Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot access Safe Mode, System Restore and (most) anti-malware progra


  • Please log in to reply

#46
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Okay...You realize this isn't the Malwarebytes you normally see right? This is Malwarebytes Anti-RootKit - scans Drivers, Sectors, System


  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Sounds like it's a bit better than the usual MBAM so that won't hurt at all.


  • 0

#48
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Okay, I'm running it again...any other ideas?

I'm a fighter, but this is taking a lot of the wind out of my sails...should I start thinking re-format? YIKES!


  • 0

#49
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Seems like whenever these guys we are tracking down get caught and put into quarantine, rebooting takes forever - another 45 or so minutes again with many flashes of blue screens in between.


  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Did the second scan find the same thing?

 

Try running FRST from a USB drive per step 3 on http://www.geekstogo...l/#entry2151691

 

It might be easier to remove it if windows hasn't loaded.

 

Also let's look at your blue screens and see if that tells us anything:

 

 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
 
and also:
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Try the following for your shredder64.msi problem:
download ShellExView.
 
 
Use this download:
 
Once you get it installed, run it and look in the 7th column from the RIGHT. (or 13th from the left)  It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot  (or just restart explorer ) and see if you still get the error.
 

  • 0

#51
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

It's a beautiful day in the neighborhood...

I do believe I got the son-of-a-[bleep] running the software Malwarebytes Anti-RootKit Beta the second time...(log will follow)

 

*Note* - System Restore functions as does all virus/malware programs as intended. I've done a few simple jogs around the block with the computer and it seems to be fine. No more "The requested resource is in use" warnings.

 

***NOTE*** - The ONLY issue I've found thus far is Safe Mode DOES NOT function using the F8 key and I trust you have a cure for this?

 

Malwarebytes Anti-RootKit Log -

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.29.07
  rootkit: v2017.03.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
Thomas :: THOMAS-PC [administrator]

3/29/2017 8:20:46 PM
mbar-log-2017-03-29 (20-20-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 412759
Time elapsed: 1 hour(s), 30 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [83487f509117b87e061a457a06fbb050]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP (Trojan.Clicker) -> Delete on reboot. [458627a81e8a3afcbdfaaecfb8497a86]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [16b504cb6048a2942693c9b3d829c53b]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\Thomas\AppData\Local\NTUSER~1\dataup\dataup.exe -> Delete on reboot. [458627a81e8a3afcbdfaaecfb8497a86]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [b82af19ea4f351ab70ceeeec014dcc62]
C:\Users\Thomas\AppData\Local\Temp\27459966\ic-0.10d434e145492.exe (Ransom.Cerber) -> Delete on reboot. [6e5d5976d2d674c23b7a401425ddd62a]
C:\Users\Thomas\AppData\Local\Temp\27459966\ic-0.ac5d028b063b2.exe (Trojan.Agent) -> Delete on reboot. [fbd07a5505a3c96d05f63ec38a78c838]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


  • 0

#52
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

I then ran Malwarebytes Anti-Malware and followed that up with ADWCleaner (log enclosed)

 

# AdwCleaner v6.045 - Logfile created 30/03/2017 at 00:36:36
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-29.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Thomas - THOMAS-PC
# Running from : C:\Users\Thomas\Documents\Software Programs\ADWCleaner-1\AdwCleaner(4).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: windowsmanagementservice
[!] Service not deleted: esgiguard
[!] Service not deleted: EsgScanner


***** [ Folders ] *****

[!] Folder not deleted: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter
[-] Folder deleted: C:\Program Files\ReviverSoft
[-] Folder deleted: C:\ProgramData\ReviverSoft
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ReviverSoft
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
[!] Folder not deleted: C:\Program Files (x86)\Enigma Software Group
[!] Folder not deleted: C:\Windows\SysWOW64\sstmp


***** [ Files ] *****

[!] File not deleted: C:\Windows\SysWOW64\EsgScanner.sys
[!] File not deleted: C:\Windows\SysWOW64\drivers\EsgScanner.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[!] Key not deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service
[!] Key not deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[!] Key not deleted: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
[!] Key not deleted: HKLM\SOFTWARE\EnigmaSoftwareGroup
[!] Key not deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[!] Key not deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[!] Key not deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[!] Key not deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[!] Key not deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[!] Key not deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[!] Key not deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com


***** [ Web browsers ] *****

[-] [C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7765 Bytes] - [29/02/2016 10:49:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [10554 Bytes] - [16/10/2016 01:14:44]
C:\AdwCleaner\AdwCleaner[C3].txt - [2596 Bytes] - [16/10/2016 19:42:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [4561 Bytes] - [05/03/2017 20:47:28]
C:\AdwCleaner\AdwCleaner[C5].txt - [3326 Bytes] - [25/03/2017 18:28:26]
C:\AdwCleaner\AdwCleaner[C6].txt - [3162 Bytes] - [30/03/2017 00:36:36]
C:\AdwCleaner\AdwCleaner[R0].txt - [2802 Bytes] - [19/01/2014 00:37:10]
C:\AdwCleaner\AdwCleaner[R1].txt - [2862 Bytes] - [19/01/2014 00:40:51]
C:\AdwCleaner\AdwCleaner[R4].txt - [2236 Bytes] - [26/03/2017 22:58:03]
C:\AdwCleaner\AdwCleaner[R5].txt - [2173 Bytes] - [26/03/2017 23:15:07]
C:\AdwCleaner\AdwCleaner[R6].txt - [2233 Bytes] - [27/03/2017 02:04:38]
C:\AdwCleaner\AdwCleaner[R7].txt - [2490 Bytes] - [27/03/2017 07:59:18]
C:\AdwCleaner\AdwCleaner[R8].txt - [2353 Bytes] - [27/03/2017 17:23:12]
C:\AdwCleaner\AdwCleaner[S0].txt - [2927 Bytes] - [19/01/2014 00:44:02]
C:\AdwCleaner\AdwCleaner[S10].txt - [3217 Bytes] - [25/03/2017 18:27:02]
C:\AdwCleaner\AdwCleaner[S11].txt - [4503 Bytes] - [30/03/2017 00:25:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [9453 Bytes] - [29/02/2016 10:38:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [4063 Bytes] - [10/08/2016 20:27:15]
C:\AdwCleaner\AdwCleaner[S3].txt - [2475 Bytes] - [28/10/2015 16:26:52]
C:\AdwCleaner\AdwCleaner[S4].txt - [2475 Bytes] - [28/10/2015 16:28:40]
C:\AdwCleaner\AdwCleaner[S5].txt - [11453 Bytes] - [16/10/2016 01:11:30]
C:\AdwCleaner\AdwCleaner[S6].txt - [2621 Bytes] - [16/10/2016 19:40:54]
C:\AdwCleaner\AdwCleaner[S7].txt - [3257 Bytes] - [29/11/2016 00:09:54]
C:\AdwCleaner\AdwCleaner[S8].txt - [3168 Bytes] - [07/01/2017 02:33:17]
C:\AdwCleaner\AdwCleaner[S9].txt - [4319 Bytes] - [05/03/2017 20:32:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [4625 Bytes] ##########
 


  • 0

#53
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Process Explorer -

 

Process    PID    CPU    Private Bytes    Working Set    Description    Company Name    Verified Signer
System Idle Process    0    97.21    0 K    24 K            
firefox.exe    6552    0.91    387,388 K    402,432 K    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe    1792    0.49    63,760 K    81,292 K    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
procexp(1)64.exe    1552    0.43    31,876 K    49,464 K    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
dwm.exe    1596    0.38    33,964 K    53,028 K    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    n/a    0.31    0 K    0 K    Hardware Interrupts and DPCs        
csrss.exe    612    0.08    13,424 K    16,568 K            
System    4    0.08    212 K    2,688 K            
notepad.exe    6444    0.04    2,628 K    7,600 K    Notepad    Microsoft Corporation    (Verified) Microsoft Windows
procexp(1)64.exe    6980    0.04    30,764 K    49,228 K    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
MsMpEng.exe    1020    0.02    142,484 K    146,464 K    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Corporation
zipwhipw.exe    4736    0.01    140,952 K    109,976 K    Java™ Platform SE binary    Oracle Corporation    (Verified) Oracle America
rscp_bg.exe    3560    < 0.01    2,156 K    7,344 K    Reason Core Security Bundle Protection        (Verified) Reason Software Company Inc.
AppleMobileDeviceService.exe    2060    < 0.01    4,556 K    11,552 K    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
taskhost.exe    1588    < 0.01    23,428 K    20,604 K    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    5956    < 0.01    39,840 K    15,524 K    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    6768    < 0.01    13,852 K    8,516 K    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    1040    < 0.01    28,464 K    45,672 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    1240    < 0.01    18,804 K    19,808 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    4144    < 0.01    7,884 K    16,652 K            
svchost.exe    2196    < 0.01    7,972 K    14,528 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sftlist.exe    4208    < 0.01    9,912 K    21,268 K    Microsoft Application Virtualization Client Service    Microsoft Corporation    (Verified) Microsoft Corporation
nvvsvc.exe    1384    < 0.01    6,944 K    13,988 K            
svchost.exe    696    < 0.01    189,752 K    196,012 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    528    < 0.01    3,108 K    5,524 K            
WUDFHost.exe    6276        2,728 K    6,912 K            
wuauclt.exe    3940        2,844 K    7,480 K    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe    2472        4,872 K    8,524 K            
WmiPrvSE.exe    5832        3,684 K    7,396 K            
WLIDSVCM.EXE    4256        2,192 K    4,372 K            
winlogon.exe    684        3,792 K    8,192 K            
wininit.exe    628        2,064 K    5,068 K            
w3dbsmgr.exe    3492        87,776 K    28,136 K    Database Service Manager    Pervasive Software Inc.    (Verified) Sage Software
UpdaterService.exe    2288        1,308 K    4,120 K    Updater Service    Acer Incorporated    (Verified) Acer Incorporated
taskeng.exe    2824        3,312 K    7,432 K    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe    1960        3,156 K    7,072 K            
svchost.exe    956        6,692 K    10,460 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    1652        12,872 K    16,656 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    972        8,380 K    14,272 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    848        5,700 K    10,860 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    2256        3,656 K    8,592 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    3332        5,080 K    8,748 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    3444        1,748 K    4,268 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    3352        1,772 K    4,308 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    548        17,300 K    19,040 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    2156        6,876 K    12,504 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    1992        3,048 K    6,628 K    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sqlwriter.exe    488        2,908 K    7,292 K    SQL Server VSS Writer - 64 Bit    Microsoft Corporation    (Verified) Microsoft Corporation
sqlservr.exe    1572        55,664 K    2,612 K    SQL Server Windows NT    Microsoft Corporation    (Verified) Microsoft Corporation
sqlbrowser.exe    3136        1,672 K    4,512 K    SQL Browser Service EXE    Microsoft Corporation    (Verified) Microsoft Corporation
spoolsv.exe    1580        8,880 K    14,876 K    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
SplitCamService.exe    3096        11,664 K    6,936 K    SplitCam Service    SplitCam Co.    (Verified) OMT-LIDER
smss.exe    372        736 K    1,424 K            
sftvsa.exe    4048        1,728 K    5,196 K    Microsoft Application Virtualization Virtual Service Agent    Microsoft Corporation    (Verified) Microsoft Corporation
services.exe    704        8,324 K    13,616 K            
SeaPort.EXE    2080        4,592 K    9,664 K            
rsService.exe    3544        61,460 K    2,320 K    Reason Core Security Service    Reason Software Company Inc.    (Verified) Reason Software Company Inc.
rsLggr.exe    1956        2,072 K    528 K            
rscp_svc.exe    3520        1,736 K    5,156 K    Reason Core Security Bundle Protection        (Verified) Reason Software Company Inc.
RAVCpl64.exe    2880        10,292 K    12,228 K    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
PsiService_2.exe    3468        2,156 K    4,628 K    PsiService PsiService    arvato digital services llc    (Verified) Arvato Digital Services Canada Inc
procexp(1).exe    6564        2,676 K    7,848 K    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
procexp(1).exe    4840        2,684 K    6,364 K    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
NvXDSync.exe    1372        8,460 K    17,328 K            
nvvsvc.exe    916        3,524 K    8,400 K    NVIDIA Driver Helper Service, Version 267.33    NVIDIA Corporation    (Verified) NVIDIA Corporation
nvSCPAPISvr.exe    2844        2,512 K    5,852 K    Stereo Vision Control Panel API Server    NVIDIA Corporation    (Verified) NVIDIA Corporation
NisSrv.exe    5472        21,488 K    11,448 K    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Corporation
NetworkLicenseServer.exe    1884        15,612 K    20,052 K    ABBYY network license server    ABBYY Production LLC    (Verified) ABBYY Production LLC
msseces.exe    2920        7,256 K    15,296 K    Microsoft Security Client User Interface    Microsoft Corporation    (Verified) Microsoft Corporation
MSCamS64.exe    2488        5,812 K    10,092 K    MsCamSvc.exe    Microsoft Corporation    (Verified) Microsoft Corporation
mDNSResponder.exe    2128        2,804 K    6,436 K    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
mbamscheduler.exe    2328        4,952 K    10,140 K    Malwarebytes Anti-Malware    Malwarebytes    (Verified) Malwarebytes Corporation
lsm.exe    732        3,100 K    5,000 K            
lsass.exe    724        6,028 K    13,412 K    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
jusched.exe    3304        2,656 K    5,844 K    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
GREGsvc.exe    2228        1,136 K    3,708 K    Global Registration Service    Acer Incorporated    (Verified) Acer Incorporated
GoogleCrashHandler64.exe    2508        2,032 K    528 K            
GoogleCrashHandler.exe    2496        1,740 K    528 K            
DMREngine.exe    2960        5,300 K    1,340 K    DMREngine    CyberLink    (Verified) CyberLink
CVHSVC.EXE    1432        8,412 K    16,624 K            
clear.fiAgent.exe    2872        1,808 K    748 K    clear.fi Resident Program    CyberLink Corp.    (Verified) CyberLink
armsvc.exe    1500        1,344 K    4,216 K    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
AdobeARM.exe    6328        4,072 K    528 K            
acrotray.exe    3288        2,492 K    6,460 K    AcroTray    Adobe Systems Inc.    (Verified) Adobe Systems

 


  • 0

#54
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

FRST - Notepad -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Thomas (administrator) on THOMAS-PC (30-03-2017 02:10:43)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Loaded Profiles: Thomas (Available Profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsService.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Frontier Texting\java_vm\bin\zipwhipw.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Reason\Security\rsLggr.exe
(Sysinternals - www.sysinternals.com) C:\Users\Thomas\Documents\Software Programs\Process Explorer\procexp(1).exe
(Sysinternals - www.sysinternals.com) C:\Users\Thomas\AppData\Local\Temp\procexp(1)64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Run: [Frontier Texting] => C:\Program Files\Frontier Texting\Frontier Texting.lnk [1832 2016-11-08] ()
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
BootExecute: autocheck autochk * bootdeletebootdeletebootdeletebootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{95C5EA71-8623-416C-AAEC-D3AA4AF7581A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9612667B-16FF-47A2-8AC8-4084E6EAD0FB}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll No File

FireFox:
========
FF DefaultProfile: ixg7h6xy.default-1476596056535
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\vf9r2hzq.default [not found]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 [2017-03-30]
FF Homepage: Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 -> www.msn.com/
FF Extension: (AdBlocker for YouTube™) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\Extensions\[email protected] [2016-12-05]
FF Extension: (Site Deployment Checker) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\features\{ec85e9e5-61a9-4f62-884b-d3976b9e3ed7}\[email protected] [2017-03-24]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\embvo3sn.Default User [2017-03-30]
FF Homepage: Mozilla\Firefox\Profiles\embvo3sn.Default User -> hxxp://www.msn.com/
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-11-06]
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-06-30] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2364491048-255812346-798213191-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Thomas\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default [2017-03-30]
CHR Extension: (Google Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Flash Video Downloader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-26]
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MagMouse) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\biofinbccickkakhihdmkafjniganmee [2016-10-03]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Google Hangouts) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Video DownloadHelper) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-21]
CHR Extension: (Aimersoft Video Converter Ultimate) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb [2015-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]
CHR HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-09-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-01-20] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-04-06] (Pervasive Software Inc.)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-03-29] ()
R2 rsService; C:\Program Files\Reason\Security\rsService.exe [198424 2017-03-13] (Reason Software Company Inc.)
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [321064 2016-10-19] (SplitCam Co.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ESGIGUARD; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2016-11-29] ()
S3 ESGSCANNER; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [23112 2017-03-29] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2016-08-02] (Windows ® Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37600 2016-08-02] (Windows ® Win 7 DDK provider)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-26] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 00:18 - 2017-03-30 00:18 - 04089296 _____ C:\Users\Thomas\Downloads\AdwCleaner(4).exe
2017-03-29 20:22 - 2017-03-29 20:22 - 00001978 _____ C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
2017-03-29 20:22 - 2017-03-29 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
2017-03-29 20:22 - 2017-03-29 20:22 - 00000000 ____D C:\Program Files\Hitman Pro 3.5
2017-03-29 20:02 - 2017-03-29 20:02 - 00000779 _____ C:\Users\Thomas\Documents\03-29-17-4.txt
2017-03-29 19:36 - 2017-03-29 19:36 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 37x Patchrar.exe
2017-03-29 19:24 - 2017-03-29 19:24 - 01388544 _____ C:\Users\Thomas\Downloads\Hitman Pro 3715 Build 281 x64 Crack [4realtorrentz]zip.exe
2017-03-29 19:17 - 2017-03-29 19:17 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 3718 Build 283rar.exe
2017-03-29 19:09 - 2017-03-29 19:09 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 3715 Build 281 Patch is Here [LATEST].exe
2017-03-29 18:44 - 2017-03-29 20:21 - 00000000 ____D C:\ProgramData\Hitman Pro
2017-03-29 17:46 - 2017-03-29 17:46 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\Downloads\HitmanPro_x64(2).exe
2017-03-29 17:38 - 2017-03-29 17:38 - 09741664 _____ (SurfRight B.V.) C:\Users\Thomas\Downloads\HitmanPro_x64(1).exe
2017-03-29 16:36 - 2017-03-29 16:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\uSeRiNiT.exe
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task 1
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task 0
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task
2017-03-29 15:50 - 2017-03-29 15:50 - 00000000 ____D C:\ProgramData\Reason
2017-03-29 15:49 - 2017-03-29 15:49 - 00003540 _____ C:\Windows\System32\Tasks\Reason Core Security Scheduled Scan
2017-03-29 15:49 - 2017-03-29 15:49 - 00003406 _____ C:\Windows\System32\Tasks\Reason Core Security
2017-03-29 15:49 - 2017-03-29 15:49 - 00001102 _____ C:\Users\Thomas\Desktop\Reason Core Security.lnk
2017-03-29 15:49 - 2017-03-29 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-03-29 15:48 - 2017-03-29 15:48 - 00000000 ____D C:\Program Files\Reason
2017-03-29 15:46 - 2017-03-29 15:46 - 07141600 _____ (Reason Software Company Inc.) C:\Users\Thomas\Downloads\reason-core-security-setup.exe
2017-03-29 15:05 - 2017-03-29 15:05 - 00000487 _____ C:\Users\Thomas\Documents\03-29-17-3.txt
2017-03-29 15:04 - 2017-03-29 15:04 - 00000041 _____ C:\Users\Thomas\Documents\03-29-17-2.txt
2017-03-29 15:00 - 2017-03-30 00:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-29 14:57 - 2017-03-30 00:00 - 00000000 ____D C:\Users\Thomas\Desktop\mbar
2017-03-29 14:56 - 2017-03-29 14:56 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001(1).exe
2017-03-29 11:51 - 2017-03-29 11:51 - 00000101 _____ C:\Users\Thomas\Documents\03-29-17-1.txt
2017-03-29 11:38 - 2017-03-29 11:39 - 00000000 ____D C:\Users\Thomas\AppData\Local\microlabs
2017-03-29 08:58 - 2017-03-29 08:58 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001(1).zip
2017-03-29 08:53 - 2017-03-29 08:53 - 00448512 _____ (OldTimer Tools) C:\Users\Thomas\Downloads\TFC(1).exe
2017-03-29 08:32 - 2017-03-29 08:32 - 06705178 _____ C:\Users\Thomas\Downloads\mbam-chameleon-3.1.33.0.zip
2017-03-29 02:24 - 2017-03-29 02:24 - 00000783 _____ C:\Users\Thomas\Documents\03-29-17.txt
2017-03-29 01:27 - 2017-03-29 01:27 - 41764120 _____ (IObit ) C:\Users\Thomas\Downloads\imfv5-setup.exe
2017-03-29 01:21 - 2017-03-29 01:21 - 46510120 _____ (IObit ) C:\Users\Thomas\Downloads\IObit-Malware-Fighter-Setup
2017-03-29 01:19 - 2017-03-29 01:19 - 00211213 _____ C:\Users\Thomas\Downloads\imf-offline-db1635.zip
2017-03-29 00:39 - 2017-03-29 00:41 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 00:28 - 2017-03-29 00:33 - 55566792 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-03-28 16:44 - 2017-03-28 16:44 - 00000782 _____ C:\Users\Thomas\Documents\03-28-17-3.txt
2017-03-28 16:30 - 2017-03-28 16:30 - 00003075 _____ C:\Users\Thomas\Downloads\fixlist.txt
2017-03-28 15:32 - 2017-03-28 15:32 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill64.exe
2017-03-28 14:56 - 2017-03-29 13:13 - 00000348 _____ C:\Users\Thomas\Documents\03-28-17-2.txt
2017-03-28 13:18 - 2017-03-28 13:18 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64(1).exe
2017-03-28 11:57 - 2017-03-28 11:57 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Thomas\Downloads\procexp(1).exe
2017-03-28 11:03 - 2017-03-28 11:03 - 00000900 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-03-28 11:03 - 2017-03-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-03-28 11:02 - 2017-03-28 11:03 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-03-28 10:59 - 2017-03-28 11:01 - 243565384 _____ (Emsisoft Ltd. ) C:\Users\Thomas\Downloads\EmsisoftAntiMalwareSetup.exe
2017-03-28 09:03 - 2017-03-28 09:03 - 49405136 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\Windows-KB890830-x64-V5.46.exe
2017-03-28 08:47 - 2017-03-28 10:53 - 00000228 _____ C:\Users\Thomas\Documents\03-28-17-1.txt
2017-03-28 03:34 - 2017-03-28 03:34 - 00000000 ____D C:\VIPRERESCUE
2017-03-28 03:30 - 2017-03-28 03:33 - 315179008 _____ C:\Users\Thomas\Downloads\VIPRERescue.exe
2017-03-28 03:07 - 2017-03-28 03:07 - 00023197 _____ C:\Users\Thomas\Documents\03-28-17.txt
2017-03-28 03:03 - 2017-03-28 03:03 - 00023197 _____ C:\Windows\system32\0
2017-03-28 02:54 - 2017-03-28 02:55 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001.zip
2017-03-27 17:22 - 2017-03-27 17:22 - 00001324 _____ C:\AdwCleaner[R3].txt
2017-03-27 16:36 - 2017-03-27 16:36 - 00000700 _____ C:\Users\Thomas\Documents\03-27-17.txt
2017-03-27 10:55 - 2017-03-27 10:56 - 00059427 _____ C:\Users\Thomas\Downloads\Addition.txt
2017-03-27 10:53 - 2017-03-27 10:56 - 00079814 _____ C:\Users\Thomas\Downloads\FRST.txt
2017-03-27 10:52 - 2017-03-30 02:10 - 00000000 ____D C:\FRST
2017-03-27 10:52 - 2017-03-27 10:52 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.scr
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(4).exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).com
2017-03-27 09:12 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Desktop\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 09:11 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 07:58 - 2017-03-27 07:58 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner (5).exe
2017-03-27 02:58 - 2017-03-27 02:58 - 00002407 _____ C:\Users\Thomas\Desktop\RKreport[5]_D_03272017_02d0258.txt
2017-03-27 02:58 - 2017-03-27 02:58 - 00002364 _____ C:\Users\Thomas\Desktop\RKreport[4]_S_03272017_02d0258.txt
2017-03-27 02:56 - 2017-03-27 02:56 - 00002710 _____ C:\Users\Thomas\Desktop\RKreport[3]_D_03272017_02d0256.txt
2017-03-27 02:55 - 2017-03-27 02:55 - 00002718 _____ C:\Users\Thomas\Desktop\RKreport[2]_S_03272017_02d0255.txt
2017-03-27 02:54 - 2017-03-27 02:54 - 00002681 _____ C:\Users\Thomas\Desktop\RKreport[1]_S_03272017_02d0254.txt
2017-03-27 01:52 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Desktop\tdsskiller(1).exe
2017-03-27 01:52 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe
2017-03-27 01:51 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Desktop\mbar-1.09.3.1001.exe
2017-03-27 01:49 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001.exe
2017-03-27 00:19 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Downloads\tdsskiller(1).exe
2017-03-26 22:54 - 2017-03-26 22:54 - 00001387 _____ C:\AdwCleaner[R2].txt
2017-03-26 22:51 - 2017-03-30 01:21 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2017-03-26 21:02 - 2017-03-28 02:08 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-26 21:01 - 2017-03-26 22:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000862 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-26 21:00 - 2017-03-26 21:01 - 35109888 _____ (Adlice Software ) C:\Users\Thomas\Downloads\setup.exe
2017-03-26 20:59 - 2017-03-29 01:11 - 00000000 ____D C:\Users\Thomas\Desktop\RK_Quarantine
2017-03-26 19:30 - 2017-03-30 02:10 - 00051042 _____ C:\Windows\ZAM.krnl.trace
2017-03-26 19:30 - 2017-03-30 02:10 - 00020530 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Users\Thomas\AppData\Local\Zemana
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-26 19:28 - 2017-03-26 19:29 - 05740956 _____ (Zemana Ltd. ) C:\Users\Thomas\Downloads\eXplorer(1).exe
2017-03-26 19:19 - 2017-03-26 19:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\RKill_2.8.2.0.com
2017-03-26 19:18 - 2017-03-26 19:18 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).exe
2017-03-26 19:09 - 2017-03-26 19:09 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).exe
2017-03-26 18:43 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\iExplore.exe
2017-03-26 18:42 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\iExplore.exe
2017-03-26 18:32 - 2017-03-26 18:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\eXplorer.exe
2017-03-26 18:29 - 2017-03-26 18:30 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).com
2017-03-26 18:26 - 2017-03-26 18:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(1).exe
2017-03-26 18:24 - 2017-03-26 18:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\Tom-fix.exe
2017-03-26 18:22 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.exe
2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex
2017-03-25 18:23 - 2017-03-25 18:24 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner(3).exe
2017-03-25 18:21 - 2017-03-25 18:21 - 00001234 _____ C:\AdwCleaner[R1].txt


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 01:48 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 01:48 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-30 01:41 - 2016-11-18 10:18 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2017-03-30 01:39 - 2015-04-02 17:24 - 00000000 ____D C:\Program Files\Frontier Texting
2017-03-30 01:39 - 2012-06-30 12:25 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-30 01:39 - 2011-11-10 19:10 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-30 01:38 - 2014-03-28 05:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job
2017-03-30 01:38 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-30 01:14 - 2012-06-29 22:08 - 00000000 ____D C:\Users\Thomas
2017-03-30 00:45 - 2012-07-04 00:19 - 00000000 ____D C:\Users\Thomas\Documents\My Stuff
2017-03-30 00:36 - 2014-01-19 00:37 - 00000000 ____D C:\AdwCleaner
2017-03-30 00:20 - 2012-06-29 22:57 - 00000000 ____D C:\Users\Thomas\Documents\Software Programs
2017-03-30 00:04 - 2014-04-30 01:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 23:45 - 2014-04-30 01:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-29 23:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SchCache
2017-03-29 23:19 - 2016-05-21 22:05 - 00001057 _____ C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2017-03-29 23:19 - 2016-05-21 22:05 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Vso
2017-03-29 20:48 - 2012-07-01 20:50 - 00000000 ____D C:\Users\Thomas\Documents\ConvertXToDVD
2017-03-29 20:48 - 2009-07-14 01:13 - 00852428 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-29 20:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-29 20:22 - 2013-01-07 03:15 - 00023112 _____ C:\Windows\system32\Drivers\hitmanpro35.sys
2017-03-29 19:58 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032917-38703-01.dmp
2017-03-29 19:58 - 2012-09-23 23:22 - 00000000 ____D C:\Windows\Minidump
2017-03-29 19:56 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-32261-01.dmp
2017-03-29 19:54 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-34476-01.dmp
2017-03-29 19:53 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032917-35599-01.dmp
2017-03-29 19:40 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-73476-01.dmp
2017-03-29 19:32 - 2016-01-15 15:16 - 00002046 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00002044 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00002034 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-29 19:15 - 2012-06-30 02:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-29 16:41 - 2016-10-15 22:56 - 00000002 _____ C:\Users\Thomas\Desktop\Rkill.txt
2017-03-29 16:02 - 2013-03-24 02:41 - 00000000 ____D C:\Program Files (x86)\Replay Video Capture 6
2017-03-29 01:50 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-29125-01.dmp
2017-03-29 01:47 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-27034-01.dmp
2017-03-29 01:45 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-30685-01.dmp
2017-03-29 01:43 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-26707-01.dmp
2017-03-29 01:41 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-32042-01.dmp
2017-03-29 01:38 - 2016-06-28 09:20 - 00000194 _____ C:\Windows\system32\.crusader
2017-03-28 20:14 - 2016-10-19 19:59 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Adblock Plus for IE
2017-03-28 18:51 - 2012-07-06 20:26 - 00000000 ____D C:\Users\Thomas\Documents\My Streaming Media
2017-03-28 16:40 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-34398-01.dmp
2017-03-28 16:05 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032817-31715-01.dmp
2017-03-28 16:04 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-42713-01.dmp
2017-03-28 14:41 - 2015-04-26 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 13:39 - 2015-03-26 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-27 16:47 - 2009-07-14 01:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-27 08:00 - 2012-07-01 14:03 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2017-03-26 17:37 - 2012-08-05 21:25 - 00000000 ____D C:\ProgramData\ThumbsPlus
2017-03-26 15:20 - 2012-08-05 19:09 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\ThumbsPlus
2017-03-25 18:32 - 2016-01-15 15:26 - 00000000 ___RD C:\Users\Thomas\Google Drive
2017-03-25 14:27 - 2011-07-20 09:02 - 00000000 ___HD C:\OEM
2017-03-21 19:24 - 2016-05-17 23:35 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-21 19:24 - 2016-05-17 23:35 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-21 19:24 - 2014-09-02 07:08 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2017-03-21 19:24 - 2011-07-20 08:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-21 12:07 - 2014-08-25 18:55 - 00005052 _____ C:\Windows\DUNZLOG.TXT
2017-03-20 23:48 - 2011-05-10 17:15 - 00000000 ____D C:\Users\Thomas\Documents\Adult
2017-03-19 04:57 - 2012-07-16 11:42 - 00000000 ____D C:\Users\Thomas\AppData\Local\ElevatedDiagnostics
2017-03-18 08:25 - 2017-02-27 13:14 - 00004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-17 12:49 - 2013-01-01 03:06 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Smilebox
2017-03-11 15:17 - 2012-07-04 22:20 - 00000000 ____D C:\Users\Thomas\Documents\My Scans
2017-03-09 21:40 - 2012-09-03 12:07 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 21:40 - 2012-09-03 12:07 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-02 08:19 - 2014-12-27 00:32 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-02 08:19 - 2014-12-27 00:31 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== Files in the root of some directories =======

2014-11-13 08:30 - 2014-11-13 08:30 - 6000640 _____ () C:\Program Files (x86)\GUT5B97.tmp
2017-02-26 19:16 - 2017-02-26 19:24 - 7680000 _____ () C:\Program Files (x86)\GUT849B.tmp
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Amp
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Reduction
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\BookService
2016-05-20 15:33 - 2016-05-21 20:48 - 0099384 _____ () C:\Users\Thomas\AppData\Roaming\inst.exe
2013-03-02 18:55 - 2013-03-02 18:55 - 0000082 _____ () C:\Users\Thomas\AppData\Roaming\mbam.context.scan
2016-05-18 18:14 - 2016-05-21 20:48 - 0007859 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.cat
2016-05-18 18:14 - 2016-05-21 20:48 - 0001167 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.inf
2016-05-18 18:14 - 2016-05-21 20:48 - 0000055 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.log
2016-05-18 18:14 - 2016-05-21 20:48 - 0082816 _____ (VSO Software) C:\Users\Thomas\AppData\Roaming\pcouffin.sys
2014-09-03 17:00 - 2014-09-03 17:00 - 35123384 _____ (VSO Software                                                ) C:\Users\Thomas\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2016-05-21 22:05 - 2017-03-29 23:19 - 0001057 _____ () C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2015-05-20 18:10 - 2017-01-09 23:07 - 0014848 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-14 23:07 - 2016-10-14 23:09 - 0000003 _____ () C:\Users\Thomas\AppData\Local\run1.txt
2013-01-12 18:20 - 2013-01-12 18:20 - 2250054 _____ () C:\ProgramData\1.bmp
2013-01-12 18:19 - 2013-01-12 18:19 - 0444366 _____ () C:\ProgramData\1.jpg
2011-11-10 19:29 - 2011-11-10 19:31 - 0014756 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Breath Pad
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Brother
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Bubble Noise
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Classical
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Clips
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\ColorSync
2012-06-30 18:14 - 2013-10-16 14:30 - 0002719 _____ () C:\ProgramData\hpzinstall.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-05 21:35 - 2014-02-05 21:37 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-05 21:35 - 2014-02-05 21:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
2017-03-29 16:35 - 2017-03-29 16:35 - 0040960 _____ () C:\Users\Thomas\AppData\Local\Temp\abde0p7s.dll
2017-03-29 01:12 - 2016-09-09 14:23 - 1732864 _____ (Microsoft Corporation) C:\Users\Thomas\AppData\Local\Temp\dllnt_dump.dll
2017-03-30 01:23 - 2017-03-29 17:46 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro.exe
2017-03-29 17:39 - 2017-03-29 17:40 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro_x64(1).exe
2017-03-29 17:41 - 2017-03-29 17:42 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro_x64.exe
2017-03-30 02:03 - 2017-03-30 02:03 - 1452200 _____ (Sysinternals - www.sysinternals.com) C:\Users\Thomas\AppData\Local\Temp\procexp(1)64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 05:14

==================== End of FRST.txt ============================


  • 0

#55
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Additional - Notepad -

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Thomas (30-03-2017 02:12:42)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-30 02:08:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2364491048-255812346-798213191-500 - Administrator - Disabled)
Guest (S-1-5-21-2364491048-255812346-798213191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2364491048-255812346-798213191-1006 - Limited - Enabled)
Thomas (S-1-5-21-2364491048-255812346-798213191-1001 - Administrator - Enabled) => C:\Users\Thomas
UpdatusUser (S-1-5-21-2364491048-255812346-798213191-1000 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0708.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Active WebCam (HKLM-x32\...\Active WebCam) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version:  - Aimersoft Software)
Aimersoft Helper Compact 2.5.0 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.0 - Aimersoft)
Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software)
AlignmentUtility (x32 Version: 19.00.0000 - UPS) Hidden
Animated GIF producer 5.0 TRIAL (HKLM-x32\...\Animated GIF producer 5.0 TRIAL_is1) (Version:  - AVLAN Design)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Barcode Generator version 02.10.10 (HKLM-x32\...\{4E846FBC-F6B3-4767-A0DF-C38D8CD0E13D}_is1) (Version: 02.10.10 - Aurora3D Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
C5500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCC (x32 Version: 19.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.1720.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7713 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.01.3500 - Acer Incorporated)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Identifier (HKLM-x32\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.2 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.201 - Seagate)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FormsComponent (x32 Version: 19.00.0000 - UPS) Hidden
FOSS (x32 Version: 19.00.0000 - UPS) Hidden
Frontier Texting (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Frontier Texting) (Version: 2.5.0b3 - Zipwhip Inc.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hitman Pro 3.5 (HKLM\...\HitmanPro35) (Version: 3.5.9.125 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
iCare Data Recovery Pro (HKLM-x32\...\{F7EAB243-4D0C-47F5-A4F1-74D350E45489}_is1) (Version: 7.6 - iCare Recovery)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 19.00.0000 - UPS)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Inpaint 5.0 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.117 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.5.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.0 - )
Machete Lite 3.8 (HKLM-x32\...\{CBA55866-5332-4E19-867F-30F7E22E9F1E}) (Version: 3.8.33 - MacheteSoft)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.0.5 (HKLM-x32\...\ManyCam) (Version: 5.0.5 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MKVToolNix 8.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
MSIChecker (x32 Version: 19.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NA1Messenger (x32 Version: 19.00.0000 - Your Company Name) Hidden
Nero 2016 (HKLM-x32\...\{4297E807-5633-466A-8AC0-5AC48D310471}) (Version: 17.0.02000 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
NetObjects Fusion 10.0 (HKLM-x32\...\{ECC8CC4E-2291-438F-9601-C8A6BFBA0880}) (Version: 10.0 - )
NetObjects Fusion 11.0 (HKLM-x32\...\{1BD687EB-C093-4BA5-B336-AEF08C314921}) (Version: 11.0 - )
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Nikon View 6 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version:  - )
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NRF (x32 Version: 19.00.0000 - UPS) Hidden
NVIDIA Graphics Driver 267.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6733 - NVIDIA Corporation)
Peachtree Accounting 2010 (x32 Version: 17.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2010 (HKLM-x32\...\InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}) (Version: 17.00.00 - Sage Software, Inc.)
Peachtree Pro Accounting 2010 (HKLM-x32\...\Peachtree Pro Accounting) (Version:  - )
PeachTree Signature Ready Forms (x32 Version: 6.7.4 - Sage Software SB, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pervasive PSQL v10.10 Workgroup (32-bit) (x32 Version: 10.12.025 - Pervasive Software) Hidden
Photo Collage Creator 3.61 (HKLM-x32\...\Photo Collage Creator_is1) (Version:  - AMS Software)
PhotoScissors 3.0 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version:  - teorex)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PolicyManager (x32 Version: 19.00.0000 - UPS) Hidden
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
PS_AIO_04_C5500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 2.1.0.9 - Reason Software Company Inc.)
Reconciler (x32 Version: 19.00.0000 - UPS) Hidden
Replay Media Catcher 4 (4.3.0) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.0 - Applian Technologies)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
RogueKiller version 12.10.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.1.0 - Adlice Software)
Sage Message Center (x32 Version: 2.00.0000 - Sage Software Inc.) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.18656 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Smilebox (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SplitCam (HKLM-x32\...\SplitCam) (Version: 7.5.3.2 - SplitCam Co)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1006 - SUPERAntiSpyware.com)
SupportUtility (x32 Version: 19.00.0000 - UPS) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System (x32 Version: 19.00.0000 - UPS) Hidden
ThumbsPlus (HKLM-x32\...\ThumbsPlus) (Version:  - Cerious Software Inc.)
ThumbsPlus (x32 Version: 8.1.0.3537 - Cerious Software Inc.) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.5.1 - Tweaking.com)
UnifiedPrinting (x32 Version: 19.00.0000 - UPS) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 19.0 - UPS)
UPSDB (x32 Version: 19.00.0000 - UPS) Hidden
UPSICC (x32 Version: 19.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 19.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVC2013MM (x32 Version: 19.00.0000 - Your Company Name) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Web Easy Professional (HKLM-x32\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.1 - Avanquest)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 19.00.0000 - UPS)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3502 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinX Free FLV to AVI Converter 4.1.10 (HKLM-x32\...\WinX Free FLV to AVI Converter_is1) (Version:  - Digiarty Software,Inc.)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Wondershare Photo Collage Studio 4.2.12.13 (HKLM-x32\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.12.13 - Wondershare Software Co.,Ltd.)
Wondershare Video Editor(Build 4.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
WorldShip (x32 Version: 19.00.0000 - UPS) Hidden
WSShared (x32 Version: 19.00.0000 - UPS) Hidden
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2364491048-255812346-798213191-1001_Classes\CLSID\{8AE44FFE-BF0D-085D-33DC-93B2E248BF89}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16DAEEF1-75E7-4967-A0AB-639073B50045} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff9880ae2cc6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {23177269-9013-451C-8386-C179F89D9EF2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {308FD6D4-4710-4B08-958E-FB8E8207AB69} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.)
Task: {30D563EB-3867-4832-BFA7-64DBE08DDE52} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.)
Task: {35019353-69F0-4746-BE54-767EC85E237A} - System32\Tasks\RCS Updater Task => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {4C49873D-9FA8-44D9-9FD3-69F404A3DB13} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4E052D3B-423D-4CE5-9A57-2C9CA78EF7FD} - System32\Tasks\{1390CD58-C961-4F8A-9697-BC0F2EA7DE28} => pcalua.exe -a "C:\Users\Thomas\Documents\Software Programs\NetObjects-10\NetObjectsFusion.exe" -d "C:\Users\Thomas\Documents\Software Programs\NetObjects-10"
Task: {4E275314-7276-4B2E-9C86-555EDAA12582} - System32\Tasks\RCS Updater Task 1 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {67EFCEAA-3903-4A4D-B5AD-7373C6C4BDF8} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {6F64FB0E-FDD2-47D6-8BC4-ED656B932489} - System32\Tasks\{2666C777-E13A-4E21-A384-401634CFE18B} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Uninst.isu" -c"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\uninst.dll"
Task: {723BB62B-9A9A-4863-A61B-663D2EE58991} - System32\Tasks\{7EC91944-1AE2-4040-A2D5-A5C2808F1330} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {74670948-AC2F-402F-994D-9F6CBC2AA903} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {8B0DEE79-BA34-4030-8278-D24541977994} - System32\Tasks\{2344072B-ABA6-4FD7-883D-7937D39C1457} => pcalua.exe -a C:\UPS\WSTD\FOSS\Drivers\Eltron\Setup.exe -d C:\UPS\WSTD\FOSS\Drivers\Eltron
Task: {A9846488-A41D-4418-B486-6D294D30EC95} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a74d539a8c8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AFCA692E-354B-4832-9DBB-5B74505380B4} - System32\Tasks\RCS Updater Task 0 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {C2BB3B62-DF0B-48AB-A762-92DD0030BE9B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C41F54D2-3C66-4BDB-A255-34304978D1AB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-18] (Adobe Systems Incorporated)
Task: {D4CAA19A-0D42-46EB-8D2F-EAE5E9F02170} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {D529A07A-6B47-4D71-A819-348965BCAF8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DDDA45C2-04B6-42BC-A39A-CA370EDDF848} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {F362E5F4-6301-4F1F-8282-95E4892457E2} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-29 15:50 - 2017-03-29 15:51 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2016-05-25 08:38 - 2016-05-25 08:38 - 00129304 _____ () C:\Program Files\Reason\Security\x64\lz4_x64.dll
2017-03-29 15:50 - 2017-03-29 15:51 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2017-03-13 12:59 - 2017-03-13 12:59 - 00582936 _____ () C:\Program Files\Reason\Security\rsLggr.exe
2011-05-20 15:13 - 2011-05-20 15:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Thomas\Downloads\Kristin.mp3:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Classes\.scr: scrfile =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\paypal.com -> hxxps://www.paypal.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-23 20:50 - 2017-03-30 01:39 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: KSS => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkvMon.exe.lnk => C:\Windows\pss\NkvMon.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\Windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\Windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Thomas\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSUpdater => C:\UPS\WSTD\CF\WorldShipCF.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45C8A10F-2FF6-4D87-9665-A22AA70DAFBE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5A6E31E7-15DB-46D0-A20F-83457C526220}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{7AC4E3B6-169A-48D9-B967-70426B56DA30}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{1E6E2D4E-065E-4520-9DC6-6F991CCA8F9A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{366BAA21-74FF-447B-A5B0-0312692B5248}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{C7C78C39-A8FC-450B-B43C-6BCCBCD1E393}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{65105041-EB2C-431D-A588-EAA1687AF13B}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{6DF34829-2052-411A-A409-DCF8515CB7E6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{E49C7DC5-2AA2-4A92-BA1C-860F80B776D3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{FD1EA280-CACF-4175-8956-ED5A7B499485}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B4E2B11A-34CC-4826-980A-F157FB9C9EBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B88A86A5-2E99-4AAE-AB1C-872773AA7CB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D189DE28-0637-49E9-8808-9F48A29FFB84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FE67D766-DB21-4300-B80D-73EBF3F6F511}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1778FE0A-21FD-4A3C-9DF4-CC84403D2B76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{599E24F9-7BAB-4775-8D32-30556677CE6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{27BB0359-BE57-4044-AB4D-5DF6E43E0242}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{FB7511B2-9303-43E6-B280-9040098AA7A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E6B43D01-A3E8-4DD5-A090-065E48BC3585}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BEBE3EA8-5B9D-41AB-B074-7D3DDE7431A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17DCEE9C-6EB0-4DC3-9D3D-542916B1FD28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8FCFEBB4-6277-4089-A4EB-521F4F658940}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5AF32E7F-B313-4DFF-B331-5FC01A08425C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{82E35F61-DFE4-4F6C-8B70-3148250200D8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{B47E290C-5BA9-4FA9-95E9-096114153501}] => (Allow) LPort=1583
FirewallRules: [{AD894820-7BE5-42E4-A900-4FEE755FB2A2}] => (Allow) LPort=3351
FirewallRules: [{0B6E2700-DBB1-4EEB-9BA4-BBAA97B541C7}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{52FB2E7C-C939-47C8-B866-8F708B98A8F1}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{D39BCF72-91E1-4BD9-A04E-8C0C4D93D335}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{293BB0BE-8B5D-41AC-B233-BE830533AE81}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{87431AE6-8CA2-4656-B068-74467066863F}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{5E6362D6-5FA8-4841-80E6-687C6BA6032D}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{17CF3A75-C8A4-4791-8B6E-6DE1759CE312}] => (Allow) LPort=1434
FirewallRules: [{2D2BCF6A-1BD7-4E59-9133-3F7D009AD963}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AEFCA8D9-F3F1-4F98-9372-3651BD85D00B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5C4A0B7F-B5F2-4C7B-8542-08D570395B76}] => (Allow) C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3D592120-01B1-4E2D-9A9B-DAC2E8DC99C0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55DF9532-74EA-4F31-AD6B-510DA628093D}] => (Allow) LPort=2869
FirewallRules: [{590C98E9-8822-466C-98B1-BAAEB4F71B06}] => (Allow) LPort=1900
FirewallRules: [{0D1A9D6D-9F5E-4105-BC28-022FBF659872}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C20FEF1C-B44F-4550-8087-A513B61FBB11}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{38AF9D53-9A1F-4E97-B02B-BC2A8F36DC81}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{B1B345D7-055D-42FF-B5AE-D37CB1DD63E2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C633F96C-705D-43E6-9F7C-B03F1E8BDCB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67E4D9F7-4DD8-4A6E-B0BF-045D41A88C11}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DA1752BB-7B99-4039-B470-E7FADB567F7A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{AE419300-E45A-44E8-8CD4-34BC4282CB2E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{571321D2-9FDC-4219-8290-2D1496EC6CDE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E88C24E9-5795-4C46-9A4D-A59E41346B27}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{785509E7-0966-49A9-B375-8AFBF2248235}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B809CFE2-8646-445B-91C0-3AB7AF0F4F9F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{48C14C6A-6AF0-4B77-8D04-01CB24570FCC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F466404D-F4B7-43BC-BE29-7F6D9E579340}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8DA4B46-4C86-413F-AE6C-FB0075C31146}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FEC0336-AF8C-4BCA-9305-3823AA5F81D6}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4AFB8BA6-8B1C-445F-ACD4-72B0764EFAB4}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD562C63-0906-4A40-8E14-9F77EB8C1695}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0B69772-23A2-4209-8C9C-547642F4AB2F}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{47496406-FABC-4D17-9F72-3391033C7D00}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{94D63014-325E-4A2E-99C0-BFA5DBAAF377}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [{B36EBC99-CF4F-4468-B9F3-6481CAFA0800}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DA7E325-DB82-4D35-A13E-C6EC0531B70B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{183AC061-1226-4819-A26C-354CFEAC87E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA7021D9-8A87-4B3E-9C27-794E2A343A15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18FC8F30-6C60-4D0F-BD86-B61C4B646CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{114A5DB6-5A6D-4A0F-8439-48E0E752A758}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE9BBE7A-3CA8-493A-9CD9-C5A40BBB0075}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{227A64CB-5D9D-4F53-9E14-E2219B21B57F}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{442CD5BD-7417-46A0-B9A9-C53B7373B572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{5C590FFE-4D6E-4415-B9A1-A217CF204CBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1DAEA779-2A80-418E-AC16-33B909C593CC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{40F9D36A-B07E-414D-9F49-BBA4B215175D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

26-03-2017 12:12:08 Installed WeatherBuddy
27-03-2017 03:02:43 Manual Restore
28-03-2017 18:01:35 Windows Update
29-03-2017 11:46:58 Manual Restore
29-03-2017 11:57:18 Restore Point Created by FRST
29-03-2017 16:54:17 Malwarebytes Anti-Rootkit Restore Point
29-03-2017 18:38:21 Checkpoint by HitmanPro
29-03-2017 18:39:51 Checkpoint by HitmanPro
29-03-2017 23:26:00 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2017 01:49:29 AM) (Source: ESENT) (EventID: 604) (User: )
Description: rsUI (3256) Locale ID 0x00000409 (English (United States) English) is either invalid or not installed on this machine.

Error: (03/30/2017 01:40:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 01:40:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Thomas\Desktop\esetsmartinstaller_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/30/2017 01:21:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x70c
Faulting application start time: 0x01d2a9141afd86a8
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: bc6780d2-1508-11e7-bd5f-3860773e2656

Error: (03/30/2017 01:13:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 12:52:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 12:49:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 12:45:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 12:02:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7601.18917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a8c

Start Time: 01d2a90a4e7e80ee

Termination Time: 0

Application Path: C:\Windows\system32\NOTEPAD.EXE

Report Id: a61eac6c-14fd-11e7-b109-3860773e2656

Error: (03/29/2017 11:30:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/30/2017 01:22:27 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/30/2017 01:19:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/30/2017 01:19:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/30/2017 01:17:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (03/30/2017 01:12:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Reason Core Security Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/30/2017 01:12:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Reason Core Security Service service to connect.

Error: (03/30/2017 12:51:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/30/2017 12:51:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (03/30/2017 12:49:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
The authentication service is unknown.

Error: (03/30/2017 12:49:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
A system shutdown is in progress.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8172.25 MB
Available physical RAM: 5476.76 MB
Total Virtual: 16342.68 MB
Available Virtual: 13312.3 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:923.45 GB) (Free:25.55 GB) NTFS
Drive d: (DATA) (Fixed) (Total:923.47 GB) (Free:923.05 GB) NTFS
Drive f: (Toshiba Ext HDD) (Fixed) (Total:931.51 GB) (Free:915.11 GB) NTFS
Drive o: (Elements) (Fixed) (Total:2794.52 GB) (Free:43.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C23FF5DB)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 37F19006)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#56
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Windows Installer

The feature you are trying to use is on a
network resource that is unavailable

Click OK to try again, or enter an alternate path to a
folder containing the installation package
"Shredder64.msi" in the box below.

C:\Users\Administrator\AppData\Local\Downloaded Installations\
{45DE3BB5-15C7-489B-458F80-82349413953E}

 

This is still happening once in a while when I right click on something to open or copy - this box comes up first - do you know why this is happening?

So other than not being able to enter into Safe Mode via F8 this issue is the only thing that I've found not totally fixed as of now.

 

(I probably don't know what I'm talking about with regards to the F8/Safe Mode issue, but could all those flashes of blue screens been part of this? I know I saw the word BIOS several times - could the boot order have been changed?)


  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

See if you can delete these two:

 

2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex

 

Second one is a folder

 

Appears the hidden service was HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [16b504cb6048a2942693c9b3d829c53b]

 
This doesn't show up in FRST.
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

  • 0

#58
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Re:

2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex

 

Files have been deleted...

 

Windows System and Application Logs have been cleared...

 

sfc / scannow completed - Windows Resource Protection did not find any integrity violations.

 

Downloaded and attempted to run Event Viewer with issues - Notepad cannot find the C:\VEW.txt file - tried to run 3 X's without success, notepad opens up empty/void of text


  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP

Did you remember to run VEW by right clicking and Run As Admin?  Normally you get a different error if you forget but VEW can't write to C:\ unless it has admin rights.


  • 0

#60
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/03/2017 11:09:08 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/03/2017 1:53:21 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 20.

Log: 'System' Date/Time: 30/03/2017 12:57:13 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/03/2017 12:51:46 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#8&B400CA5&0&20060413092100000&0#.

Log: 'System' Date/Time: 30/03/2017 12:49:18 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP