Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot access Safe Mode, System Restore and (most) anti-malware progra

Started by playwiffme , Mar 28 2017 11:00 AM

  • Please log in to reply

#76
playwiffme
Posted 30 March 2017 - 01:05 PM

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Thomas (30-03-2017 02:12:42)
Running from C:\Users\Thomas\Documents\Software Programs\Farbar Recovery Tool - 1
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-30 02:08:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2364491048-255812346-798213191-500 - Administrator - Disabled)
Guest (S-1-5-21-2364491048-255812346-798213191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2364491048-255812346-798213191-1006 - Limited - Enabled)
Thomas (S-1-5-21-2364491048-255812346-798213191-1001 - Administrator - Enabled) => C:\Users\Thomas
UpdatusUser (S-1-5-21-2364491048-255812346-798213191-1000 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0708.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Active WebCam (HKLM-x32\...\Active WebCam) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version:  - Aimersoft Software)
Aimersoft Helper Compact 2.5.0 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.0 - Aimersoft)
Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software)
AlignmentUtility (x32 Version: 19.00.0000 - UPS) Hidden
Animated GIF producer 5.0 TRIAL (HKLM-x32\...\Animated GIF producer 5.0 TRIAL_is1) (Version:  - AVLAN Design)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Barcode Generator version 02.10.10 (HKLM-x32\...\{4E846FBC-F6B3-4767-A0DF-C38D8CD0E13D}_is1) (Version: 02.10.10 - Aurora3D Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
C5500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCC (x32 Version: 19.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.1720.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7713 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.01.3500 - Acer Incorporated)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Identifier (HKLM-x32\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.2 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.201 - Seagate)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FormsComponent (x32 Version: 19.00.0000 - UPS) Hidden
FOSS (x32 Version: 19.00.0000 - UPS) Hidden
Frontier Texting (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Frontier Texting) (Version: 2.5.0b3 - Zipwhip Inc.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hitman Pro 3.5 (HKLM\...\HitmanPro35) (Version: 3.5.9.125 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
iCare Data Recovery Pro (HKLM-x32\...\{F7EAB243-4D0C-47F5-A4F1-74D350E45489}_is1) (Version: 7.6 - iCare Recovery)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 19.00.0000 - UPS)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Inpaint 5.0 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.117 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.5.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.0 - )
Machete Lite 3.8 (HKLM-x32\...\{CBA55866-5332-4E19-867F-30F7E22E9F1E}) (Version: 3.8.33 - MacheteSoft)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.0.5 (HKLM-x32\...\ManyCam) (Version: 5.0.5 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MKVToolNix 8.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
MSIChecker (x32 Version: 19.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NA1Messenger (x32 Version: 19.00.0000 - Your Company Name) Hidden
Nero 2016 (HKLM-x32\...\{4297E807-5633-466A-8AC0-5AC48D310471}) (Version: 17.0.02000 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
NetObjects Fusion 10.0 (HKLM-x32\...\{ECC8CC4E-2291-438F-9601-C8A6BFBA0880}) (Version: 10.0 - )
NetObjects Fusion 11.0 (HKLM-x32\...\{1BD687EB-C093-4BA5-B336-AEF08C314921}) (Version: 11.0 - )
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Nikon View 6 (HKLM-x32\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version:  - )
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NRF (x32 Version: 19.00.0000 - UPS) Hidden
NVIDIA Graphics Driver 267.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6733 - NVIDIA Corporation)
Peachtree Accounting 2010 (x32 Version: 17.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2010 (HKLM-x32\...\InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}) (Version: 17.00.00 - Sage Software, Inc.)
Peachtree Pro Accounting 2010 (HKLM-x32\...\Peachtree Pro Accounting) (Version:  - )
PeachTree Signature Ready Forms (x32 Version: 6.7.4 - Sage Software SB, Inc.) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pervasive PSQL v10.10 Workgroup (32-bit) (x32 Version: 10.12.025 - Pervasive Software) Hidden
Photo Collage Creator 3.61 (HKLM-x32\...\Photo Collage Creator_is1) (Version:  - AMS Software)
PhotoScissors 3.0 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version:  - teorex)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PolicyManager (x32 Version: 19.00.0000 - UPS) Hidden
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
PS_AIO_04_C5500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 2.1.0.9 - Reason Software Company Inc.)
Reconciler (x32 Version: 19.00.0000 - UPS) Hidden
Replay Media Catcher 4 (4.3.0) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.0 - Applian Technologies)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
RogueKiller version 12.10.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.1.0 - Adlice Software)
Sage Message Center (x32 Version: 2.00.0000 - Sage Software Inc.) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.18656 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Smilebox (HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SplitCam (HKLM-x32\...\SplitCam) (Version: 7.5.3.2 - SplitCam Co)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1006 - SUPERAntiSpyware.com)
SupportUtility (x32 Version: 19.00.0000 - UPS) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System (x32 Version: 19.00.0000 - UPS) Hidden
ThumbsPlus (HKLM-x32\...\ThumbsPlus) (Version:  - Cerious Software Inc.)
ThumbsPlus (x32 Version: 8.1.0.3537 - Cerious Software Inc.) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.5.1 - Tweaking.com)
UnifiedPrinting (x32 Version: 19.00.0000 - UPS) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 19.0 - UPS)
UPSDB (x32 Version: 19.00.0000 - UPS) Hidden
UPSICC (x32 Version: 19.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 19.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVC2013MM (x32 Version: 19.00.0000 - Your Company Name) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Web Easy Professional (HKLM-x32\...\{B651BFCB-C9F3-489C-A2A7-764A12E2C79B}) (Version: 10.1 - Avanquest)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 19.00.0000 - UPS)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3502 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinX Free FLV to AVI Converter 4.1.10 (HKLM-x32\...\WinX Free FLV to AVI Converter_is1) (Version:  - Digiarty Software,Inc.)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Wondershare Photo Collage Studio 4.2.12.13 (HKLM-x32\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.12.13 - Wondershare Software Co.,Ltd.)
Wondershare Video Editor(Build 4.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
WorldShip (x32 Version: 19.00.0000 - UPS) Hidden
WSShared (x32 Version: 19.00.0000 - UPS) Hidden
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2364491048-255812346-798213191-1001_Classes\CLSID\{8AE44FFE-BF0D-085D-33DC-93B2E248BF89}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16DAEEF1-75E7-4967-A0AB-639073B50045} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff9880ae2cc6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {23177269-9013-451C-8386-C179F89D9EF2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {308FD6D4-4710-4B08-958E-FB8E8207AB69} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.)
Task: {30D563EB-3867-4832-BFA7-64DBE08DDE52} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.)
Task: {35019353-69F0-4746-BE54-767EC85E237A} - System32\Tasks\RCS Updater Task => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {4C49873D-9FA8-44D9-9FD3-69F404A3DB13} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4E052D3B-423D-4CE5-9A57-2C9CA78EF7FD} - System32\Tasks\{1390CD58-C961-4F8A-9697-BC0F2EA7DE28} => pcalua.exe -a "C:\Users\Thomas\Documents\Software Programs\NetObjects-10\NetObjectsFusion.exe" -d "C:\Users\Thomas\Documents\Software Programs\NetObjects-10"
Task: {4E275314-7276-4B2E-9C86-555EDAA12582} - System32\Tasks\RCS Updater Task 1 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {67EFCEAA-3903-4A4D-B5AD-7373C6C4BDF8} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {6F64FB0E-FDD2-47D6-8BC4-ED656B932489} - System32\Tasks\{2666C777-E13A-4E21-A384-401634CFE18B} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\Uninst.isu" -c"C:\Program Files (x86)\NetObjects\NetObjects Fusion Essentials\uninst.dll"
Task: {723BB62B-9A9A-4863-A61B-663D2EE58991} - System32\Tasks\{7EC91944-1AE2-4040-A2D5-A5C2808F1330} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {74670948-AC2F-402F-994D-9F6CBC2AA903} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {8B0DEE79-BA34-4030-8278-D24541977994} - System32\Tasks\{2344072B-ABA6-4FD7-883D-7937D39C1457} => pcalua.exe -a C:\UPS\WSTD\FOSS\Drivers\Eltron\Setup.exe -d C:\UPS\WSTD\FOSS\Drivers\Eltron
Task: {A9846488-A41D-4418-B486-6D294D30EC95} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a74d539a8c8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AFCA692E-354B-4832-9DBB-5B74505380B4} - System32\Tasks\RCS Updater Task 0 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()
Task: {C2BB3B62-DF0B-48AB-A762-92DD0030BE9B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C41F54D2-3C66-4BDB-A255-34304978D1AB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-18] (Adobe Systems Incorporated)
Task: {D4CAA19A-0D42-46EB-8D2F-EAE5E9F02170} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {D529A07A-6B47-4D71-A819-348965BCAF8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DDDA45C2-04B6-42BC-A39A-CA370EDDF848} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {F362E5F4-6301-4F1F-8282-95E4892457E2} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4a65f48969b0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-20 15:57 - 2015-11-20 15:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-29 15:50 - 2017-03-29 15:51 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2016-05-25 08:38 - 2016-05-25 08:38 - 00129304 _____ () C:\Program Files\Reason\Security\x64\lz4_x64.dll
2017-03-29 15:50 - 2017-03-29 15:51 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2017-03-13 12:59 - 2017-03-13 12:59 - 00582936 _____ () C:\Program Files\Reason\Security\rsLggr.exe
2011-05-20 15:13 - 2011-05-20 15:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Thomas\Downloads\Kristin.mp3:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2364491048-255812346-798213191-1001\Software\Classes\.scr: scrfile =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2364491048-255812346-798213191-1001\...\paypal.com -> hxxps://www.paypal.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-23 20:50 - 2017-03-30 01:39 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2364491048-255812346-798213191-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: KSS => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkvMon.exe.lnk => C:\Windows\pss\NkvMon.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk => C:\Windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk => C:\Windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Thomas\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSUpdater => C:\UPS\WSTD\CF\WorldShipCF.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45C8A10F-2FF6-4D87-9665-A22AA70DAFBE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5A6E31E7-15DB-46D0-A20F-83457C526220}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{7AC4E3B6-169A-48D9-B967-70426B56DA30}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{1E6E2D4E-065E-4520-9DC6-6F991CCA8F9A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{366BAA21-74FF-447B-A5B0-0312692B5248}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{C7C78C39-A8FC-450B-B43C-6BCCBCD1E393}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{65105041-EB2C-431D-A588-EAA1687AF13B}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{6DF34829-2052-411A-A409-DCF8515CB7E6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{E49C7DC5-2AA2-4A92-BA1C-860F80B776D3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{FD1EA280-CACF-4175-8956-ED5A7B499485}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B4E2B11A-34CC-4826-980A-F157FB9C9EBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B88A86A5-2E99-4AAE-AB1C-872773AA7CB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D189DE28-0637-49E9-8808-9F48A29FFB84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FE67D766-DB21-4300-B80D-73EBF3F6F511}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1778FE0A-21FD-4A3C-9DF4-CC84403D2B76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{599E24F9-7BAB-4775-8D32-30556677CE6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{27BB0359-BE57-4044-AB4D-5DF6E43E0242}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{FB7511B2-9303-43E6-B280-9040098AA7A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E6B43D01-A3E8-4DD5-A090-065E48BC3585}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BEBE3EA8-5B9D-41AB-B074-7D3DDE7431A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17DCEE9C-6EB0-4DC3-9D3D-542916B1FD28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8FCFEBB4-6277-4089-A4EB-521F4F658940}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5AF32E7F-B313-4DFF-B331-5FC01A08425C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{82E35F61-DFE4-4F6C-8B70-3148250200D8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{B47E290C-5BA9-4FA9-95E9-096114153501}] => (Allow) LPort=1583
FirewallRules: [{AD894820-7BE5-42E4-A900-4FEE755FB2A2}] => (Allow) LPort=3351
FirewallRules: [{0B6E2700-DBB1-4EEB-9BA4-BBAA97B541C7}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{52FB2E7C-C939-47C8-B866-8F708B98A8F1}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{D39BCF72-91E1-4BD9-A04E-8C0C4D93D335}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{293BB0BE-8B5D-41AC-B233-BE830533AE81}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{87431AE6-8CA2-4656-B068-74467066863F}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{5E6362D6-5FA8-4841-80E6-687C6BA6032D}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{17CF3A75-C8A4-4791-8B6E-6DE1759CE312}] => (Allow) LPort=1434
FirewallRules: [{2D2BCF6A-1BD7-4E59-9133-3F7D009AD963}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AEFCA8D9-F3F1-4F98-9372-3651BD85D00B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5C4A0B7F-B5F2-4C7B-8542-08D570395B76}] => (Allow) C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3D592120-01B1-4E2D-9A9B-DAC2E8DC99C0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55DF9532-74EA-4F31-AD6B-510DA628093D}] => (Allow) LPort=2869
FirewallRules: [{590C98E9-8822-466C-98B1-BAAEB4F71B06}] => (Allow) LPort=1900
FirewallRules: [{0D1A9D6D-9F5E-4105-BC28-022FBF659872}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C20FEF1C-B44F-4550-8087-A513B61FBB11}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{38AF9D53-9A1F-4E97-B02B-BC2A8F36DC81}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{B1B345D7-055D-42FF-B5AE-D37CB1DD63E2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C633F96C-705D-43E6-9F7C-B03F1E8BDCB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67E4D9F7-4DD8-4A6E-B0BF-045D41A88C11}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DA1752BB-7B99-4039-B470-E7FADB567F7A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{AE419300-E45A-44E8-8CD4-34BC4282CB2E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{571321D2-9FDC-4219-8290-2D1496EC6CDE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E88C24E9-5795-4C46-9A4D-A59E41346B27}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{785509E7-0966-49A9-B375-8AFBF2248235}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B809CFE2-8646-445B-91C0-3AB7AF0F4F9F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{48C14C6A-6AF0-4B77-8D04-01CB24570FCC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F466404D-F4B7-43BC-BE29-7F6D9E579340}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8DA4B46-4C86-413F-AE6C-FB0075C31146}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FEC0336-AF8C-4BCA-9305-3823AA5F81D6}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4AFB8BA6-8B1C-445F-ACD4-72B0764EFAB4}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD562C63-0906-4A40-8E14-9F77EB8C1695}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0B69772-23A2-4209-8C9C-547642F4AB2F}] => (Allow) C:\Users\Thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{47496406-FABC-4D17-9F72-3391033C7D00}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{94D63014-325E-4A2E-99C0-BFA5DBAAF377}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe] => (Block) C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe
FirewallRules: [{B36EBC99-CF4F-4468-B9F3-6481CAFA0800}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DA7E325-DB82-4D35-A13E-C6EC0531B70B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{183AC061-1226-4819-A26C-354CFEAC87E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA7021D9-8A87-4B3E-9C27-794E2A343A15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18FC8F30-6C60-4D0F-BD86-B61C4B646CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{114A5DB6-5A6D-4A0F-8439-48E0E752A758}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE9BBE7A-3CA8-493A-9CD9-C5A40BBB0075}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{227A64CB-5D9D-4F53-9E14-E2219B21B57F}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{442CD5BD-7417-46A0-B9A9-C53B7373B572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{5C590FFE-4D6E-4415-B9A1-A217CF204CBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1DAEA779-2A80-418E-AC16-33B909C593CC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{40F9D36A-B07E-414D-9F49-BBA4B215175D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

26-03-2017 12:12:08 Installed WeatherBuddy
27-03-2017 03:02:43 Manual Restore
28-03-2017 18:01:35 Windows Update
29-03-2017 11:46:58 Manual Restore
29-03-2017 11:57:18 Restore Point Created by FRST
29-03-2017 16:54:17 Malwarebytes Anti-Rootkit Restore Point
29-03-2017 18:38:21 Checkpoint by HitmanPro
29-03-2017 18:39:51 Checkpoint by HitmanPro
29-03-2017 23:26:00 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2017 01:49:29 AM) (Source: ESENT) (EventID: 604) (User: )
Description: rsUI (3256) Locale ID 0x00000409 (English (United States) English) is either invalid or not installed on this machine.

Error: (03/30/2017 01:40:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 01:40:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Thomas\Desktop\esetsmartinstaller_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/30/2017 01:21:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2fde1
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x70c
Faulting application start time: 0x01d2a9141afd86a8
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: bc6780d2-1508-11e7-bd5f-3860773e2656

Error: (03/30/2017 01:13:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 12:52:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 12:49:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 12:45:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 12:02:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7601.18917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a8c

Start Time: 01d2a90a4e7e80ee

Termination Time: 0

Application Path: C:\Windows\system32\NOTEPAD.EXE

Report Id: a61eac6c-14fd-11e7-b109-3860773e2656

Error: (03/29/2017 11:30:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/30/2017 01:22:27 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/30/2017 01:19:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/30/2017 01:19:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/30/2017 01:17:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (03/30/2017 01:12:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Reason Core Security Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/30/2017 01:12:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Reason Core Security Service service to connect.

Error: (03/30/2017 12:51:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/30/2017 12:51:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (03/30/2017 12:49:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
The authentication service is unknown.

Error: (03/30/2017 12:49:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
A system shutdown is in progress.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8172.25 MB
Available physical RAM: 5476.76 MB
Total Virtual: 16342.68 MB
Available Virtual: 13312.3 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:923.45 GB) (Free:25.55 GB) NTFS
Drive d: (DATA) (Fixed) (Total:923.47 GB) (Free:923.05 GB) NTFS
Drive f: (Toshiba Ext HDD) (Fixed) (Total:931.51 GB) (Free:915.11 GB) NTFS
Drive o: (Elements) (Fixed) (Total:2794.52 GB) (Free:43.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C23FF5DB)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 37F19006)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#77
RKinner
Posted 30 March 2017 - 01:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
It will probably need to be either renamed as .txt or zipped up as the forum only allows certain extensions.
 
This looks like the last minidump:
 
C:\Windows\Minidump\032917-38703-01.dmp

  • 0

#78
playwiffme
Posted 30 March 2017 - 01:33 PM

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Attached File  SB.txt.reg   37.99KB   280 downloads


  • 0

#79
RKinner
Posted 30 March 2017 - 01:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Nothing much in the reg file.  You do have stuff from SuperAntiSpyware, McAfee, Hitman Pro that you probably don't need but that shouldn't keep it from booting.

 

Can you get the boot log?

 

ntbtlog.txt in c:\windows  


  • 0

#80
playwiffme
Posted 30 March 2017 - 01:54 PM

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Of course Safe Mode did not work again - it took 11 minutes (I timed it) once I got onto the desktop before I could open a browser or open msconfig to uncheck the box. The only thing I could do during those 11 minutes was open Windows Explorer to see the ntblog file...

 

Don't forget, we still have Windows Installer opening when i right click on a file or browser window - but right now I'm more concerned over the Safe Mode issue.


  • 0

#81
playwiffme
Posted 30 March 2017 - 01:56 PM

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

ntbtlog.txt file enclosed...

Attached Files


  • 0

#82
RKinner
Posted 30 March 2017 - 02:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

When I look at the good boot  in the log there are only a few drivers that don't load and those that don't load never do on any Windows.  The boot just before it windows goes into a loop and keeps trying the same drivers over and over.  Something called ;ManyCam Virtual Microphone is in the loop in the safe mode part of the log but not in the normal boot.

 

I wonder if you uninstalled ManyCam if it would help.  It might also help to reinstall the intel chipset utility.

 

I found this trick which might make safe mode easier:

 

https://www.sevenfor...indows-7-a.html

 

 

See post 62 for the install problem:

 

http://www.geekstogo...-5#entry2594098


  • 0

#83
playwiffme
Posted 30 March 2017 - 03:11 PM

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Uninstalled Many Cam - did not help

 

Re: See post 62 for the install problem:  ??? - I thought I answered this already - here it is again

C:\Windows\system32>sc start wuauserv
(SC) StartService FAILED 1056:

An instance of the service is already running.

 

 

Have we even proven that this computer has the ability to get into Advanced Mode from anywhere yet? There's more in Advanced Mode than just Safe Mode.

 

I cannot have this computer left without the ability to get into Advanced Mode BEFORE Windows opens - what if Windows doesn't open?

 

If I'm forced to do a complete re-format I might try doing a System Restore first just to see if Safe Mode returns and then deal with the virus a second time. I can always still do the format.

 

Question - I don't know exactly when the virus hit - I'm thinking early afternoon on 3/26 - if System Restore takes me back to 12:12pm on 3/26 and that time is BEFORE the virus, I believe that as long as I

don't open any programs from that day and delete anything downloaded on that day the virus would not affect the computer - right? I'm also concerned over the fact that the 12:12pm on 3/26 says "install WeatherBuddy"

on the System Restore tab - don't know where that got picked up from as I certainly would NEVER have voluntarily wanted it.

 

How/where do you install the intel chipset utility? Do you really think this has a chance?

 

I await to hear back...


  • 0

#84
playwiffme
Posted 30 March 2017 - 03:35 PM

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

This Windows Installer opening anytime I right click on something is starting to get on my nerves...


  • 0

#85
RKinner
Posted 30 March 2017 - 04:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I don't think you have a  restore point old enough:

 

2017-03-26 12:13 - 2017-03-26 12:13 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 12:13 - 2017-03-26 12:13 - 00076576 ____N C:\Windows\system32\Drivers\ndistpr64.sys
2017-03-26 10:43 - 2017-03-26 10:43 - 00000000 ____D C:\Program Files (x86)\Teorex

 

but try it if you want.

 

shellexview should fix the right click problem.  Told you about it several post ago.

 

download ShellExView.

 
 
Use this download:
 
Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer.  Reboot or restart explorer.

  • 0

Advertisements

#86
playwiffme
Posted 30 March 2017 - 11:15 PM

playwiffme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

This has been very tedious on me and have had very little sleep. I laid down around 6pm and have just woke up - 1am EDT. I left with the RKill program running and will post the log for you to review. I believe I will try the System Restore route in a bit and see what happens - if it works, it beats the heck out of formatting and starting all over again but I simply can't have a computer that will not take me into Advanced Mode.

 

My apologies about ShellExView, it must have missed that one.

 

Will let you know what happens...See ya on the other side...

 

RKill Log -

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 03/30/2017 06:08:41 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Thomas\AppData\Local\Temp\{93CDF1F4-63CB-4E3E-B0A9-12AAB1BE6C40}\{9C40F8BA-C90A-4FD6-8B35-C3290826F8B6}.exe (PID: 4492) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * TBS [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
  0.0.0.0 cdn.llogetfastcach.us
  0.0.0.0 cdn.montiera.com

  20 out of 35 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/30/2017 06:14:45 PM
Execution time: 0 hours(s), 6 minute(s), and 4 seconds(s)
 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP