Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"sedoparking" or "park.js"


  • Please log in to reply

#1
farnaz_im

farnaz_im

    New Member

  • Member
  • Pip
  • 2 posts

Hi. A virus that its name is "sedoparking" or "park.js" infected my computer and I need help to destroy it. help me please! :


  • 0

Advertisements


#2
farnaz_im

farnaz_im

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hi again. I attached the true file ! sorry

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-12-2017
Ran by farnaz (31-12-2017 11:56:05)
Running from C:\Users\farnaz\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2013-12-02 04:45:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3413881090-1058124947-865584590-500 - Administrator - Disabled)
farnaz (S-1-5-21-3413881090-1058124947-865584590-1000 - Administrator - Enabled) => C:\Users\farnaz
Guest (S-1-5-21-3413881090-1058124947-865584590-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3413881090-1058124947-865584590-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.0.3.133 - Adobe Systems, Inc.)
Advertising Center (HKLM\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.2 - Nero AG) Hidden
Alien Shooter (HKLM\...\Alien Shooter_is1) (Version:  - )
BurnAware Free 6.4 (HKLM\...\BurnAware Free) (Version: 6.4 - Burnaware Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 2.33 - Piriform)
COWON Media Center - jetAudio Plus VX (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.6 - COWON)
Error Repair Professional 3.8.8 (HKLM\...\Error Repair Professional_is1) (Version:  - www.error-repair-pro.com)
FlashGet3.7 (HKLM\...\FlashGet3.7) (Version: 3.7.0.1220 - hxxp://www.FlashGet.com)
Flashtool (HKLM\...\Flashtool) (Version: 0.9.18.2 - Androxyde)
Free PS Convert driver 8.15 (HKLM\...\Free PS Convert driver_is1) (Version:  - )
GOM Player (HKLM\...\GOM Player) (Version: 2.3.6.5260 - Gretech Corporation)
Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
K-Lite Mega Codec Pack 10.0.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Mozilla Firefox 57.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 57.0.3 (x86 en-US)) (Version: 57.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Nero 9 Essentials (HKLM\...\{4b20cce0-45a3-435b-8ad0-0f3f8578d67d}) (Version:  - Nero AG)
Opera 10.00 (HKLM\...\{FC66E05E-8D39-47A6-8D07-759F33727EB0}) (Version: 10.00 - Opera Software ASA)
PDF Settings CS6 (HKLM\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoFiltre (HKLM\...\PhotoFiltre) (Version:  - )
QuickTime (HKLM\...\{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}) (Version: 7.0.3 - Apple Computer, Inc.) Hidden
QuickTime (HKLM\...\InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}) (Version: 7.0.3 - Apple Computer, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.20 - www.SamLab.ws)
Sheed A.V. (HKLM\...\{B7E86DAB-0341-4403-B0F0-2EB7834F5ADC}) (Version: 2.0 - SheedSoft Co.) Hidden
Sheed A.V. (HKLM\...\Sheed A.V.) (Version: 2.0 - SheedSoft Co.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-3413881090-1058124947-865584590-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.4.3 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 13.1.0 - UMEZAWA Takeshi)
win-procesce 1.00 (HKLM\...\win-procesce 1.00) (Version: 1.00 - win-procesce)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version:  - )
ZirYab 4 (HKLM\...\ZirYab 4) (Version: 4 - abasi.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3413881090-1058124947-865584590-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\farnaz\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-03-04] (Nero AG)
ContextMenuHandlers1: [SheedShlExt] -> {F289930E-697C-432A-8C13-08DB3BAD1A62} => C:\Program Files\Sheed AntiVirus\SheedShlExt.dll [2013-12-11] (SheedSoft Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2005-10-08] ()
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files\JetAudio\JetFlExt.dll [2010-07-03] (JetAudio)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2005-10-08] ()
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files\JetAudio\JetFlExt.dll [2010-07-03] (JetAudio)
ContextMenuHandlers6: [SheedShlExt] -> {F289930E-697C-432A-8C13-08DB3BAD1A62} => C:\Program Files\Sheed AntiVirus\SheedShlExt.dll [2013-12-11] (SheedSoft Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2005-10-08] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {30A1C5EC-73E1-48FD-845C-17E6F78BC5E1} - System32\Tasks\{1229C064-6A7B-4151-AEF5-BEE9841F7419} => C:\Windows\system32\pcalua.exe -a "G:\Adobe Photoshop CS5 ME\Setup.exe" -d "G:\Adobe Photoshop CS5 ME"
Task: {47DC60CB-2743-48A6-BE8A-90D9C247501B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {7ACCC71F-7B40-410B-BC8C-D6CF1DCBEBA4} - System32\Tasks\{5BF14980-7265-4642-B063-D0748DDAA690} => "c:\users\farnaz\appdata\local\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.64.154&LastError=404
Task: {AC72B8C4-7DBE-47A5-8F99-DDE9A28FDD52} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-02] (Adobe Systems Incorporated)
Task: {C43D50F7-070E-42FE-A591-83CD1C71EBA5} - System32\Tasks\{0797935C-E9C8-4D56-AA93-9471ACF01EF7} => C:\Windows\system32\pcalua.exe -a "E:\pell mell\Games\Alien Shooter v1.2\Setup 2.exe" -d "E:\pell mell\Games\Alien Shooter v1.2"
Task: {DCFF1718-65CA-41FF-B365-75CBF3BA5162} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-01-10 06:48 - 2010-01-10 06:48 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 12:04 - 2010-01-21 12:04 - 008793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-02 08:23 - 2005-10-08 02:35 - 000125440 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-07 22:21 - 2014-11-07 22:21 - 001490432 _____ () C:\Users\farnaz\AppData\Local\Temp\IXP000.TMP\NSCPUC~1.EXE
2014-11-07 22:21 - 2014-11-07 22:21 - 001490432 _____ () C:\Users\farnaz\AppData\Local\Temp\IXP001.TMP\NSCPUC~1.EXE

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3413881090-1058124947-865584590-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3413881090-1058124947-865584590-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2017-04-25 11:26 - 000005294 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 mirror3.internetdownloadmanager.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com

There are 114 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3413881090-1058124947-865584590-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\farnaz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 217.218.155.155 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\Services: STI Simulator => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupreg: ntuser => wscript.exe //B "C:\Users\farnaz\ntuser.vbe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{58E3528F-7A56-4E26-B854-2573B7F62D13}D:\peida shode ha az recovery\desk top\freegate\fg742p.exe] => (Allow) D:\peida shode ha az recovery\desk top\freegate\fg742p.exe
FirewallRules: [UDP Query User{5930ED19-9883-4384-97FF-3EB8673D6379}D:\peida shode ha az recovery\desk top\freegate\fg742p.exe] => (Allow) D:\peida shode ha az recovery\desk top\freegate\fg742p.exe
FirewallRules: [TCP Query User{AA38A340-CD9D-42AE-A106-15E645AC108A}C:\users\farnaz\desktop\freegate\fg742p.exe] => (Allow) C:\users\farnaz\desktop\freegate\fg742p.exe
FirewallRules: [UDP Query User{76453897-7B9E-4B8D-9C21-265C920F6D04}C:\users\farnaz\desktop\freegate\fg742p.exe] => (Allow) C:\users\farnaz\desktop\freegate\fg742p.exe
FirewallRules: [{55F457AF-AF7E-438C-9040-451E95A29CBA}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AAF0389B-FD6B-4834-A611-B64353592FC4}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{94043372-7D83-4BD2-87BC-0A007B717BB1}C:\program files\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{6840819D-8987-4C71-91F0-1D8166980641}C:\program files\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{C2EB27BC-9751-432A-ACCF-F54855DB7537}C:\program files\flashget network\flashget 3\flashget3.exe] => (Block) C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{D60ABEE4-EA5D-4346-AF9B-B8D81CEFDDC8}C:\program files\flashget network\flashget 3\flashget3.exe] => (Block) C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{06BF8A97-4D28-439B-8D4A-E349DBF17414}C:\users\farnaz\appdata\local\temp\mmbplayer\pdf_edit.exe] => (Allow) C:\users\farnaz\appdata\local\temp\mmbplayer\pdf_edit.exe
FirewallRules: [UDP Query User{2018F3B7-3778-4912-9E00-8796470BBB09}C:\users\farnaz\appdata\local\temp\mmbplayer\pdf_edit.exe] => (Allow) C:\users\farnaz\appdata\local\temp\mmbplayer\pdf_edit.exe
FirewallRules: [{C7AFE0C8-995A-4E61-A3C9-7B33154F7447}] => (Allow) C:\Program Files\WebFreer\webfreer.exe
FirewallRules: [{059CB9CD-78F8-42A7-A3A4-2140FC6633D5}] => (Allow) C:\Program Files\WebFreer\webfreer.exe
FirewallRules: [TCP Query User{C37B83F7-E633-418F-A1F4-C6C0E01AA41B}C:\users\farnaz\desktop\freegate\fg750p.exe] => (Allow) C:\users\farnaz\desktop\freegate\fg750p.exe
FirewallRules: [UDP Query User{B166B76C-CB93-4AC5-874A-1BC266B788B2}C:\users\farnaz\desktop\freegate\fg750p.exe] => (Allow) C:\users\farnaz\desktop\freegate\fg750p.exe
FirewallRules: [TCP Query User{500FE702-F181-4BC8-AF92-14F0620E0460}C:\users\farnaz\desktop\freegate\fg752p.exe] => (Block) C:\users\farnaz\desktop\freegate\fg752p.exe
FirewallRules: [UDP Query User{3D094366-5B76-4FB2-8420-6BECE03D8F0E}C:\users\farnaz\desktop\freegate\fg752p.exe] => (Block) C:\users\farnaz\desktop\freegate\fg752p.exe
FirewallRules: [TCP Query User{C8CA14B4-8745-4822-8E77-7D51C6ABC3F1}C:\users\farnaz\desktop\freegate\fg754p.exe] => (Allow) C:\users\farnaz\desktop\freegate\fg754p.exe
FirewallRules: [UDP Query User{0F8D1CF4-4585-45A2-8DEF-2D9DABCF1FA8}C:\users\farnaz\desktop\freegate\fg754p.exe] => (Allow) C:\users\farnaz\desktop\freegate\fg754p.exe
FirewallRules: [TCP Query User{CC2CE8D7-6F85-412D-9EAD-A64EEA6B5620}C:\users\farnaz\desktop\freegate\fg755p.exe] => (Allow) C:\users\farnaz\desktop\freegate\fg755p.exe
FirewallRules: [UDP Query User{B85D8ED8-A987-4ADB-BBB1-7F3A1750C811}C:\users\farnaz\desktop\freegate\fg755p.exe] => (Allow) C:\users\farnaz\desktop\freegate\fg755p.exe
FirewallRules: [TCP Query User{E4E610D6-37A7-416A-9474-B1A4799353F1}C:\users\farnaz\desktop\freegate\fg756p.exe] => (Block) C:\users\farnaz\desktop\freegate\fg756p.exe
FirewallRules: [UDP Query User{FE9FD1D8-B567-47AB-A5DC-D57987D0CF5F}C:\users\farnaz\desktop\freegate\fg756p.exe] => (Block) C:\users\farnaz\desktop\freegate\fg756p.exe
FirewallRules: [{579FDE0B-32ED-4C07-8FB5-569560A5E4AB}] => (Allow) C:\Program Files\WebFreer\webfreer.exe
FirewallRules: [{8B09922C-C0DA-4FE2-9809-44E763E15477}] => (Allow) C:\Program Files\WebFreer\webfreer.exe
FirewallRules: [{0F4170EC-1570-4F96-8D9E-659DDC3BE47D}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{953B9332-3F0E-4AEC-A42A-9AFA75ABAF17}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD9.EXE
FirewallRules: [{1155FA61-3989-4BA9-8DC5-155211397EEB}] => (Block) %SystemRoot%\System32\wscript.exe
FirewallRules: [{18A70BB9-F56A-41C4-B3A9-0CEAA9EA60A2}] => (Allow) C:\Users\farnaz\taskhost.exe
FirewallRules: [{AE345D5E-7BC2-46AD-A90B-76B509E2DE77}] => (Allow) C:\Users\farnaz\taskhost.exe
FirewallRules: [{CB8CB0F8-A93E-49FB-BA19-4A57D23B3FAB}] => (Allow) C:\Users\farnaz\taskhost.exe
FirewallRules: [{D0F8193A-EFAA-4157-908B-788B81D50B8F}] => (Allow) C:\Users\farnaz\taskhost.exe
FirewallRules: [{94DA2677-A7A5-4050-9073-89456DB30D6D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE49A7B6-96B9-4BA4-969A-3CD40A568627}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
StandardProfile\AuthorizedApplications: [C:\Windows\system32\winlogon.exe] => enabled:@shell32.dll,-1

==================== Restore Points =========================

31-12-2017 11:04:50 Tweaking.com - Windows Repair

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2017 08:03:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {462bb363-5f9a-4896-bedb-736869605e9a}

Error: (12/30/2017 07:50:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 840

Start Time: 01d38187607c9880

Termination Time: 15

Application Path: C:\Windows\Explorer.EXE

Report Id:

Error: (12/30/2017 05:44:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\flashtool\FlashTool64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/30/2017 05:43:52 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/30/2017 05:02:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/30/2017 04:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/30/2017 04:36:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/30/2017 02:53:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/30/2017 02:37:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/29/2017 07:09:11 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1714. The older version of Skype Click to Call cannot be removed. Contact your technical support group. System Error 1612.


System errors:
=============
Error: (12/31/2017 11:11:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (12/31/2017 11:11:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (12/31/2017 11:11:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (12/31/2017 11:11:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (12/31/2017 11:11:12 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/31/2017 11:11:12 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/31/2017 11:11:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (12/31/2017 11:11:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (12/31/2017 11:11:02 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/31/2017 11:08:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 3071.3 MB
Available physical RAM: 1654.81 MB
Total Virtual: 6140.89 MB
Available Virtual: 3997.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.06 GB) (Free:2.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:146.48 GB) (Free:22.11 GB) NTFS
Drive e: () (Fixed) (Total:146.48 GB) (Free:19.67 GB) NTFS
Drive f: () (Fixed) (Total:133.73 GB) (Free:4.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 01460146)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=426.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP