Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please check FRST scans


  • Please log in to reply

#1
debodun

debodun

    Member

  • Member
  • PipPipPip
  • 416 posts

Suddenly getting browser ads when there wasn't any before, slower performance and sometimes get rifgt click menu wne left clicking mouse.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by Owner (administrator) on OWNER-PC (Hewlett-Packard HP Compaq dc5700 Small Form Factor) (11-01-2020 15:07:04)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0976F330-BF25-4F6F-B0B1-665D9BF7BCC0} - System32\Tasks\{68760510-2907-489D-B7A2-C35A3446BE71} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]
Task: {0A0C5E8A-2FCE-4C99-B12F-00B4B70AFB83} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {3866323C-2748-4598-9252-1BABADF0622F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {41E2110D-1421-413B-8E62-70C64466298F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {5D084169-00AD-4D36-A448-C9A76FB459A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {6B4D3DDA-9B0C-4B4E-A917-B9A141F6ED35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3129184 2012-09-24] (Piriform Ltd -> Piriform Ltd)
Task: {A149C588-D529-48EB-BAE0-95CA7AC5FE1C} - System32\Tasks\{304152A7-70D0-4E91-9F4E-DBD1652C7AAC} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E05E619F-5932-445D-9D21-1FC2630E6BEE}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF DefaultProfile: 8wi3sbs5.default-1412761564967
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 [2020-01-11]
FF Homepage: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.google.com/?gws_rd=ssl
FF Notifications: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.sevenforums.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] (Apple Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-11 15:07 - 2020-01-11 15:08 - 000009034 _____ C:\Users\Owner\Desktop\FRST.txt
2020-01-11 15:04 - 2020-01-11 15:05 - 002573312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2020-01-07 11:01 - 2020-01-07 11:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-05 17:39 - 2020-01-05 17:39 - 000048483 _____ C:\Users\Owner\Documents\data.pdf
2020-01-02 13:27 - 2020-01-10 17:17 - 000012895 _____ C:\Users\Owner\Documents\Celebrity Deaths 2020.odt
2020-01-01 14:05 - 2020-01-03 14:49 - 000014009 _____ C:\Users\Owner\Documents\Expenses 2019.ods
2019-12-31 17:23 - 2019-12-31 17:23 - 000000394 __RSH C:\ProgramData\ntuser.pol
2019-12-30 14:25 - 2019-12-31 13:35 - 000014251 _____ C:\Users\Owner\Documents\Jesus Genealogy.odt
2019-12-30 14:25 - 2019-12-30 14:25 - 000032194 _____ C:\Users\Owner\Documents\Jesus Genealogy.pdf
2019-12-29 19:50 - 2019-12-29 19:50 - 000003728 ____N C:\bootsqm.dat
2019-12-28 10:33 - 2019-12-28 10:33 - 000009769 _____ C:\Users\Owner\Documents\2 lines.odt
2019-12-28 10:21 - 2020-01-07 11:27 - 000025396 _____ C:\Users\Owner\Documents\data.odt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-11 15:08 - 2015-05-23 11:52 - 000000000 ____D C:\FRST
2020-01-11 11:01 - 2016-11-16 12:13 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2020-01-11 10:25 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-11 10:25 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-11 10:21 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-11 10:21 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2020-01-11 10:17 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-10 17:24 - 2012-07-22 08:28 - 000000000 ____D C:\ProgramData\TEMP
2020-01-10 17:24 - 2012-07-22 08:28 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2020-01-10 15:01 - 2012-01-12 11:24 - 000000000 ___RD C:\Users\Owner\Desktop\misc house contents
2020-01-10 14:27 - 2012-01-12 11:21 - 000000000 ____D C:\Users\Owner\Desktop\House Pics
2020-01-10 10:30 - 2016-05-26 07:08 - 000024971 _____ C:\Users\Owner\Documents\SCF emails.odt
2020-01-10 10:28 - 2019-09-12 12:54 - 000022761 _____ C:\Users\Owner\Documents\SCF emails alphabetically by first name .odt
2020-01-10 10:27 - 2017-06-29 10:22 - 000013006 _____ C:\Users\Owner\Documents\riddles.odt
2020-01-09 10:56 - 2012-01-12 11:21 - 000000000 ____D C:\Users\Owner\Desktop\silver, jewelry, coins
2020-01-08 15:53 - 2014-11-07 07:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-01-07 12:34 - 2012-01-12 11:23 - 000000000 ____D C:\Users\Owner\Desktop\Things For Sale
2020-01-06 13:19 - 2014-01-13 18:27 - 000018656 _____ C:\Users\Owner\Documents\Home Delivered Meals.ods
2020-01-04 11:10 - 2019-10-05 10:25 - 000010304 _____ C:\Users\Owner\Documents\Weight 2020.ods
2020-01-04 10:44 - 2019-11-05 11:06 - 000014871 _____ C:\Users\Owner\Documents\Net Worth 2020.ods
2020-01-04 10:32 - 2018-12-03 12:37 - 000017840 _____ C:\Users\Owner\Documents\Net Worth 2019.ods
2020-01-02 13:25 - 2019-01-01 11:13 - 000019364 _____ C:\Users\Owner\Documents\Celebrity Deaths 2019.odt
2019-12-31 17:23 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-12-31 17:23 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-12-31 17:22 - 2016-05-18 15:52 - 000001079 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2019-12-31 17:22 - 2016-05-18 15:52 - 000001079 _____ C:\ProgramData\Desktop\SpywareBlaster.lnk
2019-12-31 17:22 - 2012-07-22 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2019-12-29 20:27 - 2017-09-11 14:35 - 000000467 _____ C:\VEW.txt
2019-12-19 10:25 - 2015-11-01 15:14 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-23 16:19
==================== End of FRST.txt ========================


  • 0

Advertisements


#2
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 416 posts

Addition txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by Owner (11-01-2020 15:11:12)
Running from C:\Users\Owner\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-12-17 19:41:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3384263181-369055421-3260215636-500 - Administrator - Disabled)
Guest (S-1-5-21-3384263181-369055421-3260215636-501 - Limited - Disabled)
Owner (S-1-5-21-3384263181-369055421-3260215636-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.303 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardRd81 (HKLM-x32\...\{54C8FE84-89C4-40E8-976C-439EB0729BD6}) (Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 5.00.0000.0011 - EASTMAN KODAK Company) Hidden
CR2 (HKLM-x32\...\{432C3720-37BF-4BD7-8E49-F38E090246D0}) (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
EKS Dinner With Moriarty (HKLM-x32\...\EKS Dinner With Moriarty) (Version:  - )
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version:  - )
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}) (Version: 5.00.0000.0037 - EASTMAN KODAK Company) Hidden
ESSCT (HKLM-x32\...\{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 5.00.0000.0013 - EASTMAN KODAK Company) Hidden
ESShelp (HKLM-x32\...\{87843A41-7808-4F2E-B13F-25C1E67CF2FD}) (Version: 5.00.0000.0005 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 5.00.0000.0010 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 5.00.0000.0020 - EASTMAN KODAK Company) Hidden
ESSSONIC (HKLM-x32\...\{4F677FC7-7AA8-412B-A957-F13CBE1C7331}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSTUTOR (HKLM-x32\...\{CA60320D-6A16-49C8-A34F-84EEF4799567}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSvpaht (HKLM-x32\...\{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSvpot (HKLM-x32\...\{48C82F7A-F100-4DAB-A310-8E18BF2159E1}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
Free MIDI to MP3 Converter 1.0 (HKLM-x32\...\{181E1175-1FF8-4EA5-BC08-A7CA39B85502}_is1) (Version:  - PolySoft Solutions)
HLPIndex (HKLM-x32\...\{38441BE7-79B0-42B8-8297-833704F949FE}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
HLPPDOCK (HKLM-x32\...\{154508C0-07C5-4659-A7A0-E49968750D21}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (HKLM-x32\...\{AADAC983-FDE9-42FA-8FD9-7BB324155593}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (HKLM-x32\...\{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}) (Version: 632.62.0002.0001 - EASTMAN KODAK Company) Hidden
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 72.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.1 (x64 en-US)) (Version: 72.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notifier (HKLM-x32\...\{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OTtBP (HKLM-x32\...\{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
OTtBPSDK (HKLM-x32\...\{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}) (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
SKIN0001 (HKLM-x32\...\{FDF9943A-3D5C-46B3-9679-586BD237DDEE}) (Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
Skype™ 5.5 (HKLM-x32\...\{F1CECE09-7CBE-4E98-B435-DA87CDA86167}) (Version: 5.5.124 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.14 - Piriform)
SpywareBlaster 5.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.6.0 - BrightFort LLC)
StuffIt Expander 2011 15.0.8 (HKLM-x32\...\{4D4ABFF9-4E06-44A0-86B1-DEEB7C5CA382}_is1) (Version: 15.0.8 - Smith Micro Software, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation -> Malwarebytes Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2013-04-04] (Malwarebytes Corporation -> Malwarebytes Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3384263181-369055421-3260215636-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-05 10:08 - 000000098 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0E227B60-E7FB-4017-9EC7-A62A5EFA8967}] => (Allow) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe () [File not signed]
FirewallRules: [{C86A2602-2440-441D-972C-BEC7E06FC3E4}] => (Allow) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe () [File not signed]
FirewallRules: [{217F7D9C-49CD-4ED9-9050-3C2E4E9D8CC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3994F65F-7D58-4F72-86D1-2E5CD9A2AD1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D2F24F04-D188-44AF-8CAB-1440B2782E38}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{1A10243C-DC57-4AFE-AD3D-54A683104F27}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D920EAFE-1F31-4BB5-BC15-E747556F30C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D0FFCD08-CDC4-41E1-B87C-BCCEA99F34B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

26-01-2018 14:34:58 Windows Update
13-02-2018 13:49:09 Windows Update
05-03-2018 13:08:47 Windows Update
13-03-2018 12:20:54 Windows Update
30-03-2018 13:10:28 Windows Update
10-04-2018 12:22:19 Windows Update
19-04-2018 12:29:46 Windows Update
05-05-2018 15:40:18 Windows Update
08-05-2018 12:51:18 Windows Update
12-06-2018 12:28:59 Windows Update
06-07-2018 13:15:59 Windows Update
10-07-2018 12:30:24 Windows Update
14-08-2018 12:35:43 Windows Update
07-09-2018 13:46:51 Scheduled Checkpoint
11-09-2018 12:31:49 Windows Update
26-09-2018 14:33:47 Scheduled Checkpoint
26-11-2018 16:48:35 Windows Update
13-05-2019 15:49:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
13-05-2019 15:50:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
23-11-2019 16:27:35 Scheduled Checkpoint
08-12-2019 19:06:22 Windows Update
29-12-2019 20:07:23 Windows Update

==================== Faulty Device Manager Devices ============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

BIOS: Hewlett-Packard 786E2 v02.04 04/13/2007
Motherboard: Hewlett-Packard 0A60h
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 93%
Total physical RAM: 3063.31 MB
Available physical RAM: 194.9 MB
Total Virtual: 6124.77 MB
Available Virtual: 2819.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.56 GB) (Free:725.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.75 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CF2E5F36)
Partition 1: (Active) - (Size=929.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#3
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 416 posts

There are some disturbing entries in the Addition txt, especially items listed under Internet Explorer restricted sites since I don't use that very much (Britney Spears nude?????).


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP