Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by SM (17-04-2018 14:14:58)
Running from C:\Users\SM\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-04-09 18:07:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4044866103-2329573634-2605357377-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4044866103-2329573634-2605357377-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4044866103-2329573634-2605357377-1002 - Limited - Enabled)
Scott (S-1-5-21-4044866103-2329573634-2605357377-1000 - Administrator - Enabled) => C:\Users\TEMP
SM (S-1-5-21-4044866103-2329573634-2605357377-1003 - Administrator - Enabled) => C:\Users\SM

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
. . . (HKLM\...\{679012E8-DFAC-4484-AD14-D08C6FD7FB4B}) (Version: 2.1.28.3 - Intel) Hidden
7-Zip 17.01 beta (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\{C9811F26-3EF6-449A-9736-BB79A125D894}) (Version: 14.0.4007 - AVG Technologies) Hidden
AVG Zen (HKLM\...\{9716EA2F-5DC5-4ECB-AA7B-909457378877}) (Version: 1.0.306 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com)
EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System)
EZ-DUB Finder (HKLM\...\{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON) Hidden
EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON)
Flvto YouTube Downloader (HKLM\...\Flvto YouTube Downloader) (Version: 1.0.9 - Hotger)
FMW 1 (HKLM\...\{3E322933-FA94-438E-AA1F-2F066B1CC46C}) (Version: 1.0.222 - AVG Technologies) Hidden
Freemake Video Converter version 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Freemake YouTube To MP3 Boom (HKLM\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 21.1 - Intel)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MOBZync (HKLM\...\{417FF61C-66A9-4A76-8AF7-0E3994AC8C31}) (Version: 0.9.2 - MOBZystems)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Potplayer (HKLM\...\PotPlayer) (Version:  - Daum Communications Corp.)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Seagate Manager Installer (HKLM\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com)
Unchecky v1.2 (HKLM\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A3667A92C7}}_is1) (Version:  - windows-movie-maker.org)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\FileSyncApi.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01138799-A432-413E-9233-4142970467DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {14A54D07-0B8E-4E6C-BEFB-DEB6A8F28FA3} - System32\Tasks\{33AB1714-0F1F-41BE-AE4D-4CE707FC8AB9} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {16FEA387-FAD4-443A-B4E6-FF988F0C4AE6} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {224BE5BA-5A98-466C-8E96-C4506BEE30AA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {2793D72D-CFC5-444E-9A9B-8F524FA71D11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {3527F7EE-4B8E-422D-8FEE-5083930043EB} - System32\Tasks\{29D5E377-CE4A-4947-BFE7-6DDD9A5B4E48} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {3C66B5AA-E80B-4D41-AE1B-A079372C78A8} - System32\Tasks\{8C2A7429-5BBC-4A32-ADA5-FE99F091FC16} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {4AD47043-4D67-4F39-91A9-D2CC29BC3ABA} - System32\Tasks\{E9D04DF9-CB1A-4CD2-812C-5092FD85C825} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {5656C4ED-3456-4135-BC27-E175548C6CE5} - System32\Tasks\{44D3594B-D2F9-4834-9AC4-F0DB2A6AF30F} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {5E143A35-2398-45E0-AA08-747CFD6B4E72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {606E7679-296E-47AD-BEDC-561DB8C5C216} - System32\Tasks\{FEB863AF-49C3-4878-8B79-25D08C06B6B4} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {71C9B795-5C44-45DD-BD07-19F04583060F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {76892BC5-DD39-4476-A303-245CDC15CFE7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe
Task: {7768604C-8CBC-4A2B-AED0-A4F2024106D8} - System32\Tasks\{3A1EEAA2-E709-4F63-B471-039AB4F070B6} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {82F944B0-DC1B-4832-8854-D074A94AF0F7} - System32\Tasks\{FF244946-B9B9-40C5-963E-7DDF2E841CBD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {8C7185EE-DE6D-4769-9993-D38D6083431A} - System32\Tasks\{4F631F87-16B4-4E00-A335-12B11782D7AD} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {95C85358-9525-40F4-AA85-56630A07C528} - System32\Tasks\{FFF85220-D9CF-419E-B476-7CD90CAF7426} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {9CAD1C03-B916-417B-BE7B-C537DAB00942} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {A1A327C7-552B-4D71-BF2A-39631CCDB3E3} - System32\Tasks\{B9F54951-8F68-4BAD-A9D5-012EB4EAC459} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {B809CE6A-00DF-4AF7-9DC7-606F924952CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {B860E51A-F298-48AF-B95B-4DB83A4F070A} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {BB8E71B2-D43C-4F0F-8962-BAB9883D1A29} - System32\Tasks\{746B6DDB-026D-46DC-BE02-6386A60BB78B} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {D5341DCE-D5E5-4C44-A1AC-0E0F0EBA53EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {D8597A4D-A621-4012-B014-264A1A2A9049} - System32\Tasks\{B68C5D2C-97E0-4176-AE26-74584708E6FD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {D86561A4-68E3-4867-B905-F0487E4BF858} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {DD732DE6-D589-4CD6-86D9-CA5BC8B0ADA6} - System32\Tasks\{C1FEB967-16F4-4ECF-AF9B-26F198453BD9} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {E397C2F9-8ADD-4316-A8FB-7B68F3812912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {EB4ED08B-2D3E-4E89-A94A-AC5A1C3C6FAB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F43C98AE-5690-4997-B5F8-E545FFF6803E} - System32\Tasks\{50D840F2-A880-4AFE-B759-4D2B2B700A7D} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-05-14 08:20 - 2013-10-23 14:23 - 000089136 _____ () C:\Windows\System32\cpwmon2k.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-22 04:39 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-22 04:39 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-22 04:39 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2005-09-13 19:47 - 2005-09-13 19:47 - 000266240 _____ () C:\Program Files\EZ-DUB\EZ-DUB.exe
2016-12-22 04:39 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-22 04:39 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-06-08 19:04 - 2016-06-08 19:04 - 000117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-04-16 11:58 - 2018-03-12 15:09 - 001936672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-16 11:58 - 2018-03-27 13:47 - 001912096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2018-04-17 12:02 - 000001306 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4044866103-2329573634-2605357377-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\SM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4044866103-2329573634-2605357377-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2909F608-F53F-4E85-8B60-3CF0C8602B50}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A93F060F-0771-4EB6-86E8-FC7AC755986D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC30EE5E-E2BD-413C-B10C-DF680BEFE90F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21777E3F-4B64-4367-B448-FFA8EA997095}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{48BF5A3C-9E61-4AE4-88EE-D78D625675F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9B1850DF-4730-478D-9D13-8278359CF2C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{692F9A1F-19C8-4F16-8190-FC7FBE5714FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0ECEB16C-69BA-425A-8C14-7D03024D715F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{41943A4A-5F4C-40AF-B76F-8D636F80DC7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8E528E4E-A129-43AF-9A8E-44541BAA0A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAD116BE-DCE6-4CE8-AF33-4206523429DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E154B2C5-F420-4BA0-88B3-37085D5C462C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A1C9EB16-F72A-4D10-8FC0-ADB0A0D83334}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E814BFAD-499F-4DCF-8264-CFB3E927F226}] => (Allow) LPort=2869
FirewallRules: [{D20238AF-FF53-4DD5-A019-3F56D9D68C0F}] => (Allow) LPort=1900
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

10-04-2018 16:25:11 Windows Update
14-04-2018 16:16:08 Tweaking.com - Windows Repair 2018
14-04-2018 18:01:29 Windows Update
15-04-2018 10:53:25 Restore Operation
16-04-2018 11:03:41 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2018 12:37:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Scott-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. 

 DETAIL - Access is denied.

Error: (04/17/2018 12:03:46 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Scott-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. 

 DETAIL - Access is denied.

Error: (04/17/2018 12:03:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Scott-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. 

 DETAIL - Access is denied.

Error: (04/17/2018 12:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/17/2018 11:45:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/17/2018 11:45:43 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Scott-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 

 DETAIL - Access is denied.

Error: (04/17/2018 11:45:42 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Scott-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 

 DETAIL - Access is denied.

Error: (04/17/2018 04:53:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Scott-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 

 DETAIL - Access is denied.


System errors:
=============
Error: (04/17/2018 12:03:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_DEVIM

Error: (04/17/2018 12:02:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/17/2018 11:45:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_DEVIM

Error: (04/17/2018 11:45:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/17/2018 11:43:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (04/17/2018 09:52:10 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (04/17/2018 08:48:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (04/17/2018 04:53:42 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR7.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 65%
Total physical RAM: 3061.18 MB
Available physical RAM: 1045 MB
Total Virtual: 6120.7 MB
Available Virtual: 4135.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:170.38 GB) NTFS
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:166.4 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1174.43 GB) NTFS
Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:5588.9 GB) (Free:19.5 GB) NTFS

\\?\Volume{f29edfd7-c00e-11e3-a285-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7A055C85)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 5589 GB) (Disk ID: 9A983881)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

========================================================
Disk: 7 (Size: 1863 GB) (Disk ID: 8A352DED)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================