1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] Admin User Profil Prob on Win 7 Boot/Not sure if infected

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by Librasm, Apr 12, 2018.

  1. Librasm

    Librasm Techie7 New Member

    Win7, 32 Bit

    Days ago my computer booted up and my desktop was rearranged. Then I was booted up as Default User. I reboot w/F8 and was back in my Admin Profile. Again today booted into Default Profile. I reboot trying F8 (It will not work as usual) and the system Boots me up as Default User. I then have to Cntl Alt Delete to go into my normal Admin User/Safe Mode. My DeskTop is gone and I’m booted in as a New User(Old Windows Look) with no Restore points. All my files look to bein the system just none of my Admin User Profile info.


    I used Minimal Safe Mode in the default Safe Mode option. I ran Malwarebytes, Sophos 2.6.1 , Spybot, Adw Cleaner in Safe mode with nothing found, CC Cleaner Will not run in Safe Mode.

    https://helpdeskgeek.com/windows-7/safe-mode-f8-doesnt-work/


    I ran Malwarebytes, Sophos 2.6.1 , Adw Cleaner, CC Cleaner in Normal boot with nothing found. Sophos 2.6.1 will not run Error 1606 Could not access network location.

    Info below from Event Viewer

    - Event Viewer Error 4/11/18 0xc000000d Error
    - Unable to load registry



    Please Help... Thanks




    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
    Ran by Scott (administrator) on SCOTT-PC (12-04-2018 12:21:30)
    Running from C:\Windows\System32\config\systemprofile\Downloads
    Loaded Profiles: Scott (Available Profiles: Scott & Administrator)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
    (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    (Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_svc.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_bg.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Program Files\microsoft office\Office12\WINWORD.EXE
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
    (Farbar) C:\Windows\System32\config\systemprofile\Downloads\FRST(1).exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
    HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binexe <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
    HKLM Group Policy restriction on software: ** <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binpif <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binscr <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bincom <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [12762872 2018-03-06] (Piriform Ltd)
    HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [12762872 2018-03-06] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EZ-DUB Finder.lnk [2014-04-09]
    ShortcutTarget: EZ-DUB Finder.lnk -> C:\Program Files\EZ-DUB\EZ-DUB.exe ()
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3C6031F9-D42E-4882-9D5F-83F90B249A56}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    FireFox:
    ========
    FF DefaultProfile: f894jzcg.default
    FF ProfilePath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\f894jzcg.default [2018-04-12]
    FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
    FF Extension: (Freemake Video Downloader Plugin) - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-05-31] [Legacy] [not signed]
    FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
    FF Extension: (Freemake Youtube Download Button) - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-05-31] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-09-08]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
    S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
    R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
    R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-01-24] (Ellora Assets Corp.) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
    R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
    R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc.)
    S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
    S2 avgsvc; "C:\Program Files\AVG\Framework\Common\avgsvcx.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
    R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [58656 2018-03-19] ()
    R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167656 2018-04-04] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [93920 2018-04-12] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-04-12] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-12] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [72824 2018-04-12] (Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
    R1 MpKsl533bb460; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C984F9E1-D5F1-4473-BF96-13A4F71A2C4B}\MpKsl533bb460.sys [49504 2018-04-12] (Microsoft Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
    S1 UimBus; C:\Windows\System32\DRIVERS\uimbus.sys [80792 2017-04-25] (Paragon Software GmbH)
    S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uimdevim.sys [20376 2017-04-25] (Paragon Software GmbH)
    R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-22] (Ulead Systems, Inc.) [File not signed]
    S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]
    S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
    U3 aswMBR; \??\C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\aswVmm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-04-11 17:28 - 2018-04-11 17:28 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Apple Computer
    2018-04-10 16:33 - 2018-04-11 09:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-04-10 16:32 - 2018-04-12 11:39 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
    2018-04-10 16:09 - 2018-04-10 16:09 - 000000000 ____D C:\Windows\system32\%LocalAppData%
    2018-04-10 15:53 - 2018-04-10 15:53 - 000000000 __SHD C:\Users\TEMP\PrivacIE
    2018-04-10 15:52 - 2018-04-10 15:52 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Apple Computer
    2018-04-10 15:52 - 2014-04-13 09:47 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
    2018-04-10 15:52 - 2014-04-11 22:01 - 000000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
    2018-04-10 15:52 - 2011-04-11 19:24 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
    2018-04-10 13:36 - 2018-04-10 13:47 - 647411862 _____ C:\Users\Scott\Downloads\Brandi Love Sexy SM plays muse 1080p.mp4
    2018-04-10 12:55 - 2018-04-09 12:13 - 2394188621 _____ C:\Users\Scott\Downloads\Tasha Reign VIXEN BIG.mp4
    2018-04-10 12:53 - 2018-04-10 13:06 - 379962391 _____ C:\Users\Scott\Downloads\HA_720P.part2.rar
    2018-04-10 12:50 - 2018-04-09 00:06 - 1124889025 _____ C:\Users\Scott\Downloads\Reagan49hd18.MP4
    2018-04-10 12:47 - 2018-04-10 06:17 - 1218021084 _____ C:\Users\Scott\Downloads\Isis Love 5UtKkXIpd51h5fQwhek7XlKzUtK32YGyZ.mp4
    2018-04-10 05:30 - 2018-04-10 05:53 - 1300727034 _____ C:\Users\Scott\Downloads\nina-elle REDO -tgf-with-mike-mancini_1080p.mp4
    2018-04-10 05:30 - 2018-04-10 05:37 - 416686780 _____ C:\Users\Scott\Downloads\Keio Valentien Marks Head bobber and Hand Jobbers 1on1 1080p.mp4
    2018-04-10 05:29 - 2018-04-10 06:02 - 1690422862 _____ C:\Users\Scott\Downloads\Gia Paige WildOnCam CherrpPimps 1080p.mp4
    2018-04-10 04:25 - 2018-04-10 05:22 - 1063727106 _____ C:\Users\Scott\Downloads\Alexa Nova Fucking- Flexible 3 1080p.mp4
    2018-04-10 04:24 - 2018-04-10 05:23 - 1229332728 _____ C:\Users\Scott\Downloads\Whitney Wright Fucking Flexible 3 1080p.mp4
    2018-04-10 04:23 - 2018-04-10 05:19 - 927473880 _____ C:\Users\Scott\Downloads\roccos-intimate-castings-10-chad-rockwell-2_1080p.mp4
    2018-04-10 04:23 - 2018-04-10 04:50 - 1581045531 _____ C:\Users\Scott\Downloads\Lana Rhoades Hardx Anal workout 1080p.mp4
    2018-04-10 04:23 - 2018-04-10 04:37 - 822177309 _____ C:\Users\Scott\Downloads\vixen-tasha-reign_1080p.mp4
    2018-04-10 04:22 - 2018-04-10 04:47 - 1104199564 _____ C:\Users\Scott\Downloads\Meggan Mallone VIXEN Practice makes perfect 1080p.mp4
    2018-04-09 09:51 - 2018-04-08 17:01 - 1218175115 _____ C:\Users\Scott\Downloads\Kristen Scott Sex Addict Spies On Slutty SD 040918.mp4
    2018-04-09 07:57 - 2018-04-09 09:20 - 502765890 _____ C:\Users\Scott\Downloads\Ryan Conner RyanConner.com 121317 1080p.mp4
    2018-04-09 07:57 - 2018-04-09 09:16 - 1088516776 _____ C:\Users\Scott\Downloads\Carolina Sweets POVd Fit to fuck 1080p.mp4
    2018-04-09 07:37 - 2018-04-09 07:53 - 968359280 _____ C:\Users\Scott\Downloads\Ryan Conner Video 20 Tommy Pistol 1080p.mp4
    2018-04-09 06:25 - 2018-04-09 07:54 - 760592444 _____ C:\Users\Scott\Downloads\Ana Rose Massage in the foyer 1080p.mp4
    2018-04-09 06:23 - 2018-04-09 07:24 - 2237903372 _____ C:\Users\Scott\Downloads\Eve Ellwood BANG POV 1080p.mp4
    2018-04-09 05:55 - 2018-04-09 06:11 - 943400758 _____ C:\Users\Scott\Downloads\Missy Martinez The horniest 1080p.mp4
    2018-04-09 05:55 - 2018-04-09 06:06 - 669070837 _____ C:\Users\Scott\Downloads\Holly Michaels Gets fucked by-some-guys_720p.mp4
    2018-04-09 05:46 - 2018-04-09 13:19 - 1616380729 _____ C:\Users\Scott\Downloads\Lela Star Lela Commissions A Cock.mp4
    2018-04-09 05:39 - 2018-04-09 05:53 - 787284057 _____ C:\Users\Scott\Downloads\Ryan Conner Video 19 Nathan Bronson 1080p.mp4
    2018-04-09 05:38 - 2018-04-09 05:59 - 1065620630 _____ C:\Users\Scott\Downloads\Alyssia Kent Deep tissue massage 1080p.mp4
    2018-04-09 05:38 - 2018-04-09 05:52 - 759897613 _____ C:\Users\Scott\Downloads\Bailey Brooke Under the canopy 1080p.mp4
    2018-04-09 05:37 - 2018-04-09 05:54 - 941369600 _____ C:\Users\Scott\Downloads\Holly Michaels POVd Road head 1080p.mp4
    2018-04-09 05:36 - 2018-04-09 05:48 - 642388722 _____ C:\Users\Scott\Downloads\Jessa Rhodes Cum on my feet 1080p.mp4
    2018-04-09 05:26 - 2018-04-09 15:15 - 1983228030 _____ C:\Users\Scott\Downloads\MOMPOV-XOUT 10 Judith.mp4
    2018-04-08 08:21 - 2018-04-08 12:06 - 1245968936 _____ C:\Users\Scott\Downloads\Karma RX MFHG 040818 1080p.mp4
    2018-04-08 08:21 - 2018-04-08 08:54 - 1271594677 _____ C:\Users\Scott\Downloads\Eva Lovia Bang.com Strips her tiny purple bikini 1080p.mp4
    2018-04-08 08:21 - 2018-04-08 08:31 - 529217747 _____ C:\Users\Scott\Downloads\Zaya Cassidy Fresh meat 720p.mp4
    2018-04-08 05:16 - 2017-09-09 11:24 - 2269294838 _____ C:\Users\Scott\Downloads\Amia Miley Wildoncam CherryPimps.mp4
    2018-04-08 05:11 - 2018-04-08 05:11 - 000000515 _____ C:\Users\Scott\Desktop\Seagate Backup Plus Drive (K) - Shortcut.lnk
    2018-04-08 05:10 - 2017-10-01 20:48 - 1765693969 _____ C:\Users\Scott\Downloads\Amia Miley Beach Patrol 2.mp4
    2018-04-07 15:36 - 2018-04-07 16:23 - 000000000 ____D C:\Users\Scott\Downloads\Legion
    2018-04-07 13:42 - 2017-05-14 06:23 - 2334518637 _____ C:\Users\Scott\Downloads\Amia Miley Ultimate Fuck Toy Amia Miley Sc4.mp4
    2018-04-07 05:40 - 2018-04-07 05:51 - 643094276 _____ C:\Users\Scott\Downloads\Gina Valentina TUSHY 2 1080p.mp4
    2018-04-07 05:40 - 2018-04-07 05:48 - 418998378 _____ C:\Users\Scott\Downloads\Amia Miley JeshbyJesh 2 1080p.mp4
    2018-04-07 05:39 - 2018-04-07 08:02 - 2142401930 _____ C:\Users\Scott\Downloads\Amia Miley POV 1080p.mp4
    2018-04-07 05:39 - 2018-04-07 06:05 - 1463559504 _____ C:\Users\Scott\Downloads\Samantha Saint Wickedlive 720p.mp4
    2018-04-07 05:17 - 2018-04-07 05:32 - 778154204 _____ C:\Users\Scott\Downloads\Amia Miley Stretching out.mp4
    2018-04-07 05:16 - 2018-04-07 05:35 - 853794418 _____ C:\Users\Scott\Downloads\Amia Miley BB Pink.mp4
    2018-04-06 09:44 - 2018-03-21 05:35 - 1529686843 _____ C:\Users\Scott\Downloads\Alexis Fawx Plump as a peach.mp4
    2018-04-06 09:42 - 2014-11-10 20:22 - 1052359784 _____ C:\Users\Scott\Downloads\Rachel Roxxx Pornfedlity Black Lingerie.mp4
    2018-04-06 09:36 - 2016-09-15 21:05 - 834161286 _____ C:\Users\Scott\Downloads\Rachel Roxxx Nuru.mp4
    2018-04-06 09:23 - 2016-03-19 01:46 - 857100617 _____ C:\Users\Scott\Downloads\Rachel Roxxx Virtual Reality.mp4
    2018-04-06 06:22 - 2018-04-06 06:28 - 943458695 _____ C:\Users\Scott\Downloads\Rachel Roxxx Breast Massage.mp4
    2018-04-06 06:22 - 2018-04-06 06:28 - 637954566 _____ C:\Users\Scott\Downloads\Rachel Roxxx Good Service.mp4
    2018-04-06 05:59 - 2018-04-06 08:07 - 463261253 _____ C:\Users\Scott\Downloads\Julia Ann MFHM 122917 720p.mp4
    2018-04-06 05:57 - 2018-04-06 06:14 - 788538394 _____ C:\Users\Scott\Downloads\Naughty Alysha Alyshas whorebus 1080p.mp4
    2018-04-06 05:57 - 2018-04-06 06:02 - 302334135 _____ C:\Users\Scott\Downloads\Naughty Alysha Bike week banging 3 1080p.mp4
    2018-04-06 05:56 - 2018-04-06 06:01 - 300882473 _____ C:\Users\Scott\Downloads\Naughty Alysha Hubby doesnt mind 1080p.mp4
    2018-04-06 05:55 - 2018-04-06 06:05 - 526602986 _____ C:\Users\Scott\Downloads\Naughty Alysha Membership benefits 1080p.mp4
    2018-04-06 05:51 - 2018-04-06 05:59 - 482831439 _____ C:\Users\Scott\Downloads\Rachel Roxxx She's a handful 720p.mp4
    2018-04-06 05:23 - 2018-04-06 05:34 - 546584207 _____ C:\Users\Scott\Downloads\Naughty Alysha One las tstop 1080p.mp4
    2018-04-06 05:21 - 2018-04-06 05:32 - 516598327 _____ C:\Users\Scott\Downloads\Naughty Alysha Thats what friends are for 1080p.mp4
    2018-04-06 05:20 - 2018-04-06 05:34 - 715444563 _____ C:\Users\Scott\Downloads\Naughty Alysha Im easy in the big easy 1080p.mp4
    2018-04-06 05:18 - 2018-04-06 05:50 - 876541657 _____ C:\Users\Scott\Downloads\Naughty Alysha Bike week banging 2 1080p.mp4
    2018-04-06 05:18 - 2018-04-06 05:35 - 922894740 _____ C:\Users\Scott\Downloads\Naughty Alysha You look familiar 1080p.mp4
    2018-04-06 05:16 - 2018-04-06 05:35 - 980384801 _____ C:\Users\Scott\Downloads\Nina Elle MFHM 080217 1080p.mp4
    2018-04-06 05:16 - 2018-04-06 05:35 - 1019398355 _____ C:\Users\Scott\Downloads\Nina Elle MFHM 072417_1080p.mp4
    2018-04-04 08:07 - 2018-04-12 11:17 - 000072824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2018-04-04 08:07 - 2018-04-12 11:12 - 000093920 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2018-04-04 08:07 - 2018-04-12 11:12 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2018-04-04 08:06 - 2018-04-12 11:11 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-04-04 08:06 - 2018-04-04 08:06 - 000167656 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2018-04-04 08:04 - 2018-04-04 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-04-04 08:04 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
    2018-03-27 19:17 - 2018-03-27 19:17 - 000199426 _____ C:\Users\Scott\Desktop\hidden_power_of_universal_laws_psitek.pdf
    2018-03-26 15:12 - 2018-03-26 15:12 - 000000000 __SHD C:\found.002
    2018-03-25 19:07 - 2018-03-25 19:07 - 015333512 _____ (Piriform Ltd) C:\Users\Scott\Downloads\ccsetup541.exe
    2018-03-14 13:59 - 2018-03-14 20:34 - 024646703 _____ C:\Users\Scott\Desktop\Cosmogenesis.pdf
    2018-03-14 11:46 - 2018-03-14 11:47 - 002913397 _____ C:\Users\Scott\Downloads\eab_setup.zip
    2018-03-14 11:43 - 2018-03-14 11:44 - 007897056 _____ (ASCOMP Software GmbH ) C:\Users\Scott\Downloads\bkmaker.exe
    2018-03-14 10:39 - 2018-03-14 10:39 - 000000000 ____D C:\easeus_tb_cloud
    2018-03-14 10:36 - 2018-03-14 10:36 - 000000000 ____D C:\ProgramData\SystemAcCrux
    2018-03-14 10:35 - 2016-12-06 02:45 - 000195576 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
    2018-03-14 10:35 - 2016-12-06 02:45 - 000056824 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
    2018-03-14 10:35 - 2016-12-06 02:45 - 000046584 _____ C:\Windows\system32\Drivers\EUBKMON.sys
    2018-03-14 10:35 - 2016-12-06 02:45 - 000020984 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
    2018-03-14 10:26 - 2018-03-14 10:26 - 068574560 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Scott\Downloads\tb_free.exe
    2018-03-14 10:19 - 2018-03-14 10:19 - 000000000 ____D C:\ProgramData\Paragon Software
    2018-03-14 10:18 - 2018-03-14 10:18 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
    2018-03-14 10:18 - 2018-03-14 10:18 - 000000000 ____D C:\Users\Scott\AppData\Local\Paragon
    2018-03-14 10:18 - 2018-03-14 10:18 - 000000000 ____D C:\ProgramData\Paragon
    2018-03-14 10:15 - 2018-03-14 10:51 - 000000000 ____D C:\Program Files\Paragon Software
    2018-03-14 02:52 - 2018-02-16 20:36 - 000340088 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-03-14 02:52 - 2018-02-16 08:44 - 013678080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-03-14 02:52 - 2018-02-16 08:24 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2018-03-14 02:52 - 2018-02-16 08:19 - 020286976 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-03-14 02:52 - 2018-02-16 07:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2018-03-14 02:52 - 2018-02-15 07:57 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-03-14 02:52 - 2018-02-13 11:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2018-03-14 02:52 - 2018-02-13 11:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2018-03-14 02:52 - 2018-02-13 07:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2018-03-14 02:52 - 2018-02-13 07:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2018-03-14 02:52 - 2018-02-13 07:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2018-03-14 02:52 - 2018-02-13 07:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2018-03-14 02:52 - 2018-02-13 07:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2018-03-14 02:52 - 2018-02-13 07:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2018-03-14 02:52 - 2018-02-13 07:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2018-03-14 02:52 - 2018-02-13 07:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2018-03-14 02:52 - 2018-02-10 10:22 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2018-03-14 02:52 - 2018-02-10 10:10 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-03-14 02:52 - 2018-02-10 10:09 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-03-14 02:52 - 2018-02-10 10:09 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2018-03-14 02:52 - 2018-02-10 10:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2018-03-14 02:52 - 2018-02-10 10:03 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2018-03-14 02:52 - 2018-02-10 10:00 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-03-14 02:52 - 2018-02-10 10:00 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2018-03-14 02:52 - 2018-02-10 09:54 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2018-03-14 02:52 - 2018-02-10 09:47 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2018-03-14 02:52 - 2018-02-10 09:47 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2018-03-14 02:52 - 2018-02-10 09:46 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2018-03-14 02:52 - 2018-02-10 09:40 - 004496384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-03-14 02:52 - 2018-02-10 09:35 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2018-03-14 02:52 - 2018-02-10 09:34 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-03-14 02:52 - 2018-02-10 09:33 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-03-14 02:52 - 2018-02-10 09:33 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2018-03-14 02:52 - 2018-02-10 09:33 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-03-14 02:52 - 2018-02-10 09:09 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-03-14 02:51 - 2018-03-08 20:14 - 004044992 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2018-03-14 02:51 - 2018-03-08 20:14 - 004025536 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-03-14 02:51 - 2018-03-08 20:14 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
    2018-03-14 02:51 - 2018-03-08 20:14 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-03-14 02:51 - 2018-03-08 20:14 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
    2018-03-14 02:51 - 2018-03-08 20:14 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-03-14 02:51 - 2018-03-08 20:14 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-03-14 02:51 - 2018-03-08 19:47 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-03-14 02:51 - 2018-03-08 19:43 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-03-14 02:51 - 2018-03-08 19:26 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-03-14 02:51 - 2018-03-08 19:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-03-14 02:51 - 2018-03-08 19:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-03-14 02:51 - 2018-03-08 19:26 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-03-14 02:51 - 2018-03-08 19:26 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-03-14 02:51 - 2018-03-08 19:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-03-14 02:51 - 2018-03-08 19:24 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2018-03-14 02:51 - 2018-03-08 19:22 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-03-14 02:51 - 2018-03-08 19:22 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-03-14 02:51 - 2018-03-08 19:22 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-03-14 02:51 - 2018-03-08 19:22 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-03-14 02:51 - 2018-03-08 19:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-03-14 02:51 - 2018-03-08 19:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-03-14 02:51 - 2018-03-08 19:22 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-03-14 02:51 - 2018-03-01 01:25 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-03-14 02:51 - 2018-02-21 20:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
    2018-03-14 02:51 - 2018-02-18 14:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-03-14 02:51 - 2018-02-16 08:24 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2018-03-14 02:51 - 2018-02-16 08:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2018-03-14 02:51 - 2018-02-10 11:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
    2018-03-14 02:51 - 2018-02-10 11:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
    2018-03-14 02:51 - 2018-02-10 11:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
    2018-03-14 02:51 - 2018-02-10 11:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
    2018-03-14 02:51 - 2018-02-10 11:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
    2018-03-14 02:51 - 2018-02-10 11:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
    2018-03-14 02:51 - 2018-02-10 11:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
    2018-03-14 02:51 - 2018-02-10 11:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
    2018-03-14 02:51 - 2018-02-10 11:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
    2018-03-14 02:51 - 2018-02-10 11:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
    2018-03-14 02:51 - 2018-02-10 11:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
    2018-03-14 02:51 - 2018-02-10 11:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
    2018-03-14 02:51 - 2018-02-10 11:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
    2018-03-14 02:51 - 2018-02-10 11:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
    2018-03-14 02:51 - 2018-02-10 11:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
    2018-03-14 02:51 - 2018-02-10 11:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
    2018-03-14 02:51 - 2018-02-10 11:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
    2018-03-14 02:51 - 2018-02-10 11:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2018-03-14 02:51 - 2018-02-10 11:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
    2018-03-14 02:51 - 2018-02-10 11:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
    2018-03-14 02:51 - 2018-02-10 11:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
    2018-03-14 02:51 - 2018-02-10 10:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
    2018-03-14 02:51 - 2018-02-10 10:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
    2018-03-14 02:51 - 2018-02-10 10:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
    2018-03-14 02:51 - 2018-02-10 10:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
    2018-03-14 02:51 - 2018-02-10 10:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
    2018-03-14 02:51 - 2018-02-10 10:22 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2018-03-14 02:51 - 2018-02-10 10:10 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2018-03-14 02:51 - 2018-02-10 10:06 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-03-14 02:51 - 2018-02-10 10:01 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-03-14 02:51 - 2018-02-10 10:00 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-03-14 02:51 - 2018-02-10 10:00 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2018-03-14 02:51 - 2018-02-10 09:44 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2018-03-14 02:51 - 2018-02-10 09:41 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2018-03-14 02:51 - 2018-02-10 09:11 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-03-14 02:51 - 2018-02-02 11:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2018-03-14 02:51 - 2018-02-02 11:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2018-03-14 02:51 - 2018-02-02 11:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2018-03-14 02:51 - 2018-02-02 11:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2018-03-14 02:51 - 2018-02-02 11:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2018-03-14 02:51 - 2018-02-02 11:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2018-03-14 02:51 - 2018-02-02 10:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2018-03-14 02:51 - 2018-01-15 12:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-03-14 02:51 - 2018-01-12 09:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-04-12 12:21 - 2014-07-17 18:28 - 000000000 ____D C:\FRST
    2018-04-12 11:46 - 2010-11-20 14:01 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-04-12 11:46 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
    2018-04-12 11:46 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
    2018-04-12 11:19 - 2009-07-13 21:34 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-04-12 11:19 - 2009-07-13 21:34 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-04-12 11:10 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-04-11 15:56 - 2014-04-10 16:38 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
    2018-04-11 10:03 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\NDF
    2018-04-10 19:11 - 2014-08-18 13:49 - 000000000 ____D C:\AdwCleaner
    2018-04-10 16:57 - 2014-08-13 11:38 - 000000000 ____D C:\Windows\pss
    2018-04-10 16:57 - 2014-08-13 11:38 - 000000000 ____D C:\Windows\pss
    2018-04-10 16:11 - 2009-07-13 21:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2018-04-10 14:14 - 2016-11-16 03:11 - 000000000 ____D C:\Users\Scott\AppData\LocalLow\Mozilla
    2018-04-10 13:04 - 2016-11-06 07:39 - 000000000 ____D C:\Users\Scott\Downloads\Redo Delete
    2018-04-10 08:07 - 2014-04-10 12:55 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2018-04-10 08:07 - 2014-04-10 12:55 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2018-04-10 08:07 - 2014-04-10 12:55 - 000000000 ____D C:\Windows\system32\Macromed
    2018-04-10 03:25 - 2014-04-11 06:19 - 000002627 _____ C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
    2018-04-09 12:20 - 2016-10-10 12:11 - 000000000 ____D C:\Users\Scott\Desktop\Books NEWEST
    2018-04-09 12:17 - 2014-04-07 12:59 - 000000000 ____D C:\Users\Scott\Desktop\DESKTOP Study
    2018-04-09 11:57 - 2014-12-09 11:37 - 000000000 ____D C:\Users\Scott\Desktop\Will Rogers
    2018-04-08 08:54 - 2014-04-07 13:17 - 000000000 ____D C:\Users\Scott\Desktop\DESKTOP Utilities
    2018-04-08 03:40 - 2009-07-13 21:53 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2018-04-07 11:48 - 2014-10-07 12:44 - 000000000 ____D C:\Users\Scott\Desktop\Post
    2018-04-04 09:19 - 2014-04-23 08:09 - 000000000 ____D C:\Users\Scott\AppData\Local\CutePDF Writer
    2018-03-30 13:26 - 2013-04-12 11:50 - 000000000 ____D C:\Users\Scott\Documents\e-Sword
    2018-03-25 19:17 - 2017-06-22 03:35 - 000000000 ____D C:\Program Files\CCleaner
    2018-03-25 19:16 - 2014-09-10 17:06 - 000000000 ____D C:\ProgramData\Unchecky
    2018-03-24 07:25 - 2018-03-05 15:52 - 000000136 _____ C:\Users\Scott\AppData\Roaming\downloads.json
    2018-03-24 07:24 - 2018-03-05 15:49 - 000000000 ____D C:\Users\Scott\Documents\YouTubeDownloads
    2018-03-16 19:44 - 2014-04-25 06:09 - 000000000 ____D C:\Windows\Minidump
    2018-03-16 19:44 - 2014-04-25 06:09 - 000000000 ____D C:\Windows\Minidump
    2018-03-16 18:49 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\rescache
    2018-03-16 18:49 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\rescache
    2018-03-14 16:13 - 2016-05-21 13:41 - 000305000 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-03-14 12:45 - 2011-12-22 15:29 - 000000000 ____D C:\Users\Scott\Desktop\Religious
    2018-03-14 12:39 - 2016-05-21 13:31 - 000068240 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
    2018-03-14 10:52 - 2016-11-20 05:13 - 000000000 ____D C:\ProgramData\Package Cache
    2018-03-14 10:33 - 2016-05-19 13:48 - 000000000 ____D C:\Program Files\EaseUS
    2018-03-14 03:36 - 2016-12-20 20:25 - 000000000 ____D C:\Windows\system32\appraiser
    2018-03-14 03:36 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\PolicyDefinitions
    2018-03-14 03:36 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\PolicyDefinitions
    2018-03-14 03:03 - 2014-04-10 12:55 - 000000000 ____D C:\Windows\system32\MRT
    2018-03-14 02:57 - 2017-10-11 04:56 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-03-14 02:57 - 2014-04-10 12:55 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2018-04-12 04:06 - 2018-04-12 04:06 - 000000455 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\dsf.dat
    2018-04-12 04:05 - 2018-04-12 04:06 - 000002577 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\TinnitusTamerPrefs.dat

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-04-08 12:56

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
    Ran by Scott (12-04-2018 12:21:59)
    Running from C:\Windows\System32\config\systemprofile\Downloads
    Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-04-09 18:07:55)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4044866103-2329573634-2605357377-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-4044866103-2329573634-2605357377-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4044866103-2329573634-2605357377-1002 - Limited - Enabled)
    Scott (S-1-5-21-4044866103-2329573634-2605357377-1000 - Administrator - Enabled) => C:\Users\TEMP

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    . . . (HKLM\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
    . . . (HKLM\...\{679012E8-DFAC-4484-AD14-D08C6FD7FB4B}) (Version: 2.1.28.3 - Intel) Hidden
    7-Zip 17.01 beta (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
    Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
    Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version: - PDFChief Co., Ltd.)
    Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2014 (HKLM\...\{C9811F26-3EF6-449A-9736-BB79A125D894}) (Version: 14.0.4007 - AVG Technologies) Hidden
    AVG Zen (HKLM\...\{9716EA2F-5DC5-4ECB-AA7B-909457378877}) (Version: 1.0.306 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
    CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
    D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
    e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com)
    EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System)
    EZ-DUB Finder (HKLM\...\{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON) Hidden
    EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON)
    Flvto YouTube Downloader (HKLM\...\Flvto YouTube Downloader) (Version: 1.0.9 - Hotger)
    FMW 1 (HKLM\...\{3E322933-FA94-438E-AA1F-2F066B1CC46C}) (Version: 1.0.222 - AVG Technologies) Hidden
    Freemake Video Converter version 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
    Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
    Freemake YouTube To MP3 Boom (HKLM\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
    Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 21.1 - Intel)
    Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
    Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
    iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
    LiveUpdate (HKLM\...\LiveUpdate) (Version: - )
    Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
    Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    MOBZync (HKLM\...\{417FF61C-66A9-4A76-8AF7-0E3994AC8C31}) (Version: 0.9.2 - MOBZystems)
    Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
    Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Potplayer (HKLM\...\PotPlayer) (Version: - Daum Communications Corp.)
    QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    Seagate Manager Installer (HKLM\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
    Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
    SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
    Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
    THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com)
    Unchecky v1.2 (HKLM\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Movie Maker 2017 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A3667A92C7}}_is1) (Version: - windows-movie-maker.org)
    WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
    ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => -> No File
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01138799-A432-413E-9233-4142970467DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
    Task: {14A54D07-0B8E-4E6C-BEFB-DEB6A8F28FA3} - System32\Tasks\{33AB1714-0F1F-41BE-AE4D-4CE707FC8AB9} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
    Task: {16FEA387-FAD4-443A-B4E6-FF988F0C4AE6} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
    Task: {2793D72D-CFC5-444E-9A9B-8F524FA71D11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {3527F7EE-4B8E-422D-8FEE-5083930043EB} - System32\Tasks\{29D5E377-CE4A-4947-BFE7-6DDD9A5B4E48} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
    Task: {3C66B5AA-E80B-4D41-AE1B-A079372C78A8} - System32\Tasks\{8C2A7429-5BBC-4A32-ADA5-FE99F091FC16} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    Task: {4AD47043-4D67-4F39-91A9-D2CC29BC3ABA} - System32\Tasks\{E9D04DF9-CB1A-4CD2-812C-5092FD85C825} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
    Task: {5656C4ED-3456-4135-BC27-E175548C6CE5} - System32\Tasks\{44D3594B-D2F9-4834-9AC4-F0DB2A6AF30F} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    Task: {5E143A35-2398-45E0-AA08-747CFD6B4E72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {606E7679-296E-47AD-BEDC-561DB8C5C216} - System32\Tasks\{FEB863AF-49C3-4878-8B79-25D08C06B6B4} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
    Task: {71C9B795-5C44-45DD-BD07-19F04583060F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
    Task: {76892BC5-DD39-4476-A303-245CDC15CFE7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe
    Task: {7768604C-8CBC-4A2B-AED0-A4F2024106D8} - System32\Tasks\{3A1EEAA2-E709-4F63-B471-039AB4F070B6} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
    Task: {82F944B0-DC1B-4832-8854-D074A94AF0F7} - System32\Tasks\{FF244946-B9B9-40C5-963E-7DDF2E841CBD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    Task: {8C7185EE-DE6D-4769-9993-D38D6083431A} - System32\Tasks\{4F631F87-16B4-4E00-A335-12B11782D7AD} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
    Task: {95C85358-9525-40F4-AA85-56630A07C528} - System32\Tasks\{FFF85220-D9CF-419E-B476-7CD90CAF7426} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
    Task: {9CAD1C03-B916-417B-BE7B-C537DAB00942} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
    Task: {A1A327C7-552B-4D71-BF2A-39631CCDB3E3} - System32\Tasks\{B9F54951-8F68-4BAD-A9D5-012EB4EAC459} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    Task: {B809CE6A-00DF-4AF7-9DC7-606F924952CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
    Task: {B860E51A-F298-48AF-B95B-4DB83A4F070A} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
    Task: {BB8E71B2-D43C-4F0F-8962-BAB9883D1A29} - System32\Tasks\{746B6DDB-026D-46DC-BE02-6386A60BB78B} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
    Task: {D5341DCE-D5E5-4C44-A1AC-0E0F0EBA53EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {D8597A4D-A621-4012-B014-264A1A2A9049} - System32\Tasks\{B68C5D2C-97E0-4176-AE26-74584708E6FD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    Task: {D86561A4-68E3-4867-B905-F0487E4BF858} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
    Task: {DD732DE6-D589-4CD6-86D9-CA5BC8B0ADA6} - System32\Tasks\{C1FEB967-16F4-4ECF-AF9B-26F198453BD9} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
    Task: {E397C2F9-8ADD-4316-A8FB-7B68F3812912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
    Task: {EB4ED08B-2D3E-4E89-A94A-AC5A1C3C6FAB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {F43C98AE-5690-4997-B5F8-E545FFF6803E} - System32\Tasks\{50D840F2-A880-4AFE-B759-4D2B2B700A7D} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    Task: {F7E476B9-8339-468F-A581-584E975CD1BA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2014-05-14 08:20 - 2013-10-23 14:23 - 000089136 _____ () C:\Windows\System32\cpwmon2k.dll
    2016-12-22 04:39 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-12-22 04:39 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-12-22 04:39 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-12-22 04:39 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2016-12-22 04:39 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2016-06-08 19:04 - 2016-06-08 19:04 - 000117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
    2018-04-04 08:04 - 2018-03-12 15:09 - 001936672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-04-04 08:04 - 2018-03-27 13:47 - 001912096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2015-11-11 04:41 - 2015-11-11 04:41 - 000756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    2015-04-13 06:57 - 2015-04-13 06:57 - 000143296 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 002631616 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000554944 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000041920 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000039872 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000086464 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
    2015-04-13 06:56 - 2015-04-13 06:56 - 000070675 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 002158528 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000114112 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000245184 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000089536 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000055744 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000072128 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000593344 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000771520 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000131520 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000052672 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000023488 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000145856 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 001566656 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000332736 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 001264064 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000069568 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000048576 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
    2015-04-13 06:57 - 2015-04-13 06:57 - 000242112 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 012001728 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000046528 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000261056 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000304576 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 001291200 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000754624 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000344512 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000036800 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000052160 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000456128 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000035776 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000157632 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 001549248 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000356288 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000031680 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000363456 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
    2015-04-13 07:00 - 2015-04-13 07:00 - 000121792 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 013522368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000772544 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000038848 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000030144 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000702400 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000036800 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000125376 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000064448 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000027584 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000030656 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000027584 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000029120 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000037312 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
    2015-04-13 06:58 - 2015-04-13 06:58 - 000024000 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000023488 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000022976 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000022464 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 000027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
    2015-04-13 06:59 - 2015-04-13 06:59 - 001504704 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:04 - 2018-04-12 11:11 - 000001306 _____ C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 rp.yefeneri2.com
    0.0.0.0 os.yefeneri2.com
    0.0.0.0 os2.yefeneri2.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: AvgUi => "C:\Program Files\AVG\Framework\Common\avguix.exe" /fmw.trayonly
    MSCONFIG\startupreg: Google Update => C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{D372D014-1A79-4E01-B779-AC098E91E870}] => (Allow) C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{2909F608-F53F-4E85-8B60-3CF0C8602B50}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{A93F060F-0771-4EB6-86E8-FC7AC755986D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AC30EE5E-E2BD-413C-B10C-DF680BEFE90F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{21777E3F-4B64-4367-B448-FFA8EA997095}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{48BF5A3C-9E61-4AE4-88EE-D78D625675F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{9B1850DF-4730-478D-9D13-8278359CF2C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{692F9A1F-19C8-4F16-8190-FC7FBE5714FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{0ECEB16C-69BA-425A-8C14-7D03024D715F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{41943A4A-5F4C-40AF-B76F-8D636F80DC7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8E528E4E-A129-43AF-9A8E-44541BAA0A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AAD116BE-DCE6-4CE8-AF33-4206523429DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{E154B2C5-F420-4BA0-88B3-37085D5C462C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{A1C9EB16-F72A-4D10-8FC0-ADB0A0D83334}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{E814BFAD-499F-4DCF-8264-CFB3E927F226}] => (Allow) LPort=2869
    FirewallRules: [{D20238AF-FF53-4DD5-A019-3F56D9D68C0F}] => (Allow) LPort=1900
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    10-04-2018 16:25:11 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/12/2018 11:11:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/12/2018 11:10:49 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
    Description: The Desktop Window Manager has encountered a fatal error (0x0)

    Error: (04/12/2018 11:10:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Scott-PC)
    Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

    DETAIL - Access is denied.

    Error: (04/12/2018 07:30:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/12/2018 07:30:27 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Scott-PC)
    Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

    DETAIL - Access is denied.

    Error: (04/12/2018 03:53:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/12/2018 03:52:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Scott-PC)
    Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

    DETAIL - Access is denied.

    Error: (04/11/2018 03:57:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    System errors:
    =============
    Error: (04/12/2018 11:11:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    UimBus
    Uim_DEVIM

    Error: (04/12/2018 11:10:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AVG Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (04/12/2018 09:23:14 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk6\DR6.

    Error: (04/12/2018 09:23:10 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk6\DR6.

    Error: (04/12/2018 09:14:34 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk6\DR6.

    Error: (04/12/2018 07:30:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    UimBus
    Uim_DEVIM

    Error: (04/12/2018 07:30:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AVG Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (04/12/2018 03:53:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    UimBus
    Uim_DEVIM


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
    Percentage of memory in use: 68%
    Total physical RAM: 3061.18 MB
    Available physical RAM: 977.49 MB
    Total Virtual: 6120.7 MB
    Available Virtual: 3943.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:174.68 GB) NTFS
    Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:166.4 GB) NTFS
    Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1249.64 GB) NTFS
    Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:5588.9 GB) (Free:19.5 GB) NTFS
    Drive m: () (Removable) (Total:3.77 GB) (Free:2.26 GB) FAT32

    \\?\Volume{f29edfd7-c00e-11e3-a285-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7A055C85)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 5589 GB) (Disk ID: 9A983881)

    Partition: GPT.

    ========================================================
    Disk: 6 (Size: 1863 GB) (Disk ID: 8A352DED)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 7.

    ========================================================
    Disk: 8 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I don't see anything malicious there.
    I suggest new topic i Windows forum.
     
  3. Librasm

    Librasm Techie7 New Member

    TY Broni for reviewing my logs. I will follow your lead and create a new Post in Win Forum.
     
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security