Okay...You realize this isn't the Malwarebytes you normally see right? This is Malwarebytes Anti-RootKit - scans Drivers, Sectors, System
Cannot access Safe Mode, System Restore and (most) anti-malware progra
Started by
playwiffme
, Mar 28 2017 11:00 AM
#47
Posted 29 March 2017 - 04:37 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Sounds like it's a bit better than the usual MBAM so that won't hurt at all.
#48
Posted 29 March 2017 - 06:17 PM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
Okay, I'm running it again...any other ideas?
I'm a fighter, but this is taking a lot of the wind out of my sails...should I start thinking re-format? YIKES!
#49
Posted 29 March 2017 - 06:19 PM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
Seems like whenever these guys we are tracking down get caught and put into quarantine, rebooting takes forever - another 45 or so minutes again with many flashes of blue screens in between.
#50
Posted 29 March 2017 - 09:05 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Did the second scan find the same thing?
Try running FRST from a USB drive per step 3 on http://www.geekstogo...l/#entry2151691
It might be easier to remove it if windows hasn't loaded.
Also let's look at your blue screens and see if that tells us anything:
Download BlueScreenView
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
and also:
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
Try the following for your shredder64.msi problem:
download ShellExView.
Use this download:
Once you get it installed, run it and look in the 7th column from the RIGHT. (or 13th from the left) It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot (or just restart explorer ) and see if you still get the error.
#51
Posted 29 March 2017 - 11:58 PM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
It's a beautiful day in the neighborhood...
I do believe I got the son-of-a-[bleep] running the software Malwarebytes Anti-RootKit Beta the second time...(log will follow)
*Note* - System Restore functions as does all virus/malware programs as intended. I've done a few simple jogs around the block with the computer and it seems to be fine. No more "The requested resource is in use" warnings.
***NOTE*** - The ONLY issue I've found thus far is Safe Mode DOES NOT function using the F8 key and I trust you have a cure for this?
Malwarebytes Anti-RootKit Log -
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.03.29.07
rootkit: v2017.03.11.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
Thomas :: THOMAS-PC [administrator]
3/29/2017 8:20:46 PM
mbar-log-2017-03-29 (20-20-46).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 412759
Time elapsed: 1 hour(s), 30 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [83487f509117b87e061a457a06fbb050]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP (Trojan.Clicker) -> Delete on reboot. [458627a81e8a3afcbdfaaecfb8497a86]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [16b504cb6048a2942693c9b3d829c53b]
Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\Thomas\AppData\Local\NTUSER~1\dataup\dataup.exe -> Delete on reboot. [458627a81e8a3afcbdfaaecfb8497a86]
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [b82af19ea4f351ab70ceeeec014dcc62]
C:\Users\Thomas\AppData\Local\Temp\27459966\ic-0.10d434e145492.exe (Ransom.Cerber) -> Delete on reboot. [6e5d5976d2d674c23b7a401425ddd62a]
C:\Users\Thomas\AppData\Local\Temp\27459966\ic-0.ac5d028b063b2.exe (Trojan.Agent) -> Delete on reboot. [fbd07a5505a3c96d05f63ec38a78c838]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
#52
Posted 30 March 2017 - 12:02 AM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
I then ran Malwarebytes Anti-Malware and followed that up with ADWCleaner (log enclosed)
# AdwCleaner v6.045 - Logfile created 30/03/2017 at 00:36:36
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-29.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Thomas - THOMAS-PC
# Running from : C:\Users\Thomas\Documents\Software Programs\ADWCleaner-1\AdwCleaner(4).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: windowsmanagementservice
[!] Service not deleted: esgiguard
[!] Service not deleted: EsgScanner
***** [ Folders ] *****
[!] Folder not deleted: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter
[-] Folder deleted: C:\Program Files\ReviverSoft
[-] Folder deleted: C:\ProgramData\ReviverSoft
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ReviverSoft
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
[!] Folder not deleted: C:\Program Files (x86)\Enigma Software Group
[!] Folder not deleted: C:\Windows\SysWOW64\sstmp
***** [ Files ] *****
[!] File not deleted: C:\Windows\SysWOW64\EsgScanner.sys
[!] File not deleted: C:\Windows\SysWOW64\drivers\EsgScanner.sys
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[!] Key not deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service
[!] Key not deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[!] Key not deleted: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
[!] Key not deleted: HKLM\SOFTWARE\EnigmaSoftwareGroup
[!] Key not deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[!] Key not deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[!] Key not deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[!] Key not deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[!] Key not deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[!] Key not deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[!] Key not deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
***** [ Web browsers ] *****
[-] [C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [7765 Bytes] - [29/02/2016 10:49:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [10554 Bytes] - [16/10/2016 01:14:44]
C:\AdwCleaner\AdwCleaner[C3].txt - [2596 Bytes] - [16/10/2016 19:42:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [4561 Bytes] - [05/03/2017 20:47:28]
C:\AdwCleaner\AdwCleaner[C5].txt - [3326 Bytes] - [25/03/2017 18:28:26]
C:\AdwCleaner\AdwCleaner[C6].txt - [3162 Bytes] - [30/03/2017 00:36:36]
C:\AdwCleaner\AdwCleaner[R0].txt - [2802 Bytes] - [19/01/2014 00:37:10]
C:\AdwCleaner\AdwCleaner[R1].txt - [2862 Bytes] - [19/01/2014 00:40:51]
C:\AdwCleaner\AdwCleaner[R4].txt - [2236 Bytes] - [26/03/2017 22:58:03]
C:\AdwCleaner\AdwCleaner[R5].txt - [2173 Bytes] - [26/03/2017 23:15:07]
C:\AdwCleaner\AdwCleaner[R6].txt - [2233 Bytes] - [27/03/2017 02:04:38]
C:\AdwCleaner\AdwCleaner[R7].txt - [2490 Bytes] - [27/03/2017 07:59:18]
C:\AdwCleaner\AdwCleaner[R8].txt - [2353 Bytes] - [27/03/2017 17:23:12]
C:\AdwCleaner\AdwCleaner[S0].txt - [2927 Bytes] - [19/01/2014 00:44:02]
C:\AdwCleaner\AdwCleaner[S10].txt - [3217 Bytes] - [25/03/2017 18:27:02]
C:\AdwCleaner\AdwCleaner[S11].txt - [4503 Bytes] - [30/03/2017 00:25:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [9453 Bytes] - [29/02/2016 10:38:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [4063 Bytes] - [10/08/2016 20:27:15]
C:\AdwCleaner\AdwCleaner[S3].txt - [2475 Bytes] - [28/10/2015 16:26:52]
C:\AdwCleaner\AdwCleaner[S4].txt - [2475 Bytes] - [28/10/2015 16:28:40]
C:\AdwCleaner\AdwCleaner[S5].txt - [11453 Bytes] - [16/10/2016 01:11:30]
C:\AdwCleaner\AdwCleaner[S6].txt - [2621 Bytes] - [16/10/2016 19:40:54]
C:\AdwCleaner\AdwCleaner[S7].txt - [3257 Bytes] - [29/11/2016 00:09:54]
C:\AdwCleaner\AdwCleaner[S8].txt - [3168 Bytes] - [07/01/2017 02:33:17]
C:\AdwCleaner\AdwCleaner[S9].txt - [4319 Bytes] - [05/03/2017 20:32:30]
########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [4625 Bytes] ##########
#53
Posted 30 March 2017 - 12:10 AM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
Process Explorer -
Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 97.21 0 K 24 K
firefox.exe 6552 0.91 387,388 K 402,432 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
explorer.exe 1792 0.49 63,760 K 81,292 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
procexp(1)64.exe 1552 0.43 31,876 K 49,464 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 1596 0.38 33,964 K 53,028 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 0.31 0 K 0 K Hardware Interrupts and DPCs
csrss.exe 612 0.08 13,424 K 16,568 K
System 4 0.08 212 K 2,688 K
notepad.exe 6444 0.04 2,628 K 7,600 K Notepad Microsoft Corporation (Verified) Microsoft Windows
procexp(1)64.exe 6980 0.04 30,764 K 49,228 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MsMpEng.exe 1020 0.02 142,484 K 146,464 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
zipwhipw.exe 4736 0.01 140,952 K 109,976 K Java™ Platform SE binary Oracle Corporation (Verified) Oracle America
rscp_bg.exe 3560 < 0.01 2,156 K 7,344 K Reason Core Security Bundle Protection (Verified) Reason Software Company Inc.
AppleMobileDeviceService.exe 2060 < 0.01 4,556 K 11,552 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
taskhost.exe 1588 < 0.01 23,428 K 20,604 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 5956 < 0.01 39,840 K 15,524 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 6768 < 0.01 13,852 K 8,516 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1040 < 0.01 28,464 K 45,672 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1240 < 0.01 18,804 K 19,808 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 4144 < 0.01 7,884 K 16,652 K
svchost.exe 2196 < 0.01 7,972 K 14,528 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sftlist.exe 4208 < 0.01 9,912 K 21,268 K Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
nvvsvc.exe 1384 < 0.01 6,944 K 13,988 K
svchost.exe 696 < 0.01 189,752 K 196,012 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 528 < 0.01 3,108 K 5,524 K
WUDFHost.exe 6276 2,728 K 6,912 K
wuauclt.exe 3940 2,844 K 7,480 K Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2472 4,872 K 8,524 K
WmiPrvSE.exe 5832 3,684 K 7,396 K
WLIDSVCM.EXE 4256 2,192 K 4,372 K
winlogon.exe 684 3,792 K 8,192 K
wininit.exe 628 2,064 K 5,068 K
w3dbsmgr.exe 3492 87,776 K 28,136 K Database Service Manager Pervasive Software Inc. (Verified) Sage Software
UpdaterService.exe 2288 1,308 K 4,120 K Updater Service Acer Incorporated (Verified) Acer Incorporated
taskeng.exe 2824 3,312 K 7,432 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1960 3,156 K 7,072 K
svchost.exe 956 6,692 K 10,460 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1652 12,872 K 16,656 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 972 8,380 K 14,272 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 848 5,700 K 10,860 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2256 3,656 K 8,592 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3332 5,080 K 8,748 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3444 1,748 K 4,268 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3352 1,772 K 4,308 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 548 17,300 K 19,040 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2156 6,876 K 12,504 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1992 3,048 K 6,628 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sqlwriter.exe 488 2,908 K 7,292 K SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 1572 55,664 K 2,612 K SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
sqlbrowser.exe 3136 1,672 K 4,512 K SQL Browser Service EXE Microsoft Corporation (Verified) Microsoft Corporation
spoolsv.exe 1580 8,880 K 14,876 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SplitCamService.exe 3096 11,664 K 6,936 K SplitCam Service SplitCam Co. (Verified) OMT-LIDER
smss.exe 372 736 K 1,424 K
sftvsa.exe 4048 1,728 K 5,196 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
services.exe 704 8,324 K 13,616 K
SeaPort.EXE 2080 4,592 K 9,664 K
rsService.exe 3544 61,460 K 2,320 K Reason Core Security Service Reason Software Company Inc. (Verified) Reason Software Company Inc.
rsLggr.exe 1956 2,072 K 528 K
rscp_svc.exe 3520 1,736 K 5,156 K Reason Core Security Bundle Protection (Verified) Reason Software Company Inc.
RAVCpl64.exe 2880 10,292 K 12,228 K Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
PsiService_2.exe 3468 2,156 K 4,628 K PsiService PsiService arvato digital services llc (Verified) Arvato Digital Services Canada Inc
procexp(1).exe 6564 2,676 K 7,848 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
procexp(1).exe 4840 2,684 K 6,364 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
NvXDSync.exe 1372 8,460 K 17,328 K
nvvsvc.exe 916 3,524 K 8,400 K NVIDIA Driver Helper Service, Version 267.33 NVIDIA Corporation (Verified) NVIDIA Corporation
nvSCPAPISvr.exe 2844 2,512 K 5,852 K Stereo Vision Control Panel API Server NVIDIA Corporation (Verified) NVIDIA Corporation
NisSrv.exe 5472 21,488 K 11,448 K Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
NetworkLicenseServer.exe 1884 15,612 K 20,052 K ABBYY network license server ABBYY Production LLC (Verified) ABBYY Production LLC
msseces.exe 2920 7,256 K 15,296 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MSCamS64.exe 2488 5,812 K 10,092 K MsCamSvc.exe Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 2128 2,804 K 6,436 K Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamscheduler.exe 2328 4,952 K 10,140 K Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe 732 3,100 K 5,000 K
lsass.exe 724 6,028 K 13,412 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 3304 2,656 K 5,844 K Java Update Scheduler Oracle Corporation (Verified) Oracle America
GREGsvc.exe 2228 1,136 K 3,708 K Global Registration Service Acer Incorporated (Verified) Acer Incorporated
GoogleCrashHandler64.exe 2508 2,032 K 528 K
GoogleCrashHandler.exe 2496 1,740 K 528 K
DMREngine.exe 2960 5,300 K 1,340 K DMREngine CyberLink (Verified) CyberLink
CVHSVC.EXE 1432 8,412 K 16,624 K
clear.fiAgent.exe 2872 1,808 K 748 K clear.fi Resident Program CyberLink Corp. (Verified) CyberLink
armsvc.exe 1500 1,344 K 4,216 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AdobeARM.exe 6328 4,072 K 528 K
acrotray.exe 3288 2,492 K 6,460 K AcroTray Adobe Systems Inc. (Verified) Adobe Systems
#54
Posted 30 March 2017 - 12:29 AM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
FRST - Notepad -
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Thomas (administrator) on THOMAS-PC (30-03-2017 02:10:43)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Loaded Profiles: Thomas (Available Profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsService.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Frontier Texting\java_vm\bin\zipwhipw.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Reason\Security\rsLggr.exe
(Sysinternals - www.sysinternals.com) C:\Users\Thomas\Documents\Software Programs\Process Explorer\procexp(1).exe
(Sysinternals - www.sysinternals.com) C:\Users\Thomas\AppData\Local\Temp\procexp(1)64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Run: [Frontier Texting] => C:\Program Files\Frontier Texting\Frontier Texting.lnk [1832 2016-11-08] ()
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
BootExecute: autocheck autochk * bootdeletebootdeletebootdeletebootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{95C5EA71-8623-416C-AAEC-D3AA4AF7581A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9612667B-16FF-47A2-8AC8-4084E6EAD0FB}: [DhcpNameServer] 192.168.254.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll No File
FireFox:
========
FF DefaultProfile: ixg7h6xy.default-1476596056535
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\vf9r2hzq.default [not found]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 [2017-03-30]
FF Homepage: Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 -> www.msn.com/
FF Extension: (AdBlocker for YouTube™) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\Extensions\[email protected] [2016-12-05]
FF Extension: (Site Deployment Checker) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\features\{ec85e9e5-61a9-4f62-884b-d3976b9e3ed7}\[email protected] [2017-03-24]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\embvo3sn.Default User [2017-03-30]
FF Homepage: Mozilla\Firefox\Profiles\embvo3sn.Default User -> hxxp://www.msn.com/
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-11-06]
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-06-30] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2364491048-255812346-798213191-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Thomas\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)
Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default [2017-03-30]
CHR Extension: (Google Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Flash Video Downloader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-26]
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MagMouse) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\biofinbccickkakhihdmkafjniganmee [2016-10-03]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Google Hangouts) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Video DownloadHelper) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-21]
CHR Extension: (Aimersoft Video Converter Ultimate) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb [2015-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]
CHR HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-09-14]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-01-20] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-04-06] (Pervasive Software Inc.)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-03-29] ()
R2 rsService; C:\Program Files\Reason\Security\rsService.exe [198424 2017-03-13] (Reason Software Company Inc.)
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [321064 2016-10-19] (SplitCam Co.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ESGIGUARD; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2016-11-29] ()
S3 ESGSCANNER; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [23112 2017-03-29] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2016-08-02] (Windows ® Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37600 2016-08-02] (Windows ® Win 7 DDK provider)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-26] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-30 00:18 - 2017-03-30 00:18 - 04089296 _____ C:\Users\Thomas\Downloads\AdwCleaner(4).exe
2017-03-29 20:22 - 2017-03-29 20:22 - 00001978 _____ C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
2017-03-29 20:22 - 2017-03-29 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
2017-03-29 20:22 - 2017-03-29 20:22 - 00000000 ____D C:\Program Files\Hitman Pro 3.5
2017-03-29 20:02 - 2017-03-29 20:02 - 00000779 _____ C:\Users\Thomas\Documents\03-29-17-4.txt
2017-03-29 19:36 - 2017-03-29 19:36 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 37x Patchrar.exe
2017-03-29 19:24 - 2017-03-29 19:24 - 01388544 _____ C:\Users\Thomas\Downloads\Hitman Pro 3715 Build 281 x64 Crack [4realtorrentz]zip.exe
2017-03-29 19:17 - 2017-03-29 19:17 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 3718 Build 283rar.exe
2017-03-29 19:09 - 2017-03-29 19:09 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 3715 Build 281 Patch is Here [LATEST].exe
2017-03-29 18:44 - 2017-03-29 20:21 - 00000000 ____D C:\ProgramData\Hitman Pro
2017-03-29 17:46 - 2017-03-29 17:46 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\Downloads\HitmanPro_x64(2).exe
2017-03-29 17:38 - 2017-03-29 17:38 - 09741664 _____ (SurfRight B.V.) C:\Users\Thomas\Downloads\HitmanPro_x64(1).exe
2017-03-29 16:36 - 2017-03-29 16:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\uSeRiNiT.exe
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task 1
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task 0
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task
2017-03-29 15:50 - 2017-03-29 15:50 - 00000000 ____D C:\ProgramData\Reason
2017-03-29 15:49 - 2017-03-29 15:49 - 00003540 _____ C:\Windows\System32\Tasks\Reason Core Security Scheduled Scan
2017-03-29 15:49 - 2017-03-29 15:49 - 00003406 _____ C:\Windows\System32\Tasks\Reason Core Security
2017-03-29 15:49 - 2017-03-29 15:49 - 00001102 _____ C:\Users\Thomas\Desktop\Reason Core Security.lnk
2017-03-29 15:49 - 2017-03-29 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-03-29 15:48 - 2017-03-29 15:48 - 00000000 ____D C:\Program Files\Reason
2017-03-29 15:46 - 2017-03-29 15:46 - 07141600 _____ (Reason Software Company Inc.) C:\Users\Thomas\Downloads\reason-core-security-setup.exe
2017-03-29 15:05 - 2017-03-29 15:05 - 00000487 _____ C:\Users\Thomas\Documents\03-29-17-3.txt
2017-03-29 15:04 - 2017-03-29 15:04 - 00000041 _____ C:\Users\Thomas\Documents\03-29-17-2.txt
2017-03-29 15:00 - 2017-03-30 00:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-29 14:57 - 2017-03-30 00:00 - 00000000 ____D C:\Users\Thomas\Desktop\mbar
2017-03-29 14:56 - 2017-03-29 14:56 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001(1).exe
2017-03-29 11:51 - 2017-03-29 11:51 - 00000101 _____ C:\Users\Thomas\Documents\03-29-17-1.txt
2017-03-29 11:38 - 2017-03-29 11:39 - 00000000 ____D C:\Users\Thomas\AppData\Local\microlabs
2017-03-29 08:58 - 2017-03-29 08:58 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001(1).zip
2017-03-29 08:53 - 2017-03-29 08:53 - 00448512 _____ (OldTimer Tools) C:\Users\Thomas\Downloads\TFC(1).exe
2017-03-29 08:32 - 2017-03-29 08:32 - 06705178 _____ C:\Users\Thomas\Downloads\mbam-chameleon-3.1.33.0.zip
2017-03-29 02:24 - 2017-03-29 02:24 - 00000783 _____ C:\Users\Thomas\Documents\03-29-17.txt
2017-03-29 01:27 - 2017-03-29 01:27 - 41764120 _____ (IObit ) C:\Users\Thomas\Downloads\imfv5-setup.exe
2017-03-29 01:21 - 2017-03-29 01:21 - 46510120 _____ (IObit ) C:\Users\Thomas\Downloads\IObit-Malware-Fighter-Setup
2017-03-29 01:19 - 2017-03-29 01:19 - 00211213 _____ C:\Users\Thomas\Downloads\imf-offline-db1635.zip
2017-03-29 00:39 - 2017-03-29 00:41 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 00:28 - 2017-03-29 00:33 - 55566792 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-03-28 16:44 - 2017-03-28 16:44 - 00000782 _____ C:\Users\Thomas\Documents\03-28-17-3.txt
2017-03-28 16:30 - 2017-03-28 16:30 - 00003075 _____ C:\Users\Thomas\Downloads\fixlist.txt
2017-03-28 15:32 - 2017-03-28 15:32 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill64.exe
2017-03-28 14:56 - 2017-03-29 13:13 - 00000348 _____ C:\Users\Thomas\Documents\03-28-17-2.txt
2017-03-28 13:18 - 2017-03-28 13:18 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64(1).exe
2017-03-28 11:57 - 2017-03-28 11:57 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Thomas\Downloads\procexp(1).exe
2017-03-28 11:03 - 2017-03-28 11:03 - 00000900 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-03-28 11:03 - 2017-03-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-03-28 11:02 - 2017-03-28 11:03 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-03-28 10:59 - 2017-03-28 11:01 - 243565384 _____ (Emsisoft Ltd. ) C:\Users\Thomas\Downloads\EmsisoftAntiMalwareSetup.exe
2017-03-28 09:03 - 2017-03-28 09:03 - 49405136 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\Windows-KB890830-x64-V5.46.exe
2017-03-28 08:47 - 2017-03-28 10:53 - 00000228 _____ C:\Users\Thomas\Documents\03-28-17-1.txt
2017-03-28 03:34 - 2017-03-28 03:34 - 00000000 ____D C:\VIPRERESCUE
2017-03-28 03:30 - 2017-03-28 03:33 - 315179008 _____ C:\Users\Thomas\Downloads\VIPRERescue.exe
2017-03-28 03:07 - 2017-03-28 03:07 - 00023197 _____ C:\Users\Thomas\Documents\03-28-17.txt
2017-03-28 03:03 - 2017-03-28 03:03 - 00023197 _____ C:\Windows\system32\0
2017-03-28 02:54 - 2017-03-28 02:55 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001.zip
2017-03-27 17:22 - 2017-03-27 17:22 - 00001324 _____ C:\AdwCleaner[R3].txt
2017-03-27 16:36 - 2017-03-27 16:36 - 00000700 _____ C:\Users\Thomas\Documents\03-27-17.txt
2017-03-27 10:55 - 2017-03-27 10:56 - 00059427 _____ C:\Users\Thomas\Downloads\Addition.txt
2017-03-27 10:53 - 2017-03-27 10:56 - 00079814 _____ C:\Users\Thomas\Downloads\FRST.txt
2017-03-27 10:52 - 2017-03-30 02:10 - 00000000 ____D C:\FRST
2017-03-27 10:52 - 2017-03-27 10:52 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.scr
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(4).exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).com
2017-03-27 09:12 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Desktop\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 09:11 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 07:58 - 2017-03-27 07:58 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner (5).exe
2017-03-27 02:58 - 2017-03-27 02:58 - 00002407 _____ C:\Users\Thomas\Desktop\RKreport[5]_D_03272017_02d0258.txt
2017-03-27 02:58 - 2017-03-27 02:58 - 00002364 _____ C:\Users\Thomas\Desktop\RKreport[4]_S_03272017_02d0258.txt
2017-03-27 02:56 - 2017-03-27 02:56 - 00002710 _____ C:\Users\Thomas\Desktop\RKreport[3]_D_03272017_02d0256.txt
2017-03-27 02:55 - 2017-03-27 02:55 - 00002718 _____ C:\Users\Thomas\Desktop\RKreport[2]_S_03272017_02d0255.txt
2017-03-27 02:54 - 2017-03-27 02:54 - 00002681 _____ C:\Users\Thomas\Desktop\RKreport[1]_S_03272017_02d0254.txt
2017-03-27 01:52 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Desktop\tdsskiller(1).exe
2017-03-27 01:52 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe
2017-03-27 01:51 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Desktop\mbar-1.09.3.1001.exe
2017-03-27 01:49 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001.exe
2017-03-27 00:19 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Downloads\tdsskiller(1).exe
2017-03-26 22:54 - 2017-03-26 22:54 - 00001387 _____ C:\AdwCleaner[R2].txt
2017-03-26 22:51 - 2017-03-30 01:21 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2017-03-26 21:02 - 2017-03-28 02:08 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-26 21:01 - 2017-03-26 22:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000862 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-26 21:00 - 2017-03-26 21:01 - 35109888 _____ (Adlice Software ) C:\Users\Thomas\Downloads\setup.exe
2017-03-26 20:59 - 2017-03-29 01:11 - 00000000 ____D C:\Users\Thomas\Desktop\RK_Quarantine
2017-03-26 19:30 - 2017-03-30 02:10 - 00051042 _____ C:\Windows\ZAM.krnl.trace
2017-03-26 19:30 - 2017-03-30 02:10 - 00020530 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Users\Thomas\AppData\Local\Zemana
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-26 19:28 - 2017-03-26 19:29 - 05740956 _____ (Zemana Ltd. ) C:\Users\Thomas\Downloads\eXplorer(1).exe
2017-03-26 19:19 - 2017-03-26 19:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\RKill_2.8.2.0.com
2017-03-26 19:18 - 2017-03-26 19:18 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).exe
2017-03-26 19:09 - 2017-03-26 19:09 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).exe
2017-03-26 18:43 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\iExplore.exe
2017-03-26 18:42 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\iExplore.exe
2017-03-26 18:32 - 2017-03-26 18:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\eXplorer.exe
2017-03-26 18:29 - 2017-03-26 18:30 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).com
2017-03-26 18:26 - 2017-03-26 18:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(1).exe
2017-03-26 18:24 - 2017-03-26 18:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\Tom-fix.exe
2017-03-26 18:22 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.exe
2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex
2017-03-25 18:23 - 2017-03-25 18:24 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner(3).exe
2017-03-25 18:21 - 2017-03-25 18:21 - 00001234 _____ C:\AdwCleaner[R1].txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-30 01:48 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 01:48 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-30 01:41 - 2016-11-18 10:18 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2017-03-30 01:39 - 2015-04-02 17:24 - 00000000 ____D C:\Program Files\Frontier Texting
2017-03-30 01:39 - 2012-06-30 12:25 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-30 01:39 - 2011-11-10 19:10 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-30 01:38 - 2014-03-28 05:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job
2017-03-30 01:38 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-30 01:14 - 2012-06-29 22:08 - 00000000 ____D C:\Users\Thomas
2017-03-30 00:45 - 2012-07-04 00:19 - 00000000 ____D C:\Users\Thomas\Documents\My Stuff
2017-03-30 00:36 - 2014-01-19 00:37 - 00000000 ____D C:\AdwCleaner
2017-03-30 00:20 - 2012-06-29 22:57 - 00000000 ____D C:\Users\Thomas\Documents\Software Programs
2017-03-30 00:04 - 2014-04-30 01:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 23:45 - 2014-04-30 01:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-29 23:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SchCache
2017-03-29 23:19 - 2016-05-21 22:05 - 00001057 _____ C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2017-03-29 23:19 - 2016-05-21 22:05 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Vso
2017-03-29 20:48 - 2012-07-01 20:50 - 00000000 ____D C:\Users\Thomas\Documents\ConvertXToDVD
2017-03-29 20:48 - 2009-07-14 01:13 - 00852428 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-29 20:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-29 20:22 - 2013-01-07 03:15 - 00023112 _____ C:\Windows\system32\Drivers\hitmanpro35.sys
2017-03-29 19:58 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032917-38703-01.dmp
2017-03-29 19:58 - 2012-09-23 23:22 - 00000000 ____D C:\Windows\Minidump
2017-03-29 19:56 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-32261-01.dmp
2017-03-29 19:54 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-34476-01.dmp
2017-03-29 19:53 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032917-35599-01.dmp
2017-03-29 19:40 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-73476-01.dmp
2017-03-29 19:32 - 2016-01-15 15:16 - 00002046 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00002044 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00002034 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-29 19:15 - 2012-06-30 02:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-29 16:41 - 2016-10-15 22:56 - 00000002 _____ C:\Users\Thomas\Desktop\Rkill.txt
2017-03-29 16:02 - 2013-03-24 02:41 - 00000000 ____D C:\Program Files (x86)\Replay Video Capture 6
2017-03-29 01:50 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-29125-01.dmp
2017-03-29 01:47 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-27034-01.dmp
2017-03-29 01:45 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-30685-01.dmp
2017-03-29 01:43 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-26707-01.dmp
2017-03-29 01:41 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-32042-01.dmp
2017-03-29 01:38 - 2016-06-28 09:20 - 00000194 _____ C:\Windows\system32\.crusader
2017-03-28 20:14 - 2016-10-19 19:59 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Adblock Plus for IE
2017-03-28 18:51 - 2012-07-06 20:26 - 00000000 ____D C:\Users\Thomas\Documents\My Streaming Media
2017-03-28 16:40 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-34398-01.dmp
2017-03-28 16:05 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032817-31715-01.dmp
2017-03-28 16:04 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-42713-01.dmp
2017-03-28 14:41 - 2015-04-26 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 13:39 - 2015-03-26 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-27 16:47 - 2009-07-14 01:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-27 08:00 - 2012-07-01 14:03 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2017-03-26 17:37 - 2012-08-05 21:25 - 00000000 ____D C:\ProgramData\ThumbsPlus
2017-03-26 15:20 - 2012-08-05 19:09 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\ThumbsPlus
2017-03-25 18:32 - 2016-01-15 15:26 - 00000000 ___RD C:\Users\Thomas\Google Drive
2017-03-25 14:27 - 2011-07-20 09:02 - 00000000 ___HD C:\OEM
2017-03-21 19:24 - 2016-05-17 23:35 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-21 19:24 - 2016-05-17 23:35 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-21 19:24 - 2014-09-02 07:08 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2017-03-21 19:24 - 2011-07-20 08:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-21 12:07 - 2014-08-25 18:55 - 00005052 _____ C:\Windows\DUNZLOG.TXT
2017-03-20 23:48 - 2011-05-10 17:15 - 00000000 ____D C:\Users\Thomas\Documents\Adult
2017-03-19 04:57 - 2012-07-16 11:42 - 00000000 ____D C:\Users\Thomas\AppData\Local\ElevatedDiagnostics
2017-03-18 08:25 - 2017-02-27 13:14 - 00004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-17 12:49 - 2013-01-01 03:06 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Smilebox
2017-03-11 15:17 - 2012-07-04 22:20 - 00000000 ____D C:\Users\Thomas\Documents\My Scans
2017-03-09 21:40 - 2012-09-03 12:07 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 21:40 - 2012-09-03 12:07 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-02 08:19 - 2014-12-27 00:32 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-02 08:19 - 2014-12-27 00:31 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
==================== Files in the root of some directories =======
2014-11-13 08:30 - 2014-11-13 08:30 - 6000640 _____ () C:\Program Files (x86)\GUT5B97.tmp
2017-02-26 19:16 - 2017-02-26 19:24 - 7680000 _____ () C:\Program Files (x86)\GUT849B.tmp
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Amp
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Reduction
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\BookService
2016-05-20 15:33 - 2016-05-21 20:48 - 0099384 _____ () C:\Users\Thomas\AppData\Roaming\inst.exe
2013-03-02 18:55 - 2013-03-02 18:55 - 0000082 _____ () C:\Users\Thomas\AppData\Roaming\mbam.context.scan
2016-05-18 18:14 - 2016-05-21 20:48 - 0007859 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.cat
2016-05-18 18:14 - 2016-05-21 20:48 - 0001167 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.inf
2016-05-18 18:14 - 2016-05-21 20:48 - 0000055 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.log
2016-05-18 18:14 - 2016-05-21 20:48 - 0082816 _____ (VSO Software) C:\Users\Thomas\AppData\Roaming\pcouffin.sys
2014-09-03 17:00 - 2014-09-03 17:00 - 35123384 _____ (VSO Software ) C:\Users\Thomas\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2016-05-21 22:05 - 2017-03-29 23:19 - 0001057 _____ () C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2015-05-20 18:10 - 2017-01-09 23:07 - 0014848 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-14 23:07 - 2016-10-14 23:09 - 0000003 _____ () C:\Users\Thomas\AppData\Local\run1.txt
2013-01-12 18:20 - 2013-01-12 18:20 - 2250054 _____ () C:\ProgramData\1.bmp
2013-01-12 18:19 - 2013-01-12 18:19 - 0444366 _____ () C:\ProgramData\1.jpg
2011-11-10 19:29 - 2011-11-10 19:31 - 0014756 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Breath Pad
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Brother
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Bubble Noise
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Classical
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Clips
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\ColorSync
2012-06-30 18:14 - 2013-10-16 14:30 - 0002719 _____ () C:\ProgramData\hpzinstall.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-05 21:35 - 2014-02-05 21:37 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-05 21:35 - 2014-02-05 21:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
Some files in TEMP:
====================
2017-03-29 16:35 - 2017-03-29 16:35 - 0040960 _____ () C:\Users\Thomas\AppData\Local\Temp\abde0p7s.dll
2017-03-29 01:12 - 2016-09-09 14:23 - 1732864 _____ (Microsoft Corporation) C:\Users\Thomas\AppData\Local\Temp\dllnt_dump.dll
2017-03-30 01:23 - 2017-03-29 17:46 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro.exe
2017-03-29 17:39 - 2017-03-29 17:40 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro_x64(1).exe
2017-03-29 17:41 - 2017-03-29 17:42 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro_x64.exe
2017-03-30 02:03 - 2017-03-30 02:03 - 1452200 _____ (Sysinternals - www.sysinternals.com) C:\Users\Thomas\AppData\Local\Temp\procexp(1)64.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-24 05:14
==================== End of FRST.txt ============================
#55
Posted 30 March 2017 - 12:33 AM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
Additional - Notepad -
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Thomas (30-03-2017 02:12:42)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-30 02:08:02)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2364491048-255812346-798213191-500 - Administrator - Disabled)
Guest (S-1-5-21-2364491048-255812346-798213191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2364491048-255812346-798213191-1006 - Limited - Enabled)
Thomas (S-1-5-21-2364491048-255812346-798213191-1001 - Administrator - Enabled) => C:\Users\Thomas
UpdatusUser (S-1-5-21-2364491048-255812346-798213191-1000 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0708.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Active WebCam (HKLM-x32\...\Active WebCam) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
Aimersoft Helper Compact 2.5.0 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.0 - Aimersoft)
Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software)
AlignmentUtility (x32 Version: 19.00.0000 - UPS) Hidden
Animated GIF producer 5.0 TRIAL (HKLM-x32\...\Animated GIF producer 5.0 TRIAL_is1) (Version: - AVLAN Design)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Barcode Generator version 02.10.10 (HKLM-x32\...\{4E846FBC-F6B3-4767-A0DF-C38D8CD0E13D}_is1) (Version: 02.10.10 - Aurora3D Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
C5500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCC (x32 Version: 19.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.1720.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7713 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.01.3500 - Acer Incorporated)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Identifier (HKLM-x32\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.2 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.201 - Seagate)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FormsComponent (x32 Version: 19.00.0000 - UPS) Hidden
FOSS (x32 Version: 19.00.0000 - UPS) Hidden
Frontier Texting (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Frontier Texting) (Version: 2.5.0b3 - Zipwhip Inc.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hitman Pro 3.5 (HKLM\...\HitmanPro35) (Version: 3.5.9.125 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
iCare Data Recovery Pro (HKLM-x32\...\{F7EAB243-4D0C-47F5-A4F1-74D350E45489}_is1) (Version: 7.6 - iCare Recovery)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 19.00.0000 - UPS)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Inpaint 5.0 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.117 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.5.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.0 - )
Machete Lite 3.8 (HKLM-x32\...\{CBA55866-5332-4E19-867F-30F7E22E9F1E}) (Version: 3.8.33 - MacheteSoft)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.0.5 (HKLM-x32\...\ManyCam) (Version: 5.0.5 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MKVToolNix 8.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
MSIChecker (x32 Version: 19.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NA1Messenger (x32 Version: 19.00.0000 - Your Company Name) Hidden
Nero 2016 (HKLM-x32\...\{4297E807-5633-466A-8AC0-5AC48D310471}) (Version: 17.0.02000 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
NetObjects Fusion 10.0 (HKLM-x32\...\{ECC8CC4E-2291-438F-9601-C8A6BFBA0880}) (Version: 10.0 - )
NetObjects Fusion 11.0 (HKLM-x32\...\{1BD687EB-C093-4BA5-B336-AEF08C314921}) (Version: 11.0 - )
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Nikon View 6 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NRF (x32 Version: 19.00.0000 - UPS) Hidden
NVIDIA Graphics Driver 267.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6733 - NVIDIA Corporation)
Peachtree Accounting 2010 (x32 Version: 17.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2010 (HKLM-x32\...\InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}) (Version: 17.00.00 - Sage Software, Inc.)
Peachtree Pro Accounting 2010 (HKLM-x32\...\Peachtree Pro Accounting) (Version: - )
PeachTree Signature Ready Forms (x32 Version: 6.7.4 - Sage Software SB, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pervasive PSQL v10.10 Workgroup (32-bit) (x32 Version: 10.12.025 - Pervasive Software) Hidden
Photo Collage Creator 3.61 (HKLM-x32\...\Photo Collage Creator_is1) (Version: - AMS Software)
PhotoScissors 3.0 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version: - teorex)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PolicyManager (x32 Version: 19.00.0000 - UPS) Hidden
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
PS_AIO_04_C5500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 2.1.0.9 - Reason Software Company Inc.)
Reconciler (x32 Version: 19.00.0000 - UPS) Hidden
Replay Media Catcher 4 (4.3.0) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.0 - Applian Technologies)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
RogueKiller version 12.10.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.1.0 - Adlice Software)
Sage Message Center (x32 Version: 2.00.0000 - Sage Software Inc.) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.18656 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Smilebox (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SplitCam (HKLM-x32\...\SplitCam) (Version: 7.5.3.2 - SplitCam Co)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1006 - SUPERAntiSpyware.com)
SupportUtility (x32 Version: 19.00.0000 - UPS) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System (x32 Version: 19.00.0000 - UPS) Hidden
ThumbsPlus (HKLM-x32\...\ThumbsPlus) (Version: - Cerious Software Inc.)
ThumbsPlus (x32 Version: 8.1.0.3537 - Cerious Software Inc.) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.5.1 - Tweaking.com)
UnifiedPrinting (x32 Version: 19.00.0000 - UPS) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 19.0 - UPS)
UPSDB (x32 Version: 19.00.0000 - UPS) Hidden
UPSICC (x32 Version: 19.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 19.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVC2013MM (x32 Version: 19.00.0000 - Your Company Name) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Web Easy Professional (HKLM-x32\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.1 - Avanquest)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 19.00.0000 - UPS)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3502 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinX Free FLV to AVI Converter 4.1.10 (HKLM-x32\...\WinX Free FLV to AVI Converter_is1) (Version: - Digiarty Software,Inc.)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Wondershare Photo Collage Studio 4.2.12.13 (HKLM-x32\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.12.13 - Wondershare Software Co.,Ltd.)
Wondershare Video Editor(Build 4.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
WorldShip (x32 Version: 19.00.0000 - UPS) Hidden
WSShared (x32 Version: 19.00.0000 - UPS) Hidden
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2364491048-255812346-798213191-1001_Classes\CLSID\{8AE44FFE-BF0D-085D-33DC-93B2E248BF89}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {16DAEEF1-75E7-4967-A0AB-639073B50045} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff9880ae2cc6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {23177269-9013-451C-8386-C179F89D9EF2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {308FD6D4-4710-4B08-958E-FB8E8207AB69} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.)
Task: {30D563EB-3867-4832-BFA7-64DBE08DDE52} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.)
Task: {35019353-69F0-4746-BE54-767EC85E237A} - System32\Tasks\RCS Updater Task => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {4C49873D-9FA8-44D9-9FD3-69F404A3DB13} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4E052D3B-423D-4CE5-9A57-2C9CA78EF7FD} - System32\Tasks\{1390CD58-C961-4F8A-9697-BC0F2EA7DE28} => pcalua.exe -a "C:\Users\Thomas\Documents\Software Programs\NetObjects-10\NetObjectsFusion.exe" -d "C:\Users\Thomas\Documents\Software Programs\NetObjects-10"
Task: {4E275314-7276-4B2E-9C86-555EDAA12582} - System32\Tasks\RCS Updater Task 1 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {67EFCEAA-3903-4A4D-B5AD-7373C6C4BDF8} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {6F64FB0E-FDD2-47D6-8BC4-ED656B932489} - System32\Tasks\{2666C777-E13A-4E21-A384-401634CFE18B} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Uninst.isu" -c"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\uninst.dll"
Task: {723BB62B-9A9A-4863-A61B-663D2EE58991} - System32\Tasks\{7EC91944-1AE2-4040-A2D5-A5C2808F1330} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {74670948-AC2F-402F-994D-9F6CBC2AA903} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {8B0DEE79-BA34-4030-8278-D24541977994} - System32\Tasks\{2344072B-ABA6-4FD7-883D-7937D39C1457} => pcalua.exe -a C:\UPS\WSTD\FOSS\Drivers\Eltron\Setup.exe -d C:\UPS\WSTD\FOSS\Drivers\Eltron
Task: {A9846488-A41D-4418-B486-6D294D30EC95} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a74d539a8c8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AFCA692E-354B-4832-9DBB-5B74505380B4} - System32\Tasks\RCS Updater Task 0 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {C2BB3B62-DF0B-48AB-A762-92DD0030BE9B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C41F54D2-3C66-4BDB-A255-34304978D1AB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-18] (Adobe Systems Incorporated)
Task: {D4CAA19A-0D42-46EB-8D2F-EAE5E9F02170} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {D529A07A-6B47-4D71-A819-348965BCAF8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DDDA45C2-04B6-42BC-A39A-CA370EDDF848} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {F362E5F4-6301-4F1F-8282-95E4892457E2} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-29 15:50 - 2017-03-29 15:51 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2016-05-25 08:38 - 2016-05-25 08:38 - 00129304 _____ () C:\Program Files\Reason\Security\x64\lz4_x64.dll
2017-03-29 15:50 - 2017-03-29 15:51 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2017-03-13 12:59 - 2017-03-13 12:59 - 00582936 _____ () C:\Program Files\Reason\Security\rsLggr.exe
2011-05-20 15:13 - 2011-05-20 15:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Thomas\Downloads\Kristin.mp3:TOC.WMV [130]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Classes\.scr: scrfile => <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\paypal.com -> hxxps://www.paypal.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-01-23 20:50 - 2017-03-30 01:39 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: KSS => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkvMon.exe.lnk => C:\Windows\pss\NkvMon.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\Windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\Windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Thomas\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSUpdater => C:\UPS\WSTD\CF\WorldShipCF.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{45C8A10F-2FF6-4D87-9665-A22AA70DAFBE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5A6E31E7-15DB-46D0-A20F-83457C526220}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{7AC4E3B6-169A-48D9-B967-70426B56DA30}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{1E6E2D4E-065E-4520-9DC6-6F991CCA8F9A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{366BAA21-74FF-447B-A5B0-0312692B5248}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{C7C78C39-A8FC-450B-B43C-6BCCBCD1E393}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{65105041-EB2C-431D-A588-EAA1687AF13B}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{6DF34829-2052-411A-A409-DCF8515CB7E6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{E49C7DC5-2AA2-4A92-BA1C-860F80B776D3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{FD1EA280-CACF-4175-8956-ED5A7B499485}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B4E2B11A-34CC-4826-980A-F157FB9C9EBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B88A86A5-2E99-4AAE-AB1C-872773AA7CB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D189DE28-0637-49E9-8808-9F48A29FFB84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FE67D766-DB21-4300-B80D-73EBF3F6F511}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1778FE0A-21FD-4A3C-9DF4-CC84403D2B76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{599E24F9-7BAB-4775-8D32-30556677CE6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{27BB0359-BE57-4044-AB4D-5DF6E43E0242}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{FB7511B2-9303-43E6-B280-9040098AA7A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E6B43D01-A3E8-4DD5-A090-065E48BC3585}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BEBE3EA8-5B9D-41AB-B074-7D3DDE7431A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17DCEE9C-6EB0-4DC3-9D3D-542916B1FD28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8FCFEBB4-6277-4089-A4EB-521F4F658940}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5AF32E7F-B313-4DFF-B331-5FC01A08425C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{82E35F61-DFE4-4F6C-8B70-3148250200D8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{B47E290C-5BA9-4FA9-95E9-096114153501}] => (Allow) LPort=1583
FirewallRules: [{AD894820-7BE5-42E4-A900-4FEE755FB2A2}] => (Allow) LPort=3351
FirewallRules: [{0B6E2700-DBB1-4EEB-9BA4-BBAA97B541C7}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{52FB2E7C-C939-47C8-B866-8F708B98A8F1}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{D39BCF72-91E1-4BD9-A04E-8C0C4D93D335}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{293BB0BE-8B5D-41AC-B233-BE830533AE81}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{87431AE6-8CA2-4656-B068-74467066863F}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{5E6362D6-5FA8-4841-80E6-687C6BA6032D}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{17CF3A75-C8A4-4791-8B6E-6DE1759CE312}] => (Allow) LPort=1434
FirewallRules: [{2D2BCF6A-1BD7-4E59-9133-3F7D009AD963}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AEFCA8D9-F3F1-4F98-9372-3651BD85D00B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5C4A0B7F-B5F2-4C7B-8542-08D570395B76}] => (Allow) C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3D592120-01B1-4E2D-9A9B-DAC2E8DC99C0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55DF9532-74EA-4F31-AD6B-510DA628093D}] => (Allow) LPort=2869
FirewallRules: [{590C98E9-8822-466C-98B1-BAAEB4F71B06}] => (Allow) LPort=1900
FirewallRules: [{0D1A9D6D-9F5E-4105-BC28-022FBF659872}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C20FEF1C-B44F-4550-8087-A513B61FBB11}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{38AF9D53-9A1F-4E97-B02B-BC2A8F36DC81}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{B1B345D7-055D-42FF-B5AE-D37CB1DD63E2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C633F96C-705D-43E6-9F7C-B03F1E8BDCB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67E4D9F7-4DD8-4A6E-B0BF-045D41A88C11}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DA1752BB-7B99-4039-B470-E7FADB567F7A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{AE419300-E45A-44E8-8CD4-34BC4282CB2E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{571321D2-9FDC-4219-8290-2D1496EC6CDE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E88C24E9-5795-4C46-9A4D-A59E41346B27}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{785509E7-0966-49A9-B375-8AFBF2248235}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B809CFE2-8646-445B-91C0-3AB7AF0F4F9F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{48C14C6A-6AF0-4B77-8D04-01CB24570FCC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F466404D-F4B7-43BC-BE29-7F6D9E579340}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8DA4B46-4C86-413F-AE6C-FB0075C31146}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FEC0336-AF8C-4BCA-9305-3823AA5F81D6}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4AFB8BA6-8B1C-445F-ACD4-72B0764EFAB4}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD562C63-0906-4A40-8E14-9F77EB8C1695}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0B69772-23A2-4209-8C9C-547642F4AB2F}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{47496406-FABC-4D17-9F72-3391033C7D00}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{94D63014-325E-4A2E-99C0-BFA5DBAAF377}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [{B36EBC99-CF4F-4468-B9F3-6481CAFA0800}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DA7E325-DB82-4D35-A13E-C6EC0531B70B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{183AC061-1226-4819-A26C-354CFEAC87E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA7021D9-8A87-4B3E-9C27-794E2A343A15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18FC8F30-6C60-4D0F-BD86-B61C4B646CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{114A5DB6-5A6D-4A0F-8439-48E0E752A758}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE9BBE7A-3CA8-493A-9CD9-C5A40BBB0075}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{227A64CB-5D9D-4F53-9E14-E2219B21B57F}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{442CD5BD-7417-46A0-B9A9-C53B7373B572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{5C590FFE-4D6E-4415-B9A1-A217CF204CBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1DAEA779-2A80-418E-AC16-33B909C593CC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{40F9D36A-B07E-414D-9F49-BBA4B215175D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
==================== Restore Points =========================
26-03-2017 12:12:08 Installed WeatherBuddy
27-03-2017 03:02:43 Manual Restore
28-03-2017 18:01:35 Windows Update
29-03-2017 11:46:58 Manual Restore
29-03-2017 11:57:18 Restore Point Created by FRST
29-03-2017 16:54:17 Malwarebytes Anti-Rootkit Restore Point
29-03-2017 18:38:21 Checkpoint by HitmanPro
29-03-2017 18:39:51 Checkpoint by HitmanPro
29-03-2017 23:26:00 Malwarebytes Anti-Rootkit Restore Point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2017 01:49:29 AM) (Source: ESENT) (EventID: 604) (User: )
Description: rsUI (3256) Locale ID 0x00000409 (English (United States) English) is either invalid or not installed on this machine.
Error: (03/30/2017 01:40:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/30/2017 01:40:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Thomas\Desktop\esetsmartinstaller_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/30/2017 01:21:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x70c
Faulting application start time: 0x01d2a9141afd86a8
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: bc6780d2-1508-11e7-bd5f-3860773e2656
Error: (03/30/2017 01:13:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/30/2017 12:52:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/30/2017 12:49:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/30/2017 12:45:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/30/2017 12:02:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7601.18917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a8c
Start Time: 01d2a90a4e7e80ee
Termination Time: 0
Application Path: C:\Windows\system32\NOTEPAD.EXE
Report Id: a61eac6c-14fd-11e7-b109-3860773e2656
Error: (03/29/2017 11:30:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (03/30/2017 01:22:27 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (03/30/2017 01:19:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
Error: (03/30/2017 01:19:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (03/30/2017 01:17:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (03/30/2017 01:12:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Reason Core Security Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/30/2017 01:12:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Reason Core Security Service service to connect.
Error: (03/30/2017 12:51:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/30/2017 12:51:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
Error: (03/30/2017 12:49:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
The authentication service is unknown.
Error: (03/30/2017 12:49:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
A system shutdown is in progress.
==================== Memory info ===========================
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8172.25 MB
Available physical RAM: 5476.76 MB
Total Virtual: 16342.68 MB
Available Virtual: 13312.3 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:923.45 GB) (Free:25.55 GB) NTFS
Drive d: (DATA) (Fixed) (Total:923.47 GB) (Free:923.05 GB) NTFS
Drive f: (Toshiba Ext HDD) (Fixed) (Total:931.51 GB) (Free:915.11 GB) NTFS
Drive o: (Elements) (Fixed) (Total:2794.52 GB) (Free:43.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C23FF5DB)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 37F19006)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#56
Posted 30 March 2017 - 12:59 AM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
Windows Installer
The feature you are trying to use is on a
network resource that is unavailable
Click OK to try again, or enter an alternate path to a
folder containing the installation package
"Shredder64.msi" in the box below.
C:\Users\Administrator\AppData\Local\Downloaded Installations\
{45DE3BB5-15C7-489B-458F80-82349413953E}
This is still happening once in a while when I right click on something to open or copy - this box comes up first - do you know why this is happening?
So other than not being able to enter into Safe Mode via F8 this issue is the only thing that I've found not totally fixed as of now.
(I probably don't know what I'm talking about with regards to the F8/Safe Mode issue, but could all those flashes of blue screens been part of this? I know I saw the word BIOS several times - could the boot order have been changed?)
#57
Posted 30 March 2017 - 05:01 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
See if you can delete these two:
2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex
Second one is a folder
Appears the hidden service was HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [16b504cb6048a2942693c9b3d829c53b]
This doesn't show up in FRST.
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
Reboot.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:
Copy the next two lines:
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
#58
Posted 30 March 2017 - 08:32 AM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
Re:
2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex
Files have been deleted...
Windows System and Application Logs have been cleared...
sfc / scannow completed - Windows Resource Protection did not find any integrity violations.
Downloaded and attempted to run Event Viewer with issues - Notepad cannot find the C:\VEW.txt file - tried to run 3 X's without success, notepad opens up empty/void of text
#59
Posted 30 March 2017 - 08:53 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Did you remember to run VEW by right clicking and Run As Admin? Normally you get a different error if you forget but VEW can't write to C:\ unless it has admin rights.
#60
Posted 30 March 2017 - 09:11 AM
playwiffme
- Topic Starter
-
- Member
-
- 61 posts
Member
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/03/2017 11:09:08 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/03/2017 1:53:21 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 20.
Log: 'System' Date/Time: 30/03/2017 12:57:13 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/03/2017 12:51:46 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#8&B400CA5&0&20060413092100000&0#.
Log: 'System' Date/Time: 30/03/2017 12:49:18 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
