shell\open\command: C:\WINDOWS\system32\CMD.EXE /C Call "%L" %* <==== ATTENTION
2018-04-07 07:36 - 2018-04-09 15:39 - 003072054 _____ C:\Documents and Settings\owner\.bmp
2018-04-07 07:36 - 2018-04-09 15:39 - 000000000 _____ C:\Documents and Settings\owner\mp
2018-04-07 07:04 - 2018-04-07 07:49 - 003072054 _____ C:\Documents and Settings\owner\Local Settings\Application Data\.bmp
2018-04-07 07:04 - 2018-04-07 07:49 - 000000000 _____ C:\Documents and Settings\owner\Local Settings\Application Data\mp
C:\Documents and Settings\owner\Local Settings\Application Data\.bmp
C:\Documents and Settings\owner\Local Settings\Application Data\mp
2018-03-30 16:38 - 2018-03-30 16:38 - 000276578 _____ C:\Documents and Settings\owner\My Documents\hamsanada.bmp
2018-03-30 16:33 - 2018-03-30 16:33 - 000115390 _____ C:\Documents and Settings\owner\My Documents\skandamanorama.bmp
1618-10-21 21:05 - 1618-10-21 21:05 - 000096256 ____N (Microsoft Corporation) C:\Program Files\NYqasgsZY.exe
CMD: ipconfig /flushdns
EMPTYTEMP:
*****************

Restore point was successfully created.
Reply With Quote
  #15  
Old April 13th, 2018, 07:30 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
This is not a Fixlog file.
The Fixlog file must have been created on the desktop.
Please check. Or do the operation again. Thanks.

=======================
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work

Fixlist and FRST software should be on your desktop.Run the fixlist file from the desktop again.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:50 AM.