Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Cannot access Safe Mode, System Restore and (most) anti-malware progra

Started by playwiffme , Mar 28 2017 11:00 AM

Please log in to reply

#16
playwiffme

Posted 28 March 2017 - 02:58 PM

Member

Topic Starter
Member
61 posts

Running another FRST now...

#17
playwiffme

Posted 28 March 2017 - 03:28 PM

Member

Topic Starter
Member
61 posts

FRST - NotePad -

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Thomas (administrator) on THOMAS-PC (28-03-2017 16:50:28)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Loaded Profiles: Thomas (Available Profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Acer Inc.) C:\Program Files (x86)\Acer\clear.fi Client\ExtractDeviceIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files\Frontier Texting\java_vm\bin\zipwhipw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrobat_sl.exe
(Farbar) C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Run: [Frontier Texting] => C:\Program Files\Frontier Texting\Frontier Texting.lnk [1832 2016-11-08] ()
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
BootExecute: autocheck autochk * bootdeletebootdeletebootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{95C5EA71-8623-416C-AAEC-D3AA4AF7581A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9612667B-16FF-47A2-8AC8-4084E6EAD0FB}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll No File

FireFox:
========
FF DefaultProfile: ixg7h6xy.default-1476596056535
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\vf9r2hzq.default [not found]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 [2017-03-28]
FF Homepage: Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 -> www.msn.com/
FF Extension: (AdBlocker for YouTube™) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\Extensions\[email protected] [2016-12-05]
FF Extension: (Site Deployment Checker) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\features\{ec85e9e5-61a9-4f62-884b-d3976b9e3ed7}\[email protected] [2017-03-24]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\embvo3sn.Default User [2017-03-28]
FF Homepage: Mozilla\Firefox\Profiles\embvo3sn.Default User -> hxxp://www.msn.com/
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-11-06]
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-06-30] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2364491048-255812346-798213191-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Thomas\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default [2017-03-28]
CHR Extension: (Google Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Flash Video Downloader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-26]
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MagMouse) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\biofinbccickkakhihdmkafjniganmee [2016-10-03]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Google Hangouts) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Video DownloadHelper) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-21]
CHR Extension: (Aimersoft Video Converter Ultimate) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb [2015-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]
CHR HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-09-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-01-20] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-04-06] (Pervasive Software Inc.)
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [321064 2016-10-19] (SplitCam Co.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.) [File not signed]
S2 Dataup; C:\Users\Thomas\AppData\Local\NTUSER~1\dataup\dataup.exe [X] <==== ATTENTION
S2 windowsmanagementservice; "C:\Users\Thomas\AppData\Local\microlabs\ct.exe" /svc [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
S3 ESGIGUARD; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2016-11-29] ()
S3 ESGSCANNER; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2016-08-02] (Windows ® Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37600 2016-08-02] (Windows ® Win 7 DDK provider)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-26] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-28 16:44 - 2017-03-28 16:44 - 00000782 _____ C:\Users\Thomas\Documents\03-28-17-3.txt
2017-03-28 16:30 - 2017-03-28 16:30 - 00003075 _____ C:\Users\Thomas\Downloads\fixlist.txt
2017-03-28 15:32 - 2017-03-28 15:32 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill64.exe
2017-03-28 14:56 - 2017-03-28 14:56 - 00000348 _____ C:\Users\Thomas\Documents\03-28-17-2.txt
2017-03-28 13:18 - 2017-03-28 13:18 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64(1).exe
2017-03-28 11:57 - 2017-03-28 11:57 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Thomas\Downloads\procexp(1).exe
2017-03-28 11:03 - 2017-03-28 11:03 - 00000900 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-03-28 11:03 - 2017-03-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-03-28 11:02 - 2017-03-28 11:03 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-03-28 10:59 - 2017-03-28 11:01 - 243565384 _____ (Emsisoft Ltd. ) C:\Users\Thomas\Downloads\EmsisoftAntiMalwareSetup.exe
2017-03-28 09:03 - 2017-03-28 09:03 - 49405136 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\Windows-KB890830-x64-V5.46.exe
2017-03-28 08:47 - 2017-03-28 10:53 - 00000228 _____ C:\Users\Thomas\Documents\03-28-17-1.txt
2017-03-28 03:34 - 2017-03-28 03:34 - 00000000 ____D C:\VIPRERESCUE
2017-03-28 03:30 - 2017-03-28 03:33 - 315179008 _____ C:\Users\Thomas\Downloads\VIPRERescue.exe
2017-03-28 03:07 - 2017-03-28 03:07 - 00023197 _____ C:\Users\Thomas\Documents\03-28-17.txt
2017-03-28 03:03 - 2017-03-28 03:03 - 00023197 _____ C:\Windows\system32\0
2017-03-28 02:54 - 2017-03-28 02:55 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001.zip
2017-03-27 17:22 - 2017-03-27 17:22 - 00001324 _____ C:\AdwCleaner[R3].txt
2017-03-27 16:36 - 2017-03-27 16:36 - 00000700 _____ C:\Users\Thomas\Documents\03-27-17.txt
2017-03-27 10:55 - 2017-03-27 10:56 - 00059427 _____ C:\Users\Thomas\Downloads\Addition.txt
2017-03-27 10:53 - 2017-03-27 10:56 - 00079814 _____ C:\Users\Thomas\Downloads\FRST.txt
2017-03-27 10:52 - 2017-03-28 16:50 - 00000000 ____D C:\FRST
2017-03-27 10:52 - 2017-03-27 10:52 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.scr
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(4).exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).com
2017-03-27 09:12 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Desktop\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 09:11 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 07:58 - 2017-03-27 07:58 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner (5).exe
2017-03-27 02:58 - 2017-03-27 02:58 - 00002407 _____ C:\Users\Thomas\Desktop\RKreport[5]_D_03272017_02d0258.txt
2017-03-27 02:58 - 2017-03-27 02:58 - 00002364 _____ C:\Users\Thomas\Desktop\RKreport[4]_S_03272017_02d0258.txt
2017-03-27 02:56 - 2017-03-27 02:56 - 00002710 _____ C:\Users\Thomas\Desktop\RKreport[3]_D_03272017_02d0256.txt
2017-03-27 02:55 - 2017-03-27 02:55 - 00002718 _____ C:\Users\Thomas\Desktop\RKreport[2]_S_03272017_02d0255.txt
2017-03-27 02:54 - 2017-03-27 02:54 - 00002681 _____ C:\Users\Thomas\Desktop\RKreport[1]_S_03272017_02d0254.txt
2017-03-27 01:52 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Desktop\tdsskiller(1).exe
2017-03-27 01:52 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe
2017-03-27 01:51 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Desktop\mbar-1.09.3.1001.exe
2017-03-27 01:49 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001.exe
2017-03-27 00:19 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Downloads\tdsskiller(1).exe
2017-03-26 22:54 - 2017-03-26 22:54 - 00001387 _____ C:\AdwCleaner[R2].txt
2017-03-26 22:51 - 2017-03-27 14:46 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2017-03-26 21:02 - 2017-03-28 02:08 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-26 21:01 - 2017-03-26 22:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000862 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-26 21:00 - 2017-03-26 21:01 - 35109888 _____ (Adlice Software ) C:\Users\Thomas\Downloads\setup.exe
2017-03-26 20:59 - 2017-03-28 02:06 - 00000000 ____D C:\Users\Thomas\Desktop\RK_Quarantine
2017-03-26 19:30 - 2017-03-28 16:59 - 00099421 _____ C:\Windows\ZAM.krnl.trace
2017-03-26 19:30 - 2017-03-28 16:58 - 00020109 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Users\Thomas\AppData\Local\Zemana
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-26 19:28 - 2017-03-26 19:29 - 05740956 _____ (Zemana Ltd. ) C:\Users\Thomas\Downloads\eXplorer(1).exe
2017-03-26 19:19 - 2017-03-26 19:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\RKill_2.8.2.0.com
2017-03-26 19:18 - 2017-03-26 19:18 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).exe
2017-03-26 19:09 - 2017-03-26 19:09 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).exe
2017-03-26 18:43 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\iExplore.exe
2017-03-26 18:42 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\iExplore.exe
2017-03-26 18:32 - 2017-03-26 18:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\eXplorer.exe
2017-03-26 18:29 - 2017-03-26 18:30 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).com
2017-03-26 18:26 - 2017-03-26 18:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(1).exe
2017-03-26 18:24 - 2017-03-26 18:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\Tom-fix.exe
2017-03-26 18:22 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.exe
2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 12:13 - 2017-03-26 12:13 - 00076576 ____N C:\Windows\system32\Drivers\ndistpr64.sys
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex
2017-03-25 18:23 - 2017-03-25 18:24 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner(3).exe
2017-03-25 18:21 - 2017-03-25 18:21 - 00001234 _____ C:\AdwCleaner[R1].txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-28 16:52 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-28 16:52 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-28 16:45 - 2015-04-02 17:24 - 00000000 ____D C:\Program Files\Frontier Texting
2017-03-28 16:43 - 2016-11-18 10:18 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2017-03-28 16:42 - 2012-06-29 22:08 - 00000000 ____D C:\Users\Thomas
2017-03-28 16:41 - 2014-03-28 05:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job
2017-03-28 16:41 - 2011-11-10 19:10 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-28 16:40 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-34398-01.dmp
2017-03-28 16:40 - 2012-09-23 23:22 - 00000000 ____D C:\Windows\Minidump
2017-03-28 16:40 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-28 16:05 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032817-31715-01.dmp
2017-03-28 16:05 - 2013-01-07 03:15 - 00023112 _____ C:\Windows\system32\Drivers\hitmanpro35.sys
2017-03-28 16:04 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-42713-01.dmp
2017-03-28 16:00 - 2016-06-28 09:20 - 00000236 _____ C:\Windows\system32\.crusader
2017-03-28 15:32 - 2016-10-15 22:56 - 00000002 _____ C:\Users\Thomas\Desktop\Rkill.txt
2017-03-28 14:42 - 2012-06-30 12:25 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-28 14:41 - 2015-04-26 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 13:39 - 2015-03-26 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-28 13:32 - 2012-06-29 22:57 - 00000000 ____D C:\Users\Thomas\Documents\Software Programs
2017-03-28 09:14 - 2012-06-30 02:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-27 19:56 - 2016-10-19 19:59 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Adblock Plus for IE
2017-03-27 17:23 - 2014-01-19 00:37 - 00000000 ____D C:\AdwCleaner
2017-03-27 16:47 - 2009-07-14 01:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-27 13:29 - 2016-10-27 10:06 - 00003242 _____ C:\Windows\System32\Tasks\Hitman Pro 3.5 Boot Task
2017-03-27 13:29 - 2016-10-27 10:06 - 00001978 _____ C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
2017-03-27 08:00 - 2012-07-01 14:03 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2017-03-26 17:37 - 2012-08-05 21:25 - 00000000 ____D C:\ProgramData\ThumbsPlus
2017-03-26 15:20 - 2012-08-05 19:09 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\ThumbsPlus
2017-03-26 09:27 - 2013-03-24 02:41 - 00000000 ____D C:\Program Files (x86)\Replay Video Capture 6
2017-03-26 06:34 - 2012-07-06 20:26 - 00000000 ____D C:\Users\Thomas\Documents\My Streaming Media
2017-03-26 02:16 - 2014-04-30 01:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-25 20:01 - 2012-07-01 20:50 - 00000000 ____D C:\Users\Thomas\Documents\ConvertXToDVD
2017-03-25 18:48 - 2009-07-14 01:13 - 00852428 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-25 18:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-25 18:32 - 2016-01-15 15:26 - 00000000 ___RD C:\Users\Thomas\Google Drive
2017-03-25 14:27 - 2011-07-20 09:02 - 00000000 ___HD C:\OEM
2017-03-25 08:12 - 2012-07-04 00:19 - 00000000 ____D C:\Users\Thomas\Documents\My Stuff
2017-03-21 19:24 - 2016-05-17 23:35 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-21 19:24 - 2016-05-17 23:35 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-21 19:24 - 2014-09-02 07:08 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2017-03-21 19:24 - 2011-07-20 08:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-21 12:07 - 2014-08-25 18:55 - 00005052 _____ C:\Windows\DUNZLOG.TXT
2017-03-20 23:48 - 2011-05-10 17:15 - 00000000 ____D C:\Users\Thomas\Documents\Adult
2017-03-19 04:57 - 2012-07-16 11:42 - 00000000 ____D C:\Users\Thomas\AppData\Local\ElevatedDiagnostics
2017-03-17 12:49 - 2013-01-01 03:06 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Smilebox
2017-03-16 06:16 - 2016-05-21 22:05 - 00001057 _____ C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2017-03-16 06:16 - 2016-05-21 22:05 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Vso
2017-03-11 15:17 - 2012-07-04 22:20 - 00000000 ____D C:\Users\Thomas\Documents\My Scans
2017-03-09 21:40 - 2012-09-03 12:07 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 21:40 - 2012-09-03 12:07 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-02 08:19 - 2014-12-27 00:32 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-02 08:19 - 2014-12-27 00:31 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-02-26 20:38 - 2015-11-10 17:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-26 20:29 - 2016-03-19 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Collage Creator
2017-02-26 20:29 - 2012-09-29 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
2017-02-26 20:27 - 2017-02-18 20:05 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SplitCam
2017-02-26 20:27 - 2016-11-29 11:15 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-02-26 20:27 - 2016-10-27 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
2017-02-26 20:27 - 2016-10-18 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2017-02-26 20:27 - 2016-10-16 21:54 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate File Recovery for Windows
2017-02-26 20:27 - 2016-10-16 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILE RECOVERY for Windows
2017-02-26 20:27 - 2016-10-15 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCare Data Recovery Pro
2017-02-26 20:27 - 2016-09-30 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-26 20:27 - 2016-08-02 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnConvert
2017-02-26 20:27 - 2016-05-22 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
2017-02-26 20:27 - 2016-05-20 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016
2017-02-26 20:27 - 2016-05-20 04:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Identifier
2017-02-26 20:27 - 2016-05-07 18:36 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-26 20:27 - 2016-05-07 17:42 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-02-26 20:27 - 2016-04-25 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2017-02-26 20:27 - 2016-03-30 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-26 20:27 - 2016-03-19 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2017-02-26 20:27 - 2016-03-19 14:52 - 00000000 ____D C:\Program Files (x86)\Photo Collage Creator
2017-02-26 20:27 - 2016-03-02 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2017-02-26 20:27 - 2016-01-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-02-26 20:27 - 2015-10-08 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint
2017-02-26 20:27 - 2015-10-07 10:54 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
2017-02-26 20:27 - 2015-09-06 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2017-02-26 20:27 - 2015-08-29 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Animated GIF producer 5.0 TRIAL
2017-02-26 20:27 - 2015-08-29 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Easy Professional 10
2017-02-26 20:27 - 2015-04-02 17:25 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\.zipwhip
2017-02-26 20:27 - 2015-03-16 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
2017-02-26 20:27 - 2015-02-19 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2017-02-26 20:27 - 2015-02-16 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
2017-02-26 20:27 - 2015-02-02 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barcode Generator
2017-02-26 20:27 - 2015-02-02 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PY Software
2017-02-26 20:27 - 2014-08-09 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-26 20:27 - 2014-04-30 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-26 20:27 - 2014-04-01 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit
2017-02-26 20:27 - 2014-02-05 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2017-02-26 20:27 - 2014-02-05 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2017-02-26 20:27 - 2014-02-05 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon View 6
2017-02-26 20:27 - 2013-12-23 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-26 20:27 - 2013-05-10 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-02-26 20:27 - 2013-03-27 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2017-02-26 20:27 - 2013-03-27 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
2017-02-26 20:27 - 2013-03-24 02:41 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2017-02-26 20:27 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-26 20:27 - 2013-01-29 10:49 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2017-02-26 20:27 - 2012-10-11 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2017-02-26 20:27 - 2012-10-04 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-26 20:27 - 2012-08-05 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThumbsPlus
2017-02-26 20:27 - 2012-08-05 20:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-26 20:27 - 2012-08-05 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-26 20:27 - 2012-07-27 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Machete Lite
2017-02-26 20:27 - 2012-07-15 13:46 - 00000000 ____D C:\ProgramData\Protexis64
2017-02-26 20:27 - 2012-07-08 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2017-02-26 20:27 - 2012-07-06 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2017-02-26 20:27 - 2012-07-02 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UPS
2017-02-26 20:27 - 2012-06-30 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peachtree Pro Accounting 2010
2017-02-26 20:27 - 2012-06-30 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-02-26 20:27 - 2012-06-29 23:14 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamTorrent 1.0
2017-02-26 20:27 - 2012-06-29 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-02-26 20:27 - 2012-06-29 22:08 - 00000000 ____D C:\Users\Thomas\AppData\Local\PowerCinema
2017-02-26 20:27 - 2011-11-10 19:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
2017-02-26 20:27 - 2011-11-10 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
2017-02-26 20:27 - 2011-11-10 19:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-02-26 20:27 - 2011-11-10 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2017-02-26 20:27 - 2011-07-20 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2017-02-26 20:27 - 2011-07-20 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2017-02-26 20:27 - 2011-07-20 08:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-02-26 20:27 - 2011-07-20 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-02-26 20:27 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-26 20:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-02-26 20:23 - 2012-09-03 12:06 - 00000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2014-11-13 08:30 - 2014-11-13 08:30 - 6000640 _____ () C:\Program Files (x86)\GUT5B97.tmp
2017-02-26 19:16 - 2017-02-26 19:24 - 7680000 _____ () C:\Program Files (x86)\GUT849B.tmp
2017-03-11 12:25 - 2017-03-11 12:25 - 0163840 _____ (Explorer) C:\Users\Thomas\AppData\Roaming\35-1 q.exe
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Amp
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Reduction
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\BookService
2016-05-20 15:33 - 2016-05-21 20:48 - 0099384 _____ () C:\Users\Thomas\AppData\Roaming\inst.exe
2013-03-02 18:55 - 2013-03-02 18:55 - 0000082 _____ () C:\Users\Thomas\AppData\Roaming\mbam.context.scan
2016-05-18 18:14 - 2016-05-21 20:48 - 0007859 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.cat
2016-05-18 18:14 - 2016-05-21 20:48 - 0001167 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.inf
2016-05-18 18:14 - 2016-05-21 20:48 - 0000055 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.log
2016-05-18 18:14 - 2016-05-21 20:48 - 0082816 _____ (VSO Software) C:\Users\Thomas\AppData\Roaming\pcouffin.sys
2014-09-03 17:00 - 2014-09-03 17:00 - 35123384 _____ (VSO Software ) C:\Users\Thomas\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2016-05-21 22:05 - 2017-03-16 06:16 - 0001057 _____ () C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2015-05-20 18:10 - 2017-01-09 23:07 - 0014848 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-14 23:07 - 2016-10-14 23:09 - 0000003 _____ () C:\Users\Thomas\AppData\Local\run1.txt
2013-01-12 18:20 - 2013-01-12 18:20 - 2250054 _____ () C:\ProgramData\1.bmp
2013-01-12 18:19 - 2013-01-12 18:19 - 0444366 _____ () C:\ProgramData\1.jpg
2011-11-10 19:29 - 2011-11-10 19:31 - 0014756 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Breath Pad
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Brother
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Bubble Noise
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Classical
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Clips
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\ColorSync
2012-06-30 18:14 - 2013-10-16 14:30 - 0002719 _____ () C:\ProgramData\hpzinstall.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-05 21:35 - 2014-02-05 21:37 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-05 21:35 - 2014-02-05 21:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 05:14

==================== End of FRST.txt ============================

#18
playwiffme

Posted 28 March 2017 - 03:30 PM

Member

Topic Starter
Member
61 posts

Addition - NotePad -

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Thomas (28-03-2017 17:01:34)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-30 02:08:02)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2364491048-255812346-798213191-500 - Administrator - Disabled)
Guest (S-1-5-21-2364491048-255812346-798213191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2364491048-255812346-798213191-1006 - Limited - Enabled)
Thomas (S-1-5-21-2364491048-255812346-798213191-1001 - Administrator - Enabled) => C:\Users\Thomas
UpdatusUser (S-1-5-21-2364491048-255812346-798213191-1000 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0708.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Active WebCam (HKLM-x32\...\Active WebCam) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
Aimersoft Helper Compact 2.5.0 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.0 - Aimersoft)
Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software)
AlignmentUtility (x32 Version: 19.00.0000 - UPS) Hidden
Animated GIF producer 5.0 TRIAL (HKLM-x32\...\Animated GIF producer 5.0 TRIAL_is1) (Version: - AVLAN Design)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Barcode Generator version 02.10.10 (HKLM-x32\...\{4E846FBC-F6B3-4767-A0DF-C38D8CD0E13D}_is1) (Version: 02.10.10 - Aurora3D Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
C5500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCC (x32 Version: 19.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.1720.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7713 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.01.3500 - Acer Incorporated)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Identifier (HKLM-x32\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.2 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.201 - Seagate)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FormsComponent (x32 Version: 19.00.0000 - UPS) Hidden
FOSS (x32 Version: 19.00.0000 - UPS) Hidden
Frontier Texting (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Frontier Texting) (Version: 2.5.0b3 - Zipwhip Inc.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hitman Pro 3.5 (HKLM\...\HitmanPro35) (Version: 3.5.9.125 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
iCare Data Recovery Pro (HKLM-x32\...\{F7EAB243-4D0C-47F5-A4F1-74D350E45489}_is1) (Version: 7.6 - iCare Recovery)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 19.00.0000 - UPS)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Inpaint 5.0 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.117 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.5.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.0 - )
Machete Lite 3.8 (HKLM-x32\...\{CBA55866-5332-4E19-867F-30F7E22E9F1E}) (Version: 3.8.33 - MacheteSoft)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.0.5 (HKLM-x32\...\ManyCam) (Version: 5.0.5 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MKVToolNix 8.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
MSIChecker (x32 Version: 19.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NA1Messenger (x32 Version: 19.00.0000 - Your Company Name) Hidden
Nero 2016 (HKLM-x32\...\{4297E807-5633-466A-8AC0-5AC48D310471}) (Version: 17.0.02000 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
NetObjects Fusion 10.0 (HKLM-x32\...\{ECC8CC4E-2291-438F-9601-C8A6BFBA0880}) (Version: 10.0 - )
NetObjects Fusion 11.0 (HKLM-x32\...\{1BD687EB-C093-4BA5-B336-AEF08C314921}) (Version: 11.0 - )
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Nikon View 6 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NRF (x32 Version: 19.00.0000 - UPS) Hidden
NVIDIA Graphics Driver 267.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6733 - NVIDIA Corporation)
Peachtree Accounting 2010 (x32 Version: 17.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2010 (HKLM-x32\...\InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}) (Version: 17.00.00 - Sage Software, Inc.)
Peachtree Pro Accounting 2010 (HKLM-x32\...\Peachtree Pro Accounting) (Version: - )
PeachTree Signature Ready Forms (x32 Version: 6.7.4 - Sage Software SB, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pervasive PSQL v10.10 Workgroup (32-bit) (x32 Version: 10.12.025 - Pervasive Software) Hidden
Photo Collage Creator 3.61 (HKLM-x32\...\Photo Collage Creator_is1) (Version: - AMS Software)
PhotoScissors 3.0 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version: - teorex)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PolicyManager (x32 Version: 19.00.0000 - UPS) Hidden
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
PS_AIO_04_C5500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 19.00.0000 - UPS) Hidden
Replay Media Catcher 4 (4.3.0) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.0 - Applian Technologies)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
RogueKiller version 12.10.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.1.0 - Adlice Software)
Sage Message Center (x32 Version: 2.00.0000 - Sage Software Inc.) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.18656 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Smilebox (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SplitCam (HKLM-x32\...\SplitCam) (Version: 7.5.3.2 - SplitCam Co)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1006 - SUPERAntiSpyware.com)
SupportUtility (x32 Version: 19.00.0000 - UPS) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System (x32 Version: 19.00.0000 - UPS) Hidden
ThumbsPlus (HKLM-x32\...\ThumbsPlus) (Version: - Cerious Software Inc.)
ThumbsPlus (x32 Version: 8.1.0.3537 - Cerious Software Inc.) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.5.1 - Tweaking.com)
UnifiedPrinting (x32 Version: 19.00.0000 - UPS) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 19.0 - UPS)
UPSDB (x32 Version: 19.00.0000 - UPS) Hidden
UPSICC (x32 Version: 19.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 19.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVC2013MM (x32 Version: 19.00.0000 - Your Company Name) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Web Easy Professional (HKLM-x32\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.1 - Avanquest)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 19.00.0000 - UPS)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3502 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinX Free FLV to AVI Converter 4.1.10 (HKLM-x32\...\WinX Free FLV to AVI Converter_is1) (Version: - Digiarty Software,Inc.)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Wondershare Photo Collage Studio 4.2.12.13 (HKLM-x32\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.12.13 - Wondershare Software Co.,Ltd.)
Wondershare Video Editor(Build 4.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
WorldShip (x32 Version: 19.00.0000 - UPS) Hidden
WSShared (x32 Version: 19.00.0000 - UPS) Hidden
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2364491048-255812346-798213191-1001_Classes\CLSID\{8AE44FFE-BF0D-085D-33DC-93B2E248BF89}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16DAEEF1-75E7-4967-A0AB-639073B50045} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff9880ae2cc6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {23177269-9013-451C-8386-C179F89D9EF2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {4C49873D-9FA8-44D9-9FD3-69F404A3DB13} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4E052D3B-423D-4CE5-9A57-2C9CA78EF7FD} - System32\Tasks\{1390CD58-C961-4F8A-9697-BC0F2EA7DE28} => pcalua.exe -a "C:\Users\Thomas\Documents\Software Programs\NetObjects-10\NetObjectsFusion.exe" -d "C:\Users\Thomas\Documents\Software Programs\NetObjects-10"
Task: {67EFCEAA-3903-4A4D-B5AD-7373C6C4BDF8} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {685739C3-A826-4DFD-9404-807244F788BB} - System32\Tasks\Hitman Pro 3.5 Boot Task => C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe [2011-12-14] (SurfRight B.V.)
Task: {6F64FB0E-FDD2-47D6-8BC4-ED656B932489} - System32\Tasks\{2666C777-E13A-4E21-A384-401634CFE18B} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Uninst.isu" -c"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\uninst.dll"
Task: {723BB62B-9A9A-4863-A61B-663D2EE58991} - System32\Tasks\{7EC91944-1AE2-4040-A2D5-A5C2808F1330} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {74670948-AC2F-402F-994D-9F6CBC2AA903} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {8B0DEE79-BA34-4030-8278-D24541977994} - System32\Tasks\{2344072B-ABA6-4FD7-883D-7937D39C1457} => pcalua.exe -a C:\UPS\WSTD\FOSS\Drivers\Eltron\Setup.exe -d C:\UPS\WSTD\FOSS\Drivers\Eltron
Task: {A9846488-A41D-4418-B486-6D294D30EC95} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a74d539a8c8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C2BB3B62-DF0B-48AB-A762-92DD0030BE9B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C41F54D2-3C66-4BDB-A255-34304978D1AB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-18] (Adobe Systems Incorporated)
Task: {D4CAA19A-0D42-46EB-8D2F-EAE5E9F02170} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {D529A07A-6B47-4D71-A819-348965BCAF8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DDDA45C2-04B6-42BC-A39A-CA370EDDF848} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {F362E5F4-6301-4F1F-8282-95E4892457E2} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-20 15:13 - 2011-05-20 15:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Thomas\Downloads\Kristin.mp3:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Classes\.exe: exefile => <===== ATTENTION
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Classes\.scr: scrfile => <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\paypal.com -> hxxps://www.paypal.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-23 20:50 - 2017-03-26 20:56 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: KSS => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkvMon.exe.lnk => C:\Windows\pss\NkvMon.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\Windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\Windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Thomas\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSUpdater => C:\UPS\WSTD\CF\WorldShipCF.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45C8A10F-2FF6-4D87-9665-A22AA70DAFBE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5A6E31E7-15DB-46D0-A20F-83457C526220}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{7AC4E3B6-169A-48D9-B967-70426B56DA30}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{1E6E2D4E-065E-4520-9DC6-6F991CCA8F9A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{366BAA21-74FF-447B-A5B0-0312692B5248}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{C7C78C39-A8FC-450B-B43C-6BCCBCD1E393}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{65105041-EB2C-431D-A588-EAA1687AF13B}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{6DF34829-2052-411A-A409-DCF8515CB7E6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{E49C7DC5-2AA2-4A92-BA1C-860F80B776D3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{FD1EA280-CACF-4175-8956-ED5A7B499485}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B4E2B11A-34CC-4826-980A-F157FB9C9EBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B88A86A5-2E99-4AAE-AB1C-872773AA7CB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D189DE28-0637-49E9-8808-9F48A29FFB84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FE67D766-DB21-4300-B80D-73EBF3F6F511}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1778FE0A-21FD-4A3C-9DF4-CC84403D2B76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{599E24F9-7BAB-4775-8D32-30556677CE6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{27BB0359-BE57-4044-AB4D-5DF6E43E0242}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{FB7511B2-9303-43E6-B280-9040098AA7A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E6B43D01-A3E8-4DD5-A090-065E48BC3585}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BEBE3EA8-5B9D-41AB-B074-7D3DDE7431A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17DCEE9C-6EB0-4DC3-9D3D-542916B1FD28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8FCFEBB4-6277-4089-A4EB-521F4F658940}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5AF32E7F-B313-4DFF-B331-5FC01A08425C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{82E35F61-DFE4-4F6C-8B70-3148250200D8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{B47E290C-5BA9-4FA9-95E9-096114153501}] => (Allow) LPort=1583
FirewallRules: [{AD894820-7BE5-42E4-A900-4FEE755FB2A2}] => (Allow) LPort=3351
FirewallRules: [{0B6E2700-DBB1-4EEB-9BA4-BBAA97B541C7}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{52FB2E7C-C939-47C8-B866-8F708B98A8F1}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{D39BCF72-91E1-4BD9-A04E-8C0C4D93D335}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{293BB0BE-8B5D-41AC-B233-BE830533AE81}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{87431AE6-8CA2-4656-B068-74467066863F}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{5E6362D6-5FA8-4841-80E6-687C6BA6032D}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{17CF3A75-C8A4-4791-8B6E-6DE1759CE312}] => (Allow) LPort=1434
FirewallRules: [{2D2BCF6A-1BD7-4E59-9133-3F7D009AD963}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AEFCA8D9-F3F1-4F98-9372-3651BD85D00B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5C4A0B7F-B5F2-4C7B-8542-08D570395B76}] => (Allow) C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3D592120-01B1-4E2D-9A9B-DAC2E8DC99C0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55DF9532-74EA-4F31-AD6B-510DA628093D}] => (Allow) LPort=2869
FirewallRules: [{590C98E9-8822-466C-98B1-BAAEB4F71B06}] => (Allow) LPort=1900
FirewallRules: [{0D1A9D6D-9F5E-4105-BC28-022FBF659872}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C20FEF1C-B44F-4550-8087-A513B61FBB11}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{38AF9D53-9A1F-4E97-B02B-BC2A8F36DC81}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{B1B345D7-055D-42FF-B5AE-D37CB1DD63E2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C633F96C-705D-43E6-9F7C-B03F1E8BDCB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67E4D9F7-4DD8-4A6E-B0BF-045D41A88C11}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DA1752BB-7B99-4039-B470-E7FADB567F7A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{AE419300-E45A-44E8-8CD4-34BC4282CB2E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{571321D2-9FDC-4219-8290-2D1496EC6CDE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E88C24E9-5795-4C46-9A4D-A59E41346B27}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{785509E7-0966-49A9-B375-8AFBF2248235}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B809CFE2-8646-445B-91C0-3AB7AF0F4F9F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{48C14C6A-6AF0-4B77-8D04-01CB24570FCC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F466404D-F4B7-43BC-BE29-7F6D9E579340}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8DA4B46-4C86-413F-AE6C-FB0075C31146}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FEC0336-AF8C-4BCA-9305-3823AA5F81D6}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4AFB8BA6-8B1C-445F-ACD4-72B0764EFAB4}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD562C63-0906-4A40-8E14-9F77EB8C1695}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0B69772-23A2-4209-8C9C-547642F4AB2F}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{47496406-FABC-4D17-9F72-3391033C7D00}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{94D63014-325E-4A2E-99C0-BFA5DBAAF377}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [{B36EBC99-CF4F-4468-B9F3-6481CAFA0800}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DA7E325-DB82-4D35-A13E-C6EC0531B70B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{183AC061-1226-4819-A26C-354CFEAC87E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA7021D9-8A87-4B3E-9C27-794E2A343A15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18FC8F30-6C60-4D0F-BD86-B61C4B646CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{114A5DB6-5A6D-4A0F-8439-48E0E752A758}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE9BBE7A-3CA8-493A-9CD9-C5A40BBB0075}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{227A64CB-5D9D-4F53-9E14-E2219B21B57F}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{442CD5BD-7417-46A0-B9A9-C53B7373B572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{5C590FFE-4D6E-4415-B9A1-A217CF204CBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1DAEA779-2A80-418E-AC16-33B909C593CC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{40F9D36A-B07E-414D-9F49-BBA4B215175D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

26-03-2017 12:12:08 Installed WeatherBuddy
27-03-2017 03:02:43 Manual Restore

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2017 04:42:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Thomas\Desktop\esetsmartinstaller_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/28/2017 04:41:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (03/28/2017 04:46:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/28/2017 04:45:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (03/28/2017 04:43:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/28/2017 04:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
The requested resource is in use.

Error: (03/28/2017 04:40:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dataup Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/28/2017 04:40:27 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xffffffffc0000005, 0xfffff88000e12130, 0xfffff880037bd5e8, 0xfffff880037bce40). A dump was saved in: C:\Windows\Minidump\032817-34398-01.dmp. Report Id: 032817-34398-01.

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8172.25 MB
Available physical RAM: 5447.66 MB
Total Virtual: 16342.68 MB
Available Virtual: 13300.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:923.45 GB) (Free:23.86 GB) NTFS
Drive d: (DATA) (Fixed) (Total:923.47 GB) (Free:923.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C23FF5DB)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#19
RKinner

Posted 28 March 2017 - 09:39 PM

Malware Expert

Expert
24,625 posts

Supposedly MBAM has just been updated for this virus. Let's see if it will run:

Please download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup-version.exe and follow the prompts to install the program.

Launch Malwarebytes Anti-Malware

Then click Finish.

If an update is found, you will be prompted to download and install the latest version.

Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.

When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.

Reboot your computer if prompted.

Posting the Malwarebytes log.

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported".

Click Ok

post that saved log to your next reply.

#20
playwiffme

Posted 28 March 2017 - 10:35 PM

Member

Topic Starter
Member
61 posts

CANNOT RUN - "the requested resource is in use"

#21
playwiffme

Posted 29 March 2017 - 12:22 AM

Member

Topic Starter
Member
61 posts

I don't know if tprdpw32.exe was hiding somewhere unseen/invisible as it was NOT showing up in Process Explorer but Zemana AntiMalware detected it and quarantined it once again forcing a reboot to totally remove. The last time it was detected and quarantined it was done by HitMan Pro.

This time the reboot took over 45 minutes as the computer went through several mini-boots/dumps (several blue screens) before FINALLY entering into the Windows Desktop (whew). I think I'll leave the computer on until a reboot is mandatory. I've turned off Zemana AntiMalware so it can stop looking for threats. I've also enclosed another message from Windows that was received when reboot was finally completed.

Windows has recovered from an unexpected shutdown

Problem signature:
Problem Event Name:   BlueScreen
OS Version:   6.1.7601.2.1.0.768.3
Locale ID:   1033

Additional information about the problem:
BCCode:   1000007e
BCP1:   FFFFFFFFC0000005
BCP2:   FFFFF88000E03130
BCP3:   FFFFF880039BD5E8
BCP4:   FFFFF880039BCE40
OS Version:   6_1_7601
Service Pack:   1_0
Product:   768_1

Files that help describe the problem:
C:\Windows\Minidump\032917-29125-01.dmp
C:\Users\Thomas\AppData\Local\Temp\WER-132585-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

#22
RKinner

Posted 29 March 2017 - 07:01 AM

Malware Expert

Expert
24,625 posts

Do you have a USB drive? Put FRST on it. Then if something happens so it won't boot follow the procedure in Step 3 on this post:

http://www.geekstogo...l/#entry2151691

Let's see if we can do anything to the visible parts of the infection.

These are:

S2 Dataup; C:\Users\Thomas\AppData\Local\NTUSER~1\dataup\dataup.exe [X] <==== ATTENTION

S2 windowsmanagementservice; "C:\Users\Thomas\AppData\Local\microlabs\ct.exe" /svc [X] <==== ATTENTION

R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION

2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe

2017-03-26 12:13 - 2017-03-26 12:13 - 00076576 ____N C:\Windows\system32\Drivers\ndistpr64.sys

2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex

It probably starts with

R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION

This is a driver that loads when it boots.

I wonder if we can do anything to it? First make sure you can see hidden system files

Control Panel, (View By: Large Icons) Folder Options, View.

Uncheck Hide Extensions for Known File Types

Uncheck Hide Protected System Files

Check Show Hidden Files,Folders and Drives.

Right click on Start and select Open Windows Explorer

Click on Local Disk (C:)

In the right pane look for and double click on Windows

Scroll down in the right pane and double click on System32

Scroll down in the right pane and double click on Drivers.

Scroll down and find ndistpr64.sys

Right click on it and Delete. (This probably won't work)

Try

Right click on it and Rename. Try to change the extension to ndistpr64.bad

If either of the two works then: Click on the New Folder button up on the toolbar. Rename the New Folder to ndistpr64.sys

If neither works then right click on ndistpr64.sys and select Properties then Security. Click on Advanced. Click on Owner.

Note the current Owner. Edit. In the bottom box should be a list of possible owners. Admin and your user name. Choose your user name. If you don't see any names then Other Users or Groups: type in your user name and hit Check Name. OK. Click OK and the Properties box closes. Then right click on ndistpr64.sys and select Properties then Security. Advanced. Uncheck and Change Permissions. Uncheck "Include Inheritable permissions ..." OK. Remove.

You will get a warning that no one can access the file. OK.

OK.

Repeat for:

C:\Windows\system32\tprdpw32.exe

C:\Users\Thomas\AppData\Local\microlabs\ct.exe

C:\Users\Thomas\AppData\Local\NTUSER~1\dataup\dataup.exe (NTUSER~1 is the first folder that starts with NTUSER...)

Even if you can't do any of the above:

search for

regedit

and hit Enter

This will bring up the registry editor.

We need to navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services

So click on the arrow in front of

HKEY_LOCAL_MACHINE

click on the arrow in front of SYSTEM

click on the arrow in front of CurrentControlSet

click on the arrow in front of services

click on drmkpro64

in the right pane double click on Start.

Change the 0 to a 4. OK

If it works or if it doesn't then we need to

right click on drmkpro64 and select Permissions then Advanced then Owner. Select your user name or Administrator. OK. If neither are there then Other Users or Groups. Tyoe in your User Name then Check Names OK.

OK back to the Permissions tab and hit Advanced. Uncheck the Include Inheritable Permissions. OK Remove.

Now when you look at Permissions for it, it should say no one can access it.

Repeat for

Dataup

windowsmanagementservice

If this is too difficult then follow the procedures in step 3 of http://www.geekstogo...l/#entry2151691

And post a FRST log.

FRST should be able to remove the files and registry entries since Windows hasn't really started.

#23
playwiffme

Posted 29 March 2017 - 08:31 AM

Member

Topic Starter
Member
61 posts

1) Could NOT delete or rename

ndistpr64.sys - access denied
tprdpw32.exe - access denied

2) C:\Users\Thomas\AppData\Local\microlabs\ct.exe

C:\Users\Thomas\AppData\Local\NTUSER~1\dataup\dataup.exe (NTUSER~1 is the first folder that starts with NTUSER...)

I DO NOT have these files present any longer - I believe they were deleted/quarantined by either Zemana AntiMalware or HitMan Pro in the early stages of discovering this issue.

I also recall files named microlabs, ct.exe, yellowloader? and vmxclient to name a few others that I recall.

When this first started I had 2 files in my Task Manager / Applications - appearing only with the identity of CLIENT - I assumed I had the vmxclient virus.

3) Re: drmkpro64
Dataup
windowsmanagementservice

All 3 had - Administrators (Thomas-PC\Administrators) - listed as the owner.

All 3 files have been unchecked to say no one can access

*Note* windowsmanagementservice file in the registry detailed the following -

windowsmanagementservice
ImagePath
"C:\Users\Thomas\AppData\Local\microlabs\ct.exe"/svc

(mentioning only because the reference to microlabs and ct.exe)

Did you still wish for me to run FRST now???

#24
RKinner

Posted 29 March 2017 - 09:33 AM

Malware Expert

Expert
24,625 posts

Let's create a new folder or two:

Copy the next two lines:

mkdir \Users\Thomas\AppData\Local\microlabs

mkdir \Users\Thomas\AppData\Local\microlabs\ct.exe

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste (or Edit then Paste) and the copied lines should appear. Hit Enter.

This will keep the infection from replacing ct.exe

Now we really want to reboot but I would make a new System Restore point first.

You can open notepad and just paste in

CreateRestorePoint:

Then File, Save As (to the same folder where FRST lives) fixlist, OK

Then Run FRST and hit Fix.

Make sure you have a copy of FRST on a USB drive in case it doesn't want to boot. (And that you know how to get to it using the instructions on the link I gave you)

#25
playwiffme

Posted 29 March 2017 - 10:11 AM

Member

Topic Starter
Member
61 posts

Re: Command Prompt entries - i entered each on a separate line - was this correct? When finished I simply closed the prompt - was this also correct?

Re: CreateRestorePoint - successfully done to notepad/frst - frst/fix

Also manually created a restore point earlier using the System folder - although still cannot gain access to System Restore

Computer has rebooted without a hiccup - went smooth as silk

Noticed I'm back again to 2 choices before Windows opens - choose myself or another user first

#26
RKinner

Posted 29 March 2017 - 10:17 AM

Malware Expert

Expert
24,625 posts

Who is the other user? Do you see them in Control Panel, User Accounts?

Let's do a new FRST scan and see what there is to see. Also a new Process Explorer log.

#27
playwiffme

Posted 29 March 2017 - 10:34 AM

Member

Topic Starter
Member
61 posts

There is only 1 user - Administrator/Thomas

Before Windows attempts to open to the desktop it requests to make a selection

-----either Thomas ----- or ----- Other User (there is no other user - none listed in User Accounts either - this has never been an issue prior/never had to make a selection

Will now proceed to run a new FRST and Process Explorer logs...

#28
playwiffme

Posted 29 March 2017 - 10:41 AM

Member

Topic Starter
Member
61 posts

Process Explorer -

Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Verified Signer
acrotray.exe   4928       2,488 K   6,480 K   AcroTray   Adobe Systems Inc.   (Verified) Adobe Systems
AdobeARM.exe   4956       4,040 K   528 K
armsvc.exe   1900       1,320 K   4,192 K   Adobe Acrobat Update Service   Adobe Systems Incorporated   (Verified) Adobe Systems
clear.fi.exe   3464   Suspended   384 K   128 K   clear.fi   Acer Incorporated   (Verified) CyberLink
clear.fiAgent.exe   3592       1,804 K   808 K   clear.fi Resident Program   CyberLink Corp.   (Verified) CyberLink
csrss.exe   540       2,860 K   5,320 K
CVHSVC.EXE   4648       8,004 K   16,212 K
DMREngine.exe   3584       5,344 K   1,372 K   DMREngine   CyberLink   (Verified) CyberLink
GoogleCrashHandler.exe   2220       1,712 K   784 K
GoogleCrashHandler64.exe   2228       2,012 K   528 K
GREGsvc.exe   2672       1,144 K   3,728 K   Global Registration Service   Acer Incorporated   (Verified) Acer Incorporated
jusched.exe   4944       2,652 K   5,792 K   Java Update Scheduler   Oracle Corporation   (Verified) Oracle America
lsass.exe   696       6,840 K   14,172 K   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
lsm.exe   704       3,156 K   5,156 K
mDNSResponder.exe   2584       2,796 K   6,472 K   Bonjour Service   Apple Inc.   (Verified) Apple Inc.
MSCamS64.exe   2804       5,808 K   10,052 K   MsCamSvc.exe   Microsoft Corporation   (Verified) Microsoft Corporation
msseces.exe   4536       7,292 K   15,432 K   Microsoft Security Client User Interface   Microsoft Corporation   (Verified) Microsoft Corporation
NetworkLicenseServer.exe   1704       15,604 K   20,036 K   ABBYY network license server   ABBYY Production LLC   (Verified) ABBYY Production LLC
NisSrv.exe   3156       19,556 K   10,372 K   Microsoft Network Realtime Inspection Service   Microsoft Corporation   (Verified) Microsoft Corporation
nvvsvc.exe   872       3,588 K   8,620 K   NVIDIA Driver Helper Service, Version 267.33   NVIDIA Corporation   (Verified) NVIDIA Corporation
NvXDSync.exe   3628       8,464 K   17,908 K
procexp(1).exe   1124       2,668 K   7,792 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
PsiService_2.exe   2124       2,132 K   4,600 K   PsiService PsiService   arvato digital services llc   (Verified) Arvato Digital Services Canada Inc
RAVCpl64.exe   4524       10,272 K   12,200 K   Realtek HD Audio Manager   Realtek Semiconductor   (Verified) Realtek Semiconductor Corp
SeaPort.EXE   2500       4,444 K   9,596 K
SearchIndexer.exe   5512       39,948 K   16,600 K   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
services.exe   680       6,572 K   10,576 K
sftvsa.exe   3340       1,712 K   5,184 K   Microsoft Application Virtualization Virtual Service Agent   Microsoft Corporation   (Verified) Microsoft Corporation
smss.exe   376       768 K   1,444 K
SplitCamService.exe   3396       11,648 K   6,900 K   SplitCam Service   SplitCam Co.   (Verified) OMT-LIDER
spoolsv.exe   1556       8,876 K   14,880 K   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
sqlbrowser.exe   3808       1,652 K   4,520 K   SQL Browser Service EXE   Microsoft Corporation   (Verified) Microsoft Corporation
sqlwriter.exe   3832       2,768 K   7,156 K   SQL Server VSS Writer - 64 Bit   Microsoft Corporation   (Verified) Microsoft Corporation
svchost.exe   2608       6,692 K   12,340 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   2188       2,932 K   6,508 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   2856       1,760 K   4,296 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   2208       1,708 K   4,228 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   956       5,844 K   9,628 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   1064       9,080 K   14,904 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   808       5,832 K   10,920 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   796       20,144 K   19,872 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   1584       12,956 K   16,864 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   2716       3,524 K   8,472 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   3952       5,000 K   8,680 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
taskeng.exe   4160       3,468 K   8,008 K   Task Scheduler Engine   Microsoft Corporation   (Verified) Microsoft Windows
taskeng.exe   5616       3,340 K   7,688 K
UpdaterService.exe   2740       1,292 K   4,100 K   Updater Service   Acer Incorporated   (Verified) Acer Incorporated
w3dbsmgr.exe   2404       87,536 K   28,068 K   Database Service Manager   Pervasive Software Inc.   (Verified) Sage Software
wininit.exe   616       2,072 K   5,072 K
winlogon.exe   3528       3,812 K   8,176 K
WmiPrvSE.exe   3016       3,392 K   7,284 K
wuauclt.exe   1216       2,840 K   7,488 K   Windows Update   Microsoft Corporation   (Verified) Microsoft Windows
WUDFHost.exe   5972       2,708 K   6,904 K
ZAM.exe   2540   Suspended   6,752 K   140 K   ZAM   Copyright 2017.   (No signature was present in the subject) Copyright 2017.
ZAM.exe   4092       14,324 K   16,820 K   ZAM   Copyright 2017.   (No signature was present in the subject) Copyright 2017.
nvSCPAPISvr.exe   3916   < 0.01   2,528 K   5,860 K   Stereo Vision Control Panel API Server   NVIDIA Corporation   (Verified) NVIDIA Corporation
WLIDSVCM.EXE   1852   < 0.01   2,060 K   4,248 K
nvvsvc.exe   3636   < 0.01   7,096 K   14,476 K
svchost.exe   2640   < 0.01   8,004 K   14,696 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   4180   < 0.01   14,620 K   14,376 K   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   4040   < 0.01   7,992 K   16,852 K
svchost.exe   1264   < 0.01   18,420 K   20,460 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
sftlist.exe   2340   < 0.01   8,872 K   19,524 K   Microsoft Application Virtualization Client Service   Microsoft Corporation   (Verified) Microsoft Corporation
svchost.exe   972   < 0.01   224,628 K   231,840 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
taskhost.exe   4452   < 0.01   10,720 K   15,164 K   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
acrobat_sl.exe   6632   < 0.01   2,052 K   676 K
reader_sl.exe   4684   < 0.01   2,104 K   680 K
AppleMobileDeviceService.exe   1192   < 0.01   4,624 K   11,772 K   MobileDeviceService   Apple Inc.   (Verified) Apple Inc.
sqlservr.exe   2824   < 0.01   52,076 K   9,008 K   SQL Server Windows NT   Microsoft Corporation   (Verified) Microsoft Corporation
svchost.exe   1088   < 0.01   29,996 K   46,240 K   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
zipwhipw.exe   3716   < 0.01   140,412 K   110,384 K   Java™ Platform SE binary   Oracle Corporation   (Verified) Oracle America
explorer.exe   4252   0.01   54,700 K   74,748 K   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   3504   0.02   11,524 K   16,060 K
MsMpEng.exe   348   0.03   144,264 K   164,904 K   Antimalware Service Executable   Microsoft Corporation   (Verified) Microsoft Corporation
firefox.exe   6872   0.06   216,672 K   217,824 K   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
dwm.exe   4228   0.12   30,012 K   46,428 K   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
System   4   0.19   188 K   2,268 K
Interrupts   n/a   0.23   0 K   0 K   Hardware Interrupts and DPCs
ZAM.exe   4620   0.24   163,580 K   179,380 K   ZAM   Copyright 2017.   (No signature was present in the subject) Copyright 2017.
firefox.exe   3868   0.35   141,068 K   150,716 K   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
procexp(1)64.exe   5432   0.53   30,084 K   47,768 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   0   98.20   0 K   24 K

#29
playwiffme

Posted 29 March 2017 - 11:03 AM

Member

Topic Starter
Member
61 posts

FRST -

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Thomas (administrator) on THOMAS-PC (29-03-2017 12:43:02)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Loaded Profiles: Thomas (Available Profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files\Frontier Texting\java_vm\bin\zipwhipw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Farbar) C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Run: [Frontier Texting] => C:\Program Files\Frontier Texting\Frontier Texting.lnk [1832 2016-11-08] ()
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
BootExecute: autocheck autochk * bootdeletebootdeletebootdeletebootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{95C5EA71-8623-416C-AAEC-D3AA4AF7581A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9612667B-16FF-47A2-8AC8-4084E6EAD0FB}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll No File

FireFox:
========
FF DefaultProfile: ixg7h6xy.default-1476596056535
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\vf9r2hzq.default [not found]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 [2017-03-29]
FF Homepage: Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 -> www.msn.com/
FF Extension: (AdBlocker for YouTube™) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\Extensions\[email protected] [2016-12-05]
FF Extension: (Site Deployment Checker) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\features\{ec85e9e5-61a9-4f62-884b-d3976b9e3ed7}\[email protected] [2017-03-24]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\embvo3sn.Default User [2017-03-29]
FF Homepage: Mozilla\Firefox\Profiles\embvo3sn.Default User -> hxxp://www.msn.com/
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-11-06]
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-06-30] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2364491048-255812346-798213191-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Thomas\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default [2017-03-29]
CHR Extension: (Google Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Flash Video Downloader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-26]
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MagMouse) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\biofinbccickkakhihdmkafjniganmee [2016-10-03]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Google Hangouts) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Video DownloadHelper) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-21]
CHR Extension: (Aimersoft Video Converter Ultimate) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb [2015-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]
CHR HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-09-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"Dataup" => service was unlocked. <===== ATTENTION
"drmkpro64" => service was unlocked. <===== ATTENTION
"windowsmanagementservice" => service was unlocked. <===== ATTENTION

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-01-20] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-04-06] (Pervasive Software Inc.)
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [321064 2016-10-19] (SplitCam Co.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U2 windowsmanagementservice; C:\Users\Thomas\AppData\Local\microlabs\ct.exe [0 2017-03-29] () <==== ATTENTION (zero byte File/Folder) <==== ATTENTION
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.) [File not signed]
U2 Dataup; C:\Users\Thomas\AppData\Local\NTUSER~1\dataup\dataup.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
S3 ESGIGUARD; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2016-11-29] ()
S3 ESGSCANNER; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [23112 2017-03-29] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2016-08-02] (Windows ® Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37600 2016-08-02] (Windows ® Win 7 DDK provider)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-26] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 11:51 - 2017-03-29 11:51 - 00000101 _____ C:\Users\Thomas\Documents\03-29-17-1.txt
2017-03-29 11:38 - 2017-03-29 11:39 - 00000000 ____D C:\Users\Thomas\AppData\Local\microlabs
2017-03-29 08:58 - 2017-03-29 08:58 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001(1).zip
2017-03-29 08:53 - 2017-03-29 08:53 - 00448512 _____ (OldTimer Tools) C:\Users\Thomas\Downloads\TFC(1).exe
2017-03-29 08:32 - 2017-03-29 08:32 - 06705178 _____ C:\Users\Thomas\Downloads\mbam-chameleon-3.1.33.0.zip
2017-03-29 02:24 - 2017-03-29 02:24 - 00000783 _____ C:\Users\Thomas\Documents\03-29-17.txt
2017-03-29 01:27 - 2017-03-29 01:27 - 41764120 _____ (IObit ) C:\Users\Thomas\Downloads\imfv5-setup.exe
2017-03-29 01:21 - 2017-03-29 01:21 - 46510120 _____ (IObit ) C:\Users\Thomas\Downloads\IObit-Malware-Fighter-Setup
2017-03-29 01:19 - 2017-03-29 01:19 - 00211213 _____ C:\Users\Thomas\Downloads\imf-offline-db1635.zip
2017-03-29 00:39 - 2017-03-29 00:41 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 00:28 - 2017-03-29 00:33 - 55566792 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-03-28 16:44 - 2017-03-28 16:44 - 00000782 _____ C:\Users\Thomas\Documents\03-28-17-3.txt
2017-03-28 16:30 - 2017-03-28 16:30 - 00003075 _____ C:\Users\Thomas\Downloads\fixlist.txt
2017-03-28 15:32 - 2017-03-28 15:32 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill64.exe
2017-03-28 14:56 - 2017-03-28 14:56 - 00000348 _____ C:\Users\Thomas\Documents\03-28-17-2.txt
2017-03-28 13:18 - 2017-03-28 13:18 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64(1).exe
2017-03-28 11:57 - 2017-03-28 11:57 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Thomas\Downloads\procexp(1).exe
2017-03-28 11:03 - 2017-03-28 11:03 - 00000900 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-03-28 11:03 - 2017-03-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-03-28 11:02 - 2017-03-28 11:03 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-03-28 10:59 - 2017-03-28 11:01 - 243565384 _____ (Emsisoft Ltd. ) C:\Users\Thomas\Downloads\EmsisoftAntiMalwareSetup.exe
2017-03-28 09:03 - 2017-03-28 09:03 - 49405136 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\Windows-KB890830-x64-V5.46.exe
2017-03-28 08:47 - 2017-03-28 10:53 - 00000228 _____ C:\Users\Thomas\Documents\03-28-17-1.txt
2017-03-28 03:34 - 2017-03-28 03:34 - 00000000 ____D C:\VIPRERESCUE
2017-03-28 03:30 - 2017-03-28 03:33 - 315179008 _____ C:\Users\Thomas\Downloads\VIPRERescue.exe
2017-03-28 03:07 - 2017-03-28 03:07 - 00023197 _____ C:\Users\Thomas\Documents\03-28-17.txt
2017-03-28 03:03 - 2017-03-28 03:03 - 00023197 _____ C:\Windows\system32\0
2017-03-28 02:54 - 2017-03-28 02:55 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001.zip
2017-03-27 17:22 - 2017-03-27 17:22 - 00001324 _____ C:\AdwCleaner[R3].txt
2017-03-27 16:36 - 2017-03-27 16:36 - 00000700 _____ C:\Users\Thomas\Documents\03-27-17.txt
2017-03-27 10:55 - 2017-03-27 10:56 - 00059427 _____ C:\Users\Thomas\Downloads\Addition.txt
2017-03-27 10:53 - 2017-03-27 10:56 - 00079814 _____ C:\Users\Thomas\Downloads\FRST.txt
2017-03-27 10:52 - 2017-03-29 12:43 - 00000000 ____D C:\FRST
2017-03-27 10:52 - 2017-03-27 10:52 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.scr
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(4).exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).com
2017-03-27 09:12 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Desktop\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 09:11 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 07:58 - 2017-03-27 07:58 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner (5).exe
2017-03-27 02:58 - 2017-03-27 02:58 - 00002407 _____ C:\Users\Thomas\Desktop\RKreport[5]_D_03272017_02d0258.txt
2017-03-27 02:58 - 2017-03-27 02:58 - 00002364 _____ C:\Users\Thomas\Desktop\RKreport[4]_S_03272017_02d0258.txt
2017-03-27 02:56 - 2017-03-27 02:56 - 00002710 _____ C:\Users\Thomas\Desktop\RKreport[3]_D_03272017_02d0256.txt
2017-03-27 02:55 - 2017-03-27 02:55 - 00002718 _____ C:\Users\Thomas\Desktop\RKreport[2]_S_03272017_02d0255.txt
2017-03-27 02:54 - 2017-03-27 02:54 - 00002681 _____ C:\Users\Thomas\Desktop\RKreport[1]_S_03272017_02d0254.txt
2017-03-27 01:52 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Desktop\tdsskiller(1).exe
2017-03-27 01:52 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe
2017-03-27 01:51 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Desktop\mbar-1.09.3.1001.exe
2017-03-27 01:49 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001.exe
2017-03-27 00:19 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Downloads\tdsskiller(1).exe
2017-03-26 22:54 - 2017-03-26 22:54 - 00001387 _____ C:\AdwCleaner[R2].txt
2017-03-26 22:51 - 2017-03-29 02:41 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2017-03-26 21:02 - 2017-03-28 02:08 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-26 21:01 - 2017-03-26 22:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000862 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-26 21:00 - 2017-03-26 21:01 - 35109888 _____ (Adlice Software ) C:\Users\Thomas\Downloads\setup.exe
2017-03-26 20:59 - 2017-03-29 01:11 - 00000000 ____D C:\Users\Thomas\Desktop\RK_Quarantine
2017-03-26 19:30 - 2017-03-29 12:45 - 00273827 _____ C:\Windows\ZAM.krnl.trace
2017-03-26 19:30 - 2017-03-29 12:44 - 00107113 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Users\Thomas\AppData\Local\Zemana
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-26 19:28 - 2017-03-26 19:29 - 05740956 _____ (Zemana Ltd. ) C:\Users\Thomas\Downloads\eXplorer(1).exe
2017-03-26 19:19 - 2017-03-26 19:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\RKill_2.8.2.0.com
2017-03-26 19:18 - 2017-03-26 19:18 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).exe
2017-03-26 19:09 - 2017-03-26 19:09 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).exe
2017-03-26 18:43 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\iExplore.exe
2017-03-26 18:42 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\iExplore.exe
2017-03-26 18:32 - 2017-03-26 18:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\eXplorer.exe
2017-03-26 18:29 - 2017-03-26 18:30 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).com
2017-03-26 18:26 - 2017-03-26 18:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(1).exe
2017-03-26 18:24 - 2017-03-26 18:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\Tom-fix.exe
2017-03-26 18:22 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.exe
2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 12:13 - 2017-03-26 12:13 - 00076576 ____N C:\Windows\system32\Drivers\ndistpr64.sys
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex
2017-03-25 18:23 - 2017-03-25 18:24 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner(3).exe
2017-03-25 18:21 - 2017-03-25 18:21 - 00001234 _____ C:\AdwCleaner[R1].txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 12:27 - 2013-03-24 02:41 - 00000000 ____D C:\Program Files (x86)\Replay Video Capture 6
2017-03-29 12:17 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-29 12:17 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-29 12:02 - 2016-11-18 10:18 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2017-03-29 12:02 - 2015-04-02 17:24 - 00000000 ____D C:\Program Files\Frontier Texting
2017-03-29 12:02 - 2012-06-30 12:25 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-29 12:02 - 2012-06-29 22:08 - 00000000 ____D C:\Users\Thomas
2017-03-29 12:01 - 2014-03-28 05:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job
2017-03-29 12:01 - 2011-11-10 19:10 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-29 12:00 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-29 11:06 - 2012-06-30 02:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-29 09:25 - 2009-07-14 01:13 - 00852428 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-29 09:25 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-29 01:50 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-29125-01.dmp
2017-03-29 01:50 - 2012-09-23 23:22 - 00000000 ____D C:\Windows\Minidump
2017-03-29 01:47 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-27034-01.dmp
2017-03-29 01:45 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-30685-01.dmp
2017-03-29 01:43 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-26707-01.dmp
2017-03-29 01:43 - 2013-01-07 03:15 - 00023112 _____ C:\Windows\system32\Drivers\hitmanpro35.sys
2017-03-29 01:41 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-32042-01.dmp
2017-03-29 01:38 - 2016-06-28 09:20 - 00000194 _____ C:\Windows\system32\.crusader
2017-03-29 01:31 - 2012-06-29 22:57 - 00000000 ____D C:\Users\Thomas\Documents\Software Programs
2017-03-28 20:14 - 2016-10-19 19:59 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Adblock Plus for IE
2017-03-28 18:51 - 2012-07-06 20:26 - 00000000 ____D C:\Users\Thomas\Documents\My Streaming Media
2017-03-28 16:40 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-34398-01.dmp
2017-03-28 16:05 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032817-31715-01.dmp
2017-03-28 16:04 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-42713-01.dmp
2017-03-28 15:32 - 2016-10-15 22:56 - 00000002 _____ C:\Users\Thomas\Desktop\Rkill.txt
2017-03-28 14:41 - 2015-04-26 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 13:39 - 2015-03-26 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-27 17:23 - 2014-01-19 00:37 - 00000000 ____D C:\AdwCleaner
2017-03-27 16:47 - 2009-07-14 01:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-27 13:29 - 2016-10-27 10:06 - 00003242 _____ C:\Windows\System32\Tasks\Hitman Pro 3.5 Boot Task
2017-03-27 13:29 - 2016-10-27 10:06 - 00001978 _____ C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
2017-03-27 08:00 - 2012-07-01 14:03 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2017-03-26 17:37 - 2012-08-05 21:25 - 00000000 ____D C:\ProgramData\ThumbsPlus
2017-03-26 15:20 - 2012-08-05 19:09 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\ThumbsPlus
2017-03-26 02:16 - 2014-04-30 01:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-25 20:01 - 2012-07-01 20:50 - 00000000 ____D C:\Users\Thomas\Documents\ConvertXToDVD
2017-03-25 18:32 - 2016-01-15 15:26 - 00000000 ___RD C:\Users\Thomas\Google Drive
2017-03-25 14:27 - 2011-07-20 09:02 - 00000000 ___HD C:\OEM
2017-03-25 08:12 - 2012-07-04 00:19 - 00000000 ____D C:\Users\Thomas\Documents\My Stuff
2017-03-21 19:24 - 2016-05-17 23:35 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-21 19:24 - 2016-05-17 23:35 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-21 19:24 - 2014-09-02 07:08 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2017-03-21 19:24 - 2011-07-20 08:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-21 12:07 - 2014-08-25 18:55 - 00005052 _____ C:\Windows\DUNZLOG.TXT
2017-03-20 23:48 - 2011-05-10 17:15 - 00000000 ____D C:\Users\Thomas\Documents\Adult
2017-03-19 04:57 - 2012-07-16 11:42 - 00000000 ____D C:\Users\Thomas\AppData\Local\ElevatedDiagnostics
2017-03-17 12:49 - 2013-01-01 03:06 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Smilebox
2017-03-16 06:16 - 2016-05-21 22:05 - 00001057 _____ C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2017-03-16 06:16 - 2016-05-21 22:05 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Vso
2017-03-11 15:17 - 2012-07-04 22:20 - 00000000 ____D C:\Users\Thomas\Documents\My Scans
2017-03-09 21:40 - 2012-09-03 12:07 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 21:40 - 2012-09-03 12:07 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-02 08:19 - 2014-12-27 00:32 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-02 08:19 - 2014-12-27 00:31 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== Files in the root of some directories =======

2014-11-13 08:30 - 2014-11-13 08:30 - 6000640 _____ () C:\Program Files (x86)\GUT5B97.tmp
2017-02-26 19:16 - 2017-02-26 19:24 - 7680000 _____ () C:\Program Files (x86)\GUT849B.tmp
2017-03-11 12:25 - 2017-03-11 12:25 - 0163840 _____ (Explorer) C:\Users\Thomas\AppData\Roaming\35-1 q.exe
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Amp
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Reduction
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\BookService
2016-05-20 15:33 - 2016-05-21 20:48 - 0099384 _____ () C:\Users\Thomas\AppData\Roaming\inst.exe
2013-03-02 18:55 - 2013-03-02 18:55 - 0000082 _____ () C:\Users\Thomas\AppData\Roaming\mbam.context.scan
2016-05-18 18:14 - 2016-05-21 20:48 - 0007859 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.cat
2016-05-18 18:14 - 2016-05-21 20:48 - 0001167 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.inf
2016-05-18 18:14 - 2016-05-21 20:48 - 0000055 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.log
2016-05-18 18:14 - 2016-05-21 20:48 - 0082816 _____ (VSO Software) C:\Users\Thomas\AppData\Roaming\pcouffin.sys
2014-09-03 17:00 - 2014-09-03 17:00 - 35123384 _____ (VSO Software ) C:\Users\Thomas\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2016-05-21 22:05 - 2017-03-16 06:16 - 0001057 _____ () C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2015-05-20 18:10 - 2017-01-09 23:07 - 0014848 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-14 23:07 - 2016-10-14 23:09 - 0000003 _____ () C:\Users\Thomas\AppData\Local\run1.txt
2013-01-12 18:20 - 2013-01-12 18:20 - 2250054 _____ () C:\ProgramData\1.bmp
2013-01-12 18:19 - 2013-01-12 18:19 - 0444366 _____ () C:\ProgramData\1.jpg
2011-11-10 19:29 - 2011-11-10 19:31 - 0014756 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Breath Pad
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Brother
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Bubble Noise
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Classical
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Clips
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\ColorSync
2012-06-30 18:14 - 2013-10-16 14:30 - 0002719 _____ () C:\ProgramData\hpzinstall.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-05 21:35 - 2014-02-05 21:37 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-05 21:35 - 2014-02-05 21:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
2017-03-29 01:12 - 2016-09-09 14:23 - 1732864 _____ (Microsoft Corporation) C:\Users\Thomas\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 05:14

==================== End of FRST.txt ============================

#30
playwiffme

Posted 29 March 2017 - 11:04 AM

Member

Topic Starter
Member
61 posts

Additional -

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Thomas (29-03-2017 12:47:31)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-30 02:08:02)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2364491048-255812346-798213191-500 - Administrator - Disabled)
Guest (S-1-5-21-2364491048-255812346-798213191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2364491048-255812346-798213191-1006 - Limited - Enabled)
Thomas (S-1-5-21-2364491048-255812346-798213191-1001 - Administrator - Enabled) => C:\Users\Thomas
UpdatusUser (S-1-5-21-2364491048-255812346-798213191-1000 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0708.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Active WebCam (HKLM-x32\...\Active WebCam) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
Aimersoft Helper Compact 2.5.0 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.0 - Aimersoft)
Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software)
AlignmentUtility (x32 Version: 19.00.0000 - UPS) Hidden
Animated GIF producer 5.0 TRIAL (HKLM-x32\...\Animated GIF producer 5.0 TRIAL_is1) (Version: - AVLAN Design)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Barcode Generator version 02.10.10 (HKLM-x32\...\{4E846FBC-F6B3-4767-A0DF-C38D8CD0E13D}_is1) (Version: 02.10.10 - Aurora3D Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
C5500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCC (x32 Version: 19.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.1720.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7713 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.01.3500 - Acer Incorporated)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Identifier (HKLM-x32\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.2 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.201 - Seagate)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FormsComponent (x32 Version: 19.00.0000 - UPS) Hidden
FOSS (x32 Version: 19.00.0000 - UPS) Hidden
Frontier Texting (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Frontier Texting) (Version: 2.5.0b3 - Zipwhip Inc.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hitman Pro 3.5 (HKLM\...\HitmanPro35) (Version: 3.5.9.125 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
iCare Data Recovery Pro (HKLM-x32\...\{F7EAB243-4D0C-47F5-A4F1-74D350E45489}_is1) (Version: 7.6 - iCare Recovery)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 19.00.0000 - UPS)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Inpaint 5.0 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.117 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.5.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.0 - )
Machete Lite 3.8 (HKLM-x32\...\{CBA55866-5332-4E19-867F-30F7E22E9F1E}) (Version: 3.8.33 - MacheteSoft)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.0.5 (HKLM-x32\...\ManyCam) (Version: 5.0.5 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MKVToolNix 8.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
MSIChecker (x32 Version: 19.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NA1Messenger (x32 Version: 19.00.0000 - Your Company Name) Hidden
Nero 2016 (HKLM-x32\...\{4297E807-5633-466A-8AC0-5AC48D310471}) (Version: 17.0.02000 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
NetObjects Fusion 10.0 (HKLM-x32\...\{ECC8CC4E-2291-438F-9601-C8A6BFBA0880}) (Version: 10.0 - )
NetObjects Fusion 11.0 (HKLM-x32\...\{1BD687EB-C093-4BA5-B336-AEF08C314921}) (Version: 11.0 - )
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Nikon View 6 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NRF (x32 Version: 19.00.0000 - UPS) Hidden
NVIDIA Graphics Driver 267.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6733 - NVIDIA Corporation)
Peachtree Accounting 2010 (x32 Version: 17.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2010 (HKLM-x32\...\InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}) (Version: 17.00.00 - Sage Software, Inc.)
Peachtree Pro Accounting 2010 (HKLM-x32\...\Peachtree Pro Accounting) (Version: - )
PeachTree Signature Ready Forms (x32 Version: 6.7.4 - Sage Software SB, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pervasive PSQL v10.10 Workgroup (32-bit) (x32 Version: 10.12.025 - Pervasive Software) Hidden
Photo Collage Creator 3.61 (HKLM-x32\...\Photo Collage Creator_is1) (Version: - AMS Software)
PhotoScissors 3.0 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version: - teorex)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PolicyManager (x32 Version: 19.00.0000 - UPS) Hidden
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
PS_AIO_04_C5500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 19.00.0000 - UPS) Hidden
Replay Media Catcher 4 (4.3.0) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.0 - Applian Technologies)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
RogueKiller version 12.10.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.1.0 - Adlice Software)
Sage Message Center (x32 Version: 2.00.0000 - Sage Software Inc.) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.18656 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Smilebox (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SplitCam (HKLM-x32\...\SplitCam) (Version: 7.5.3.2 - SplitCam Co)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1006 - SUPERAntiSpyware.com)
SupportUtility (x32 Version: 19.00.0000 - UPS) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System (x32 Version: 19.00.0000 - UPS) Hidden
ThumbsPlus (HKLM-x32\...\ThumbsPlus) (Version: - Cerious Software Inc.)
ThumbsPlus (x32 Version: 8.1.0.3537 - Cerious Software Inc.) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.5.1 - Tweaking.com)
UnifiedPrinting (x32 Version: 19.00.0000 - UPS) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 19.0 - UPS)
UPSDB (x32 Version: 19.00.0000 - UPS) Hidden
UPSICC (x32 Version: 19.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 19.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVC2013MM (x32 Version: 19.00.0000 - Your Company Name) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Web Easy Professional (HKLM-x32\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.1 - Avanquest)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 19.00.0000 - UPS)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3502 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinX Free FLV to AVI Converter 4.1.10 (HKLM-x32\...\WinX Free FLV to AVI Converter_is1) (Version: - Digiarty Software,Inc.)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Wondershare Photo Collage Studio 4.2.12.13 (HKLM-x32\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.12.13 - Wondershare Software Co.,Ltd.)
Wondershare Video Editor(Build 4.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
WorldShip (x32 Version: 19.00.0000 - UPS) Hidden
WSShared (x32 Version: 19.00.0000 - UPS) Hidden
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2364491048-255812346-798213191-1001_Classes\CLSID\{8AE44FFE-BF0D-085D-33DC-93B2E248BF89}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16DAEEF1-75E7-4967-A0AB-639073B50045} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff9880ae2cc6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {23177269-9013-451C-8386-C179F89D9EF2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {4C49873D-9FA8-44D9-9FD3-69F404A3DB13} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4E052D3B-423D-4CE5-9A57-2C9CA78EF7FD} - System32\Tasks\{1390CD58-C961-4F8A-9697-BC0F2EA7DE28} => pcalua.exe -a "C:\Users\Thomas\Documents\Software Programs\NetObjects-10\NetObjectsFusion.exe" -d "C:\Users\Thomas\Documents\Software Programs\NetObjects-10"
Task: {67EFCEAA-3903-4A4D-B5AD-7373C6C4BDF8} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {685739C3-A826-4DFD-9404-807244F788BB} - System32\Tasks\Hitman Pro 3.5 Boot Task => C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe [2011-12-14] (SurfRight B.V.)
Task: {6F64FB0E-FDD2-47D6-8BC4-ED656B932489} - System32\Tasks\{2666C777-E13A-4E21-A384-401634CFE18B} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Uninst.isu" -c"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\uninst.dll"
Task: {723BB62B-9A9A-4863-A61B-663D2EE58991} - System32\Tasks\{7EC91944-1AE2-4040-A2D5-A5C2808F1330} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {74670948-AC2F-402F-994D-9F6CBC2AA903} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {8B0DEE79-BA34-4030-8278-D24541977994} - System32\Tasks\{2344072B-ABA6-4FD7-883D-7937D39C1457} => pcalua.exe -a C:\UPS\WSTD\FOSS\Drivers\Eltron\Setup.exe -d C:\UPS\WSTD\FOSS\Drivers\Eltron
Task: {A9846488-A41D-4418-B486-6D294D30EC95} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a74d539a8c8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C2BB3B62-DF0B-48AB-A762-92DD0030BE9B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C41F54D2-3C66-4BDB-A255-34304978D1AB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-18] (Adobe Systems Incorporated)
Task: {D4CAA19A-0D42-46EB-8D2F-EAE5E9F02170} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {D529A07A-6B47-4D71-A819-348965BCAF8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DDDA45C2-04B6-42BC-A39A-CA370EDDF848} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {F362E5F4-6301-4F1F-8282-95E4892457E2} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-20 15:13 - 2011-05-20 15:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Thomas\Downloads\Kristin.mp3:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Classes\.exe: exefile => <===== ATTENTION
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Classes\.scr: scrfile => <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\paypal.com -> hxxps://www.paypal.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-23 20:50 - 2017-03-26 20:56 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: KSS => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkvMon.exe.lnk => C:\Windows\pss\NkvMon.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\Windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\Windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Thomas\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSUpdater => C:\UPS\WSTD\CF\WorldShipCF.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45C8A10F-2FF6-4D87-9665-A22AA70DAFBE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5A6E31E7-15DB-46D0-A20F-83457C526220}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{7AC4E3B6-169A-48D9-B967-70426B56DA30}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{1E6E2D4E-065E-4520-9DC6-6F991CCA8F9A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{366BAA21-74FF-447B-A5B0-0312692B5248}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{C7C78C39-A8FC-450B-B43C-6BCCBCD1E393}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{65105041-EB2C-431D-A588-EAA1687AF13B}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{6DF34829-2052-411A-A409-DCF8515CB7E6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{E49C7DC5-2AA2-4A92-BA1C-860F80B776D3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{FD1EA280-CACF-4175-8956-ED5A7B499485}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B4E2B11A-34CC-4826-980A-F157FB9C9EBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B88A86A5-2E99-4AAE-AB1C-872773AA7CB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D189DE28-0637-49E9-8808-9F48A29FFB84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FE67D766-DB21-4300-B80D-73EBF3F6F511}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1778FE0A-21FD-4A3C-9DF4-CC84403D2B76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{599E24F9-7BAB-4775-8D32-30556677CE6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{27BB0359-BE57-4044-AB4D-5DF6E43E0242}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{FB7511B2-9303-43E6-B280-9040098AA7A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E6B43D01-A3E8-4DD5-A090-065E48BC3585}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BEBE3EA8-5B9D-41AB-B074-7D3DDE7431A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17DCEE9C-6EB0-4DC3-9D3D-542916B1FD28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8FCFEBB4-6277-4089-A4EB-521F4F658940}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5AF32E7F-B313-4DFF-B331-5FC01A08425C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{82E35F61-DFE4-4F6C-8B70-3148250200D8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{B47E290C-5BA9-4FA9-95E9-096114153501}] => (Allow) LPort=1583
FirewallRules: [{AD894820-7BE5-42E4-A900-4FEE755FB2A2}] => (Allow) LPort=3351
FirewallRules: [{0B6E2700-DBB1-4EEB-9BA4-BBAA97B541C7}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{52FB2E7C-C939-47C8-B866-8F708B98A8F1}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{D39BCF72-91E1-4BD9-A04E-8C0C4D93D335}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{293BB0BE-8B5D-41AC-B233-BE830533AE81}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{87431AE6-8CA2-4656-B068-74467066863F}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{5E6362D6-5FA8-4841-80E6-687C6BA6032D}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{17CF3A75-C8A4-4791-8B6E-6DE1759CE312}] => (Allow) LPort=1434
FirewallRules: [{2D2BCF6A-1BD7-4E59-9133-3F7D009AD963}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AEFCA8D9-F3F1-4F98-9372-3651BD85D00B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5C4A0B7F-B5F2-4C7B-8542-08D570395B76}] => (Allow) C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3D592120-01B1-4E2D-9A9B-DAC2E8DC99C0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55DF9532-74EA-4F31-AD6B-510DA628093D}] => (Allow) LPort=2869
FirewallRules: [{590C98E9-8822-466C-98B1-BAAEB4F71B06}] => (Allow) LPort=1900
FirewallRules: [{0D1A9D6D-9F5E-4105-BC28-022FBF659872}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C20FEF1C-B44F-4550-8087-A513B61FBB11}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{38AF9D53-9A1F-4E97-B02B-BC2A8F36DC81}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{B1B345D7-055D-42FF-B5AE-D37CB1DD63E2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C633F96C-705D-43E6-9F7C-B03F1E8BDCB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67E4D9F7-4DD8-4A6E-B0BF-045D41A88C11}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DA1752BB-7B99-4039-B470-E7FADB567F7A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{AE419300-E45A-44E8-8CD4-34BC4282CB2E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{571321D2-9FDC-4219-8290-2D1496EC6CDE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E88C24E9-5795-4C46-9A4D-A59E41346B27}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{785509E7-0966-49A9-B375-8AFBF2248235}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B809CFE2-8646-445B-91C0-3AB7AF0F4F9F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{48C14C6A-6AF0-4B77-8D04-01CB24570FCC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F466404D-F4B7-43BC-BE29-7F6D9E579340}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8DA4B46-4C86-413F-AE6C-FB0075C31146}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FEC0336-AF8C-4BCA-9305-3823AA5F81D6}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4AFB8BA6-8B1C-445F-ACD4-72B0764EFAB4}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD562C63-0906-4A40-8E14-9F77EB8C1695}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0B69772-23A2-4209-8C9C-547642F4AB2F}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{47496406-FABC-4D17-9F72-3391033C7D00}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{94D63014-325E-4A2E-99C0-BFA5DBAAF377}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [{B36EBC99-CF4F-4468-B9F3-6481CAFA0800}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DA7E325-DB82-4D35-A13E-C6EC0531B70B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{183AC061-1226-4819-A26C-354CFEAC87E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA7021D9-8A87-4B3E-9C27-794E2A343A15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18FC8F30-6C60-4D0F-BD86-B61C4B646CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{114A5DB6-5A6D-4A0F-8439-48E0E752A758}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE9BBE7A-3CA8-493A-9CD9-C5A40BBB0075}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{227A64CB-5D9D-4F53-9E14-E2219B21B57F}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{442CD5BD-7417-46A0-B9A9-C53B7373B572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{5C590FFE-4D6E-4415-B9A1-A217CF204CBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1DAEA779-2A80-418E-AC16-33B909C593CC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{40F9D36A-B07E-414D-9F49-BBA4B215175D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

26-03-2017 12:12:08 Installed WeatherBuddy
27-03-2017 03:02:43 Manual Restore
28-03-2017 18:01:35 Windows Update
29-03-2017 11:46:58 Manual Restore
29-03-2017 11:57:18 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2017 12:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ReplayVideo.exe version 6.0.0.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19dc

Start Time: 01d2a8a88e701833

Termination Time: 5

Application Path: C:\Program Files (x86)\Replay Video Capture 6\ReplayVideo.exe

Report Id: 10357d0f-149c-11e7-bb60-3860773e2656

Error: (03/29/2017 12:21:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ReplayVideo.exe version 6.0.0.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f28

Start Time: 01d2a8a846204b24

Termination Time: 2

Application Path: C:\Program Files (x86)\Replay Video Capture 6\ReplayVideo.exe

Report Id: be229cd9-149b-11e7-bb60-3860773e2656

Error: (03/29/2017 12:01:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 11:57:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Management Service since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (03/29/2017 11:57:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Dataup Service since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (03/29/2017 11:57:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary drmkpro64.

System Error:
Access is denied.
.

Error: (03/29/2017 11:47:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Management Service since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (03/29/2017 11:47:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Dataup Service since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (03/29/2017 11:47:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary drmkpro64.

System Error:
Access is denied.
.

Error: (03/29/2017 09:45:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Thomas\Desktop\esetsmartinstaller_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

System errors:
=============
Error: (03/29/2017 12:06:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/29/2017 12:00:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
The requested resource is in use.

Error: (03/29/2017 09:34:55 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: Unable to start a DCOM Server: {56EA1054-1959-467F-BE3B-A2A787C4B6EA}. The error:
"170"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/29/2017 09:23:10 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:
"170"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/29/2017 01:57:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/29/2017 01:55:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/29/2017 01:51:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
The requested resource is in use.

Error: (03/29/2017 01:51:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dataup Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/29/2017 01:50:42 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xffffffffc0000005, 0xfffff88000e03130, 0xfffff880039bd5e8, 0xfffff880039bce40). A dump was saved in: C:\Windows\Minidump\032917-29125-01.dmp. Report Id: 032917-29125-01.

Error: (03/29/2017 01:50:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:48:54 AM on ‎3/‎29/‎2017 was unexpected.

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8172.25 MB
Available physical RAM: 4621.41 MB
Total Virtual: 16342.68 MB
Available Virtual: 12339.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:923.45 GB) (Free:18.34 GB) NTFS
Drive d: (DATA) (Fixed) (Total:923.47 GB) (Free:923.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C23FF5DB)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================