Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot access Safe Mode, System Restore and (most) anti-malware progra


  • Please log in to reply

#61
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/03/2017 11:11:47 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/03/2017 12:51:59 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/03/2017 1:09:38 PM
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}', feature 'Application' failed during request for component ''

Log: 'Application' Date/Time: 30/03/2017 1:01:33 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 30/03/2017 1:01:33 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 30/03/2017 12:58:31 PM
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}', feature 'Application' failed during request for component ''

Log: 'Application' Date/Time: 30/03/2017 12:51:24 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=12CC}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: THOMAS-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 30/03/2017 12:51:08 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=12CC}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 30/03/2017 12:50:48 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance UPSWSDBSERVER is not valid.

 


  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP
 
 
Control Panel, (View, By Large Icons), Windows Update, Change Settings
 
Change Important Updates to Check for updates but let me choose to download and Install them.  OK
 
Copy the next line:
 
net stop bits & Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" & net start bits
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter
 
Now type:
 
sc start wuauserv

Hit Enter.  Does it say it's already started?

 

You may need to run System Update Readiness Tool for Windows 7

 
This link is for 64 bit:
 
This may be something you want to run at night while you sleep.  Can take a long time.
 
Once that runs then get
 
 KB3083710 and KB3102810  if you don't already have them.
 
 
 
If that fails then you can try 
Windows Repair all in one
 
 
Download it and save it then run it.
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
Make sure  only this is checked before hitting Start:
 
 
Repair Windows Updates
 
 
Reboot when done and run VEW again as before.

  • 0

#63
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

sc start wuauserv

(SC) StartService FAILED 1056:

 

An instance of the service is already running.


  • 0

#64
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Are you still working on the Safe Mode/F8 issue and the Windows Installer issue?


  • 0

#65
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

Windows Installer. 

 

For Safe Mode:

If the problem is not being able to hit F8 during boot and get in to Safe Mode then you can search for

 

msconfig

 

and hit Enter.

 

Then on the Boot tab, check Safe Boot and Network.  Then OK and reboot.  It should go into Safe Mode with Networking on its own.  You will have to go back into msconfig and uncheck them or it will keep going to safe Mode.  


  • 0

#66
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

I already knew about that method, that's not giving me warm fuzzies and I'm not comfortable with that - i would like to enter Safe Mode as previously done via F8 - is there not a cure for this?

 

What if I go back and do a System Restore? (oldest point was 3/26 -12:12pm) - would this fix it or would I be bringing the virus back again?


  • 0

#67
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Besides all that, if the computer cannot boot up using the F8 function, you lose more than just Safe Mode.

 

I'd like to know that the computer is capable of booting into the safe mode/command mode area because we often get electrical spikes causing the computer to shut down and/or shut down and start up and there have been times i have had to move the selection bar to repair mode (such as CHKDSK) - if the computer doesn't enter into this it will not boot into Windows.


  • 0

#68
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

This computer is at my business and it NEEDS to function as it did in the past - it takes orders electronically, processes credit cards, makes and prints invoices, etc. - if not, then I'm forced to do a re-format to insure the business doesn't get shut-down for something I can correct now.


  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

System Restore will bring back the virus.  The usual procedure now is to remove all old system restore points so that it can't accidentally come back.

 

 

What happens when you try to use F8?  Is this a wireless keyboard? wired usb keyboard or PC keyboard?


  • 0

#70
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Nothing happens when pressing F8 and that's what scares me...should we get an electrical spike the computer should shutoff/reboot as in the past it would go into Advanced Boot Mode making me select anything from Repair This Computer to Safe Mode or Start Windows Normally. Because the F8 key is not functioning I have no idea what will happen. How do we know the computer even has the capability to go into Advanced Boot Mode?

 

The keyboard is NOT wireless - USB connect


  • 0

Advertisements


#71
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

I just re-booted, tried tapping F8 to enter into Advanced Mode/Safe Mode - the computer remained with a black screen for 17 minutes until Windows finally opened. You could hear the hardware working during this time and it was like it was trying to figure out where to take me next - like something is screwed up in the booting sequence or maybe the winload.exe file is corrupt? - it wouldn't surprise me that all those blue screens I saw while trying to get rid of this virus didn't have an effect.


  • 0

#72
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

Assuming the F8 is not defective the usual fix is a Repair Install which then requires that you download and install 200+ updates on Win 7.

 

 However we can try and look at the boot log and see if we see something obvious.  Search for

msconfig

hit Enter

under the boot tab

check boot log

 

OK

Reboot and then try to get into Safe Mode

 

Once it finally gives up and boots into regular mode, give it a few minutes to finish the boot then restart it into regular mode.

Go back in to msconfig and uncheck bootlog

Now find the file:  c:\windows\ntbtlog.txt  and open it in notepad and copy and paste the whole thing.  (You can attach it if you would rather.)  If it says the file is in use you can usually copy it and then paste it on to your desktop and open it from there.

 

One other thing we need is an export of 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

 

go in to regedit and locate the above key.  Right click on SafeBoot and Export (to your desktop - call it sb).  Rename sb.reg to sb.txt and attach it to the Reply.

 

Looking at safeboot in my win 7 it looks generic so we can also try just replacing your safeboot with an export of mine but let me look at yours first.


  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,017 posts
  • MVP

You had some minidumps showing in your FRST scans.  Can you attach the latest one of them?  You may have to rename it to .txt or zip it up to get the forum to let you attach it.


  • 0

#74
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

How do I attach the SB.txt file to send to you?


  • 0

#75
playwiffme

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Thomas (administrator) on THOMAS-PC (30-03-2017 02:10:43)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Loaded Profiles: Thomas (Available Profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsService.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Frontier Texting\java_vm\bin\zipwhipw.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Reason\Security\rsLggr.exe
(Sysinternals - www.sysinternals.com) C:\Users\Thomas\Documents\Software Programs\Process Explorer\procexp(1).exe
(Sysinternals - www.sysinternals.com) C:\Users\Thomas\AppData\Local\Temp\procexp(1)64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Run: [Frontier Texting] => C:\Program Files\Frontier Texting\Frontier Texting.lnk [1832 2016-11-08] ()
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
BootExecute: autocheck autochk * bootdeletebootdeletebootdeletebootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{95C5EA71-8623-416C-AAEC-D3AA4AF7581A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9612667B-16FF-47A2-8AC8-4084E6EAD0FB}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll No File

FireFox:
========
FF DefaultProfile: ixg7h6xy.default-1476596056535
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\vf9r2hzq.default [not found]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 [2017-03-30]
FF Homepage: Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535 -> www.msn.com/
FF Extension: (AdBlocker for YouTube™) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\Extensions\[email protected] [2016-12-05]
FF Extension: (Site Deployment Checker) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ixg7h6xy.default-1476596056535\features\{ec85e9e5-61a9-4f62-884b-d3976b9e3ed7}\[email protected] [2017-03-24]
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\embvo3sn.Default User [2017-03-30]
FF Homepage: Mozilla\Firefox\Profiles\embvo3sn.Default User -> hxxp://www.msn.com/
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-11-06]
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-02-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-06-30] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2364491048-255812346-798213191-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Thomas\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-20] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default [2017-03-30]
CHR Extension: (Google Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Flash Video Downloader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-26]
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (MagMouse) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\biofinbccickkakhihdmkafjniganmee [2016-10-03]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Google Hangouts) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Video DownloadHelper) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-21]
CHR Extension: (Aimersoft Video Converter Ultimate) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb [2015-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]
CHR HKU\S-1-5-21-2364491048-255812346-798213191-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-09-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-01-20] (Citrix Online, a division of Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-04-06] (Pervasive Software Inc.)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-03-29] ()
R2 rsService; C:\Program Files\Reason\Security\rsService.exe [198424 2017-03-13] (Reason Software Company Inc.)
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [321064 2016-10-19] (SplitCam Co.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ESGIGUARD; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2016-11-29] ()
S3 ESGSCANNER; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [23112 2017-03-29] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2016-08-02] (Windows ® Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37600 2016-08-02] (Windows ® Win 7 DDK provider)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-26] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 00:18 - 2017-03-30 00:18 - 04089296 _____ C:\Users\Thomas\Downloads\AdwCleaner(4).exe
2017-03-29 20:22 - 2017-03-29 20:22 - 00001978 _____ C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
2017-03-29 20:22 - 2017-03-29 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
2017-03-29 20:22 - 2017-03-29 20:22 - 00000000 ____D C:\Program Files\Hitman Pro 3.5
2017-03-29 20:02 - 2017-03-29 20:02 - 00000779 _____ C:\Users\Thomas\Documents\03-29-17-4.txt
2017-03-29 19:36 - 2017-03-29 19:36 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 37x Patchrar.exe
2017-03-29 19:24 - 2017-03-29 19:24 - 01388544 _____ C:\Users\Thomas\Downloads\Hitman Pro 3715 Build 281 x64 Crack [4realtorrentz]zip.exe
2017-03-29 19:17 - 2017-03-29 19:17 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 3718 Build 283rar.exe
2017-03-29 19:09 - 2017-03-29 19:09 - 01388544 _____ C:\Users\Thomas\Downloads\HitmanPro 3715 Build 281 Patch is Here [LATEST].exe
2017-03-29 18:44 - 2017-03-29 20:21 - 00000000 ____D C:\ProgramData\Hitman Pro
2017-03-29 17:46 - 2017-03-29 17:46 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\Downloads\HitmanPro_x64(2).exe
2017-03-29 17:38 - 2017-03-29 17:38 - 09741664 _____ (SurfRight B.V.) C:\Users\Thomas\Downloads\HitmanPro_x64(1).exe
2017-03-29 16:36 - 2017-03-29 16:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\uSeRiNiT.exe
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task 1
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task 0
2017-03-29 15:50 - 2017-03-30 01:40 - 00003826 _____ C:\Windows\System32\Tasks\RCS Updater Task
2017-03-29 15:50 - 2017-03-29 15:50 - 00000000 ____D C:\ProgramData\Reason
2017-03-29 15:49 - 2017-03-29 15:49 - 00003540 _____ C:\Windows\System32\Tasks\Reason Core Security Scheduled Scan
2017-03-29 15:49 - 2017-03-29 15:49 - 00003406 _____ C:\Windows\System32\Tasks\Reason Core Security
2017-03-29 15:49 - 2017-03-29 15:49 - 00001102 _____ C:\Users\Thomas\Desktop\Reason Core Security.lnk
2017-03-29 15:49 - 2017-03-29 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-03-29 15:48 - 2017-03-29 15:48 - 00000000 ____D C:\Program Files\Reason
2017-03-29 15:46 - 2017-03-29 15:46 - 07141600 _____ (Reason Software Company Inc.) C:\Users\Thomas\Downloads\reason-core-security-setup.exe
2017-03-29 15:05 - 2017-03-29 15:05 - 00000487 _____ C:\Users\Thomas\Documents\03-29-17-3.txt
2017-03-29 15:04 - 2017-03-29 15:04 - 00000041 _____ C:\Users\Thomas\Documents\03-29-17-2.txt
2017-03-29 15:00 - 2017-03-30 00:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-29 14:57 - 2017-03-30 00:00 - 00000000 ____D C:\Users\Thomas\Desktop\mbar
2017-03-29 14:56 - 2017-03-29 14:56 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001(1).exe
2017-03-29 11:51 - 2017-03-29 11:51 - 00000101 _____ C:\Users\Thomas\Documents\03-29-17-1.txt
2017-03-29 11:38 - 2017-03-29 11:39 - 00000000 ____D C:\Users\Thomas\AppData\Local\microlabs
2017-03-29 08:58 - 2017-03-29 08:58 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001(1).zip
2017-03-29 08:53 - 2017-03-29 08:53 - 00448512 _____ (OldTimer Tools) C:\Users\Thomas\Downloads\TFC(1).exe
2017-03-29 08:32 - 2017-03-29 08:32 - 06705178 _____ C:\Users\Thomas\Downloads\mbam-chameleon-3.1.33.0.zip
2017-03-29 02:24 - 2017-03-29 02:24 - 00000783 _____ C:\Users\Thomas\Documents\03-29-17.txt
2017-03-29 01:27 - 2017-03-29 01:27 - 41764120 _____ (IObit ) C:\Users\Thomas\Downloads\imfv5-setup.exe
2017-03-29 01:21 - 2017-03-29 01:21 - 46510120 _____ (IObit ) C:\Users\Thomas\Downloads\IObit-Malware-Fighter-Setup
2017-03-29 01:19 - 2017-03-29 01:19 - 00211213 _____ C:\Users\Thomas\Downloads\imf-offline-db1635.zip
2017-03-29 00:39 - 2017-03-29 00:41 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 00:28 - 2017-03-29 00:33 - 55566792 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-03-28 16:44 - 2017-03-28 16:44 - 00000782 _____ C:\Users\Thomas\Documents\03-28-17-3.txt
2017-03-28 16:30 - 2017-03-28 16:30 - 00003075 _____ C:\Users\Thomas\Downloads\fixlist.txt
2017-03-28 15:32 - 2017-03-28 15:32 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill64.exe
2017-03-28 14:56 - 2017-03-29 13:13 - 00000348 _____ C:\Users\Thomas\Documents\03-28-17-2.txt
2017-03-28 13:18 - 2017-03-28 13:18 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64(1).exe
2017-03-28 11:57 - 2017-03-28 11:57 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Thomas\Downloads\procexp(1).exe
2017-03-28 11:03 - 2017-03-28 11:03 - 00000900 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-03-28 11:03 - 2017-03-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-03-28 11:02 - 2017-03-28 11:03 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-03-28 10:59 - 2017-03-28 11:01 - 243565384 _____ (Emsisoft Ltd. ) C:\Users\Thomas\Downloads\EmsisoftAntiMalwareSetup.exe
2017-03-28 09:03 - 2017-03-28 09:03 - 49405136 _____ (Microsoft Corporation) C:\Users\Thomas\Downloads\Windows-KB890830-x64-V5.46.exe
2017-03-28 08:47 - 2017-03-28 10:53 - 00000228 _____ C:\Users\Thomas\Documents\03-28-17-1.txt
2017-03-28 03:34 - 2017-03-28 03:34 - 00000000 ____D C:\VIPRERESCUE
2017-03-28 03:30 - 2017-03-28 03:33 - 315179008 _____ C:\Users\Thomas\Downloads\VIPRERescue.exe
2017-03-28 03:07 - 2017-03-28 03:07 - 00023197 _____ C:\Users\Thomas\Documents\03-28-17.txt
2017-03-28 03:03 - 2017-03-28 03:03 - 00023197 _____ C:\Windows\system32\0
2017-03-28 02:54 - 2017-03-28 02:55 - 19044562 _____ C:\Users\Thomas\Downloads\mbar-1.09.3.1001.zip
2017-03-27 17:22 - 2017-03-27 17:22 - 00001324 _____ C:\AdwCleaner[R3].txt
2017-03-27 16:36 - 2017-03-27 16:36 - 00000700 _____ C:\Users\Thomas\Documents\03-27-17.txt
2017-03-27 10:55 - 2017-03-27 10:56 - 00059427 _____ C:\Users\Thomas\Downloads\Addition.txt
2017-03-27 10:53 - 2017-03-27 10:56 - 00079814 _____ C:\Users\Thomas\Downloads\FRST.txt
2017-03-27 10:52 - 2017-03-30 02:10 - 00000000 ____D C:\FRST
2017-03-27 10:52 - 2017-03-27 10:52 - 02424832 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.scr
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(4).exe
2017-03-27 09:53 - 2017-03-27 09:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).com
2017-03-27 09:12 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Desktop\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 09:11 - 2017-03-27 09:12 - 57131432 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-27 07:58 - 2017-03-27 07:58 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner (5).exe
2017-03-27 02:58 - 2017-03-27 02:58 - 00002407 _____ C:\Users\Thomas\Desktop\RKreport[5]_D_03272017_02d0258.txt
2017-03-27 02:58 - 2017-03-27 02:58 - 00002364 _____ C:\Users\Thomas\Desktop\RKreport[4]_S_03272017_02d0258.txt
2017-03-27 02:56 - 2017-03-27 02:56 - 00002710 _____ C:\Users\Thomas\Desktop\RKreport[3]_D_03272017_02d0256.txt
2017-03-27 02:55 - 2017-03-27 02:55 - 00002718 _____ C:\Users\Thomas\Desktop\RKreport[2]_S_03272017_02d0255.txt
2017-03-27 02:54 - 2017-03-27 02:54 - 00002681 _____ C:\Users\Thomas\Desktop\RKreport[1]_S_03272017_02d0254.txt
2017-03-27 01:52 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Desktop\tdsskiller(1).exe
2017-03-27 01:52 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe
2017-03-27 01:51 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Desktop\mbar-1.09.3.1001.exe
2017-03-27 01:49 - 2017-03-27 01:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001.exe
2017-03-27 00:19 - 2017-03-27 00:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Thomas\Downloads\tdsskiller(1).exe
2017-03-26 22:54 - 2017-03-26 22:54 - 00001387 _____ C:\AdwCleaner[R2].txt
2017-03-26 22:51 - 2017-03-30 01:21 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps
2017-03-26 21:02 - 2017-03-28 02:08 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-26 21:01 - 2017-03-26 22:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000862 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-26 21:01 - 2017-03-26 21:01 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-26 21:00 - 2017-03-26 21:01 - 35109888 _____ (Adlice Software ) C:\Users\Thomas\Downloads\setup.exe
2017-03-26 20:59 - 2017-03-29 01:11 - 00000000 ____D C:\Users\Thomas\Desktop\RK_Quarantine
2017-03-26 19:30 - 2017-03-30 02:10 - 00051042 _____ C:\Windows\ZAM.krnl.trace
2017-03-26 19:30 - 2017-03-30 02:10 - 00020530 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-26 19:30 - 2017-03-26 19:30 - 00001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Users\Thomas\AppData\Local\Zemana
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-26 19:30 - 2017-03-26 19:30 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-26 19:28 - 2017-03-26 19:29 - 05740956 _____ (Zemana Ltd. ) C:\Users\Thomas\Downloads\eXplorer(1).exe
2017-03-26 19:19 - 2017-03-26 19:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\RKill_2.8.2.0.com
2017-03-26 19:18 - 2017-03-26 19:18 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(3).exe
2017-03-26 19:09 - 2017-03-26 19:09 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).exe
2017-03-26 18:43 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\iExplore.exe
2017-03-26 18:42 - 2017-03-26 18:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\iExplore.exe
2017-03-26 18:32 - 2017-03-26 18:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\eXplorer.exe
2017-03-26 18:29 - 2017-03-26 18:30 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(2).com
2017-03-26 18:26 - 2017-03-26 18:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill(1).exe
2017-03-26 18:24 - 2017-03-26 18:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\Tom-fix.exe
2017-03-26 18:22 - 2017-03-26 18:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Downloads\rkill.exe
2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex
2017-03-25 18:23 - 2017-03-25 18:24 - 04031440 _____ C:\Users\Thomas\Downloads\AdwCleaner(3).exe
2017-03-25 18:21 - 2017-03-25 18:21 - 00001234 _____ C:\AdwCleaner[R1].txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 01:48 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 01:48 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-30 01:41 - 2016-11-18 10:18 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2017-03-30 01:39 - 2015-04-02 17:24 - 00000000 ____D C:\Program Files\Frontier Texting
2017-03-30 01:39 - 2012-06-30 12:25 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-30 01:39 - 2011-11-10 19:10 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-30 01:38 - 2014-03-28 05:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job
2017-03-30 01:38 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-30 01:14 - 2012-06-29 22:08 - 00000000 ____D C:\Users\Thomas
2017-03-30 00:45 - 2012-07-04 00:19 - 00000000 ____D C:\Users\Thomas\Documents\My Stuff
2017-03-30 00:36 - 2014-01-19 00:37 - 00000000 ____D C:\AdwCleaner
2017-03-30 00:20 - 2012-06-29 22:57 - 00000000 ____D C:\Users\Thomas\Documents\Software Programs
2017-03-30 00:04 - 2014-04-30 01:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 23:45 - 2014-04-30 01:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-29 23:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SchCache
2017-03-29 23:19 - 2016-05-21 22:05 - 00001057 _____ C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2017-03-29 23:19 - 2016-05-21 22:05 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Vso
2017-03-29 20:48 - 2012-07-01 20:50 - 00000000 ____D C:\Users\Thomas\Documents\ConvertXToDVD
2017-03-29 20:48 - 2009-07-14 01:13 - 00852428 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-29 20:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-29 20:22 - 2013-01-07 03:15 - 00023112 _____ C:\Windows\system32\Drivers\hitmanpro35.sys
2017-03-29 19:58 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032917-38703-01.dmp
2017-03-29 19:58 - 2012-09-23 23:22 - 00000000 ____D C:\Windows\Minidump
2017-03-29 19:56 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-32261-01.dmp
2017-03-29 19:54 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-34476-01.dmp
2017-03-29 19:53 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032917-35599-01.dmp
2017-03-29 19:40 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-73476-01.dmp
2017-03-29 19:32 - 2016-01-15 15:16 - 00002046 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00002044 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00002034 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-03-29 19:32 - 2016-01-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-29 19:15 - 2012-06-30 02:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-29 16:41 - 2016-10-15 22:56 - 00000002 _____ C:\Users\Thomas\Desktop\Rkill.txt
2017-03-29 16:02 - 2013-03-24 02:41 - 00000000 ____D C:\Program Files (x86)\Replay Video Capture 6
2017-03-29 01:50 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-29125-01.dmp
2017-03-29 01:47 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-27034-01.dmp
2017-03-29 01:45 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-30685-01.dmp
2017-03-29 01:43 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-26707-01.dmp
2017-03-29 01:41 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032917-32042-01.dmp
2017-03-29 01:38 - 2016-06-28 09:20 - 00000194 _____ C:\Windows\system32\.crusader
2017-03-28 20:14 - 2016-10-19 19:59 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Adblock Plus for IE
2017-03-28 18:51 - 2012-07-06 20:26 - 00000000 ____D C:\Users\Thomas\Documents\My Streaming Media
2017-03-28 16:40 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-34398-01.dmp
2017-03-28 16:05 - 2016-12-03 10:24 - 00303024 ____N C:\Windows\Minidump\032817-31715-01.dmp
2017-03-28 16:04 - 2016-12-03 10:24 - 00303080 ____N C:\Windows\Minidump\032817-42713-01.dmp
2017-03-28 14:41 - 2015-04-26 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 13:39 - 2015-03-26 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-27 16:47 - 2009-07-14 01:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-27 08:00 - 2012-07-01 14:03 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\uTorrent
2017-03-26 17:37 - 2012-08-05 21:25 - 00000000 ____D C:\ProgramData\ThumbsPlus
2017-03-26 15:20 - 2012-08-05 19:09 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\ThumbsPlus
2017-03-25 18:32 - 2016-01-15 15:26 - 00000000 ___RD C:\Users\Thomas\Google Drive
2017-03-25 14:27 - 2011-07-20 09:02 - 00000000 ___HD C:\OEM
2017-03-21 19:24 - 2016-05-17 23:35 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-21 19:24 - 2016-05-17 23:35 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-21 19:24 - 2014-09-02 07:08 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2017-03-21 19:24 - 2011-07-20 08:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-21 12:07 - 2014-08-25 18:55 - 00005052 _____ C:\Windows\DUNZLOG.TXT
2017-03-20 23:48 - 2011-05-10 17:15 - 00000000 ____D C:\Users\Thomas\Documents\Adult
2017-03-19 04:57 - 2012-07-16 11:42 - 00000000 ____D C:\Users\Thomas\AppData\Local\ElevatedDiagnostics
2017-03-18 08:25 - 2017-02-27 13:14 - 00004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-17 12:49 - 2013-01-01 03:06 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Smilebox
2017-03-11 15:17 - 2012-07-04 22:20 - 00000000 ____D C:\Users\Thomas\Documents\My Scans
2017-03-09 21:40 - 2012-09-03 12:07 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 21:40 - 2012-09-03 12:07 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-02 08:19 - 2014-12-27 00:32 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-02 08:19 - 2014-12-27 00:31 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-03-02 08:19 - 2014-12-27 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== Files in the root of some directories =======

2014-11-13 08:30 - 2014-11-13 08:30 - 6000640 _____ () C:\Program Files (x86)\GUT5B97.tmp
2017-02-26 19:16 - 2017-02-26 19:24 - 7680000 _____ () C:\Program Files (x86)\GUT849B.tmp
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Amp
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\Bass Reduction
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\Users\Thomas\AppData\Roaming\BookService
2016-05-20 15:33 - 2016-05-21 20:48 - 0099384 _____ () C:\Users\Thomas\AppData\Roaming\inst.exe
2013-03-02 18:55 - 2013-03-02 18:55 - 0000082 _____ () C:\Users\Thomas\AppData\Roaming\mbam.context.scan
2016-05-18 18:14 - 2016-05-21 20:48 - 0007859 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.cat
2016-05-18 18:14 - 2016-05-21 20:48 - 0001167 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.inf
2016-05-18 18:14 - 2016-05-21 20:48 - 0000055 _____ () C:\Users\Thomas\AppData\Roaming\pcouffin.log
2016-05-18 18:14 - 2016-05-21 20:48 - 0082816 _____ (VSO Software) C:\Users\Thomas\AppData\Roaming\pcouffin.sys
2014-09-03 17:00 - 2014-09-03 17:00 - 35123384 _____ (VSO Software                                                ) C:\Users\Thomas\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2016-05-21 22:05 - 2017-03-29 23:19 - 0001057 _____ () C:\Users\Thomas\AppData\Roaming\vso_ts_preview.xml
2015-05-20 18:10 - 2017-01-09 23:07 - 0014848 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-14 23:07 - 2016-10-14 23:09 - 0000003 _____ () C:\Users\Thomas\AppData\Local\run1.txt
2013-01-12 18:20 - 2013-01-12 18:20 - 2250054 _____ () C:\ProgramData\1.bmp
2013-01-12 18:19 - 2013-01-12 18:19 - 0444366 _____ () C:\ProgramData\1.jpg
2011-11-10 19:29 - 2011-11-10 19:31 - 0014756 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Breath Pad
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Brother
2014-02-05 21:35 - 2014-02-05 21:35 - 0000268 ___RH () C:\ProgramData\Bubble Noise
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Classical
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\Clips
2014-02-05 21:35 - 2014-02-05 21:35 - 0000012 ___RH () C:\ProgramData\ColorSync
2012-06-30 18:14 - 2013-10-16 14:30 - 0002719 _____ () C:\ProgramData\hpzinstall.log
2014-02-05 21:35 - 2014-02-05 21:35 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-05 21:35 - 2014-02-05 21:37 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-05 21:35 - 2014-02-05 21:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
2017-03-29 16:35 - 2017-03-29 16:35 - 0040960 _____ () C:\Users\Thomas\AppData\Local\Temp\abde0p7s.dll
2017-03-29 01:12 - 2016-09-09 14:23 - 1732864 _____ (Microsoft Corporation) C:\Users\Thomas\AppData\Local\Temp\dllnt_dump.dll
2017-03-30 01:23 - 2017-03-29 17:46 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro.exe
2017-03-29 17:39 - 2017-03-29 17:40 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro_x64(1).exe
2017-03-29 17:41 - 2017-03-29 17:42 - 11581544 _____ (SurfRight B.V.) C:\Users\Thomas\AppData\Local\Temp\HitmanPro_x64.exe
2017-03-30 02:03 - 2017-03-30 02:03 - 1452200 _____ (Sysinternals - www.sysinternals.com) C:\Users\Thomas\AppData\Local\Temp\procexp(1)64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 05:14

==================== End of FRST.txt ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP