Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2019 Ran by Scott (11-11-2019 11:23:16) Running from C:\Users\Scott\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-04-09 18:07:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4044866103-2329573634-2605357377-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-4044866103-2329573634-2605357377-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4044866103-2329573634-2605357377-1002 - Limited - Enabled) Scott (S-1-5-21-4044866103-2329573634-2605357377-1000 - Administrator - Enabled) => C:\Users\Scott SM (S-1-5-21-4044866103-2329573634-2605357377-1003 - Administrator - Enabled) => C:\Users\SM ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . . (HKLM\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden . . . (HKLM\...\{679012E8-DFAC-4484-AD14-D08C6FD7FB4B}) (Version: 2.1.28.3 - Intel) Hidden 4K Video Downloader 4.4 (HKLM\...\{4E97C234-3F6C-4AA9-BFAF-0166F3050A68}) (Version: 4.4.11.2412 - Open Media LLC) 7-Zip 17.01 beta (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov) ACT! 2000 (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\ACT! 2000) (Version: - ) Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.270 - Adobe) Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe) Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version: - PDFChief Co., Ltd.) Any Video Converter 6.2.8 (HKLM\...\Any Video Converter) (Version: 6.2.8 - Anvsoft) Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell SupportAssistAgent (HKLM\...\{8BD286A4-87C7-406B-9257-F8D8E6ACB35F}) (Version: 2.1.4.14 - Dell) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers) e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com) EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System) EZ-DUB Finder (HKLM\...\{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON) Hidden EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON) Freemake Video Converter version 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Talk Plugin (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.9.2600.0 - Google, LLC.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 21.1 - Intel) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel) iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.) Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) LiveUpdate (HKLM\...\LiveUpdate) (Version: - ) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) MKVToolNix 37.0.0 (32-bit) (HKLM\...\MKVToolNix) (Version: 37.0.0 - Moritz Bunkus) MOBZync (HKLM\...\{417FF61C-66A9-4A76-8AF7-0E3994AC8C31}) (Version: 0.9.2 - MOBZystems) Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 66.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 66.0.4 (x86 en-US)) (Version: 66.0.4 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.4 - Mozilla) Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Potplayer (HKLM\...\PotPlayer) (Version: - Daum Communications Corp.) QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) Seagate Manager Installer (HKLM\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology) Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited) Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft) THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com) Unchecky v1.2 (HKLM\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Movie Maker 2017 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A3667A92C7}}_is1) (Version: - windows-movie-maker.org) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google Inc -> Google) CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google Inc -> Google) CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============= 2014-05-28 19:40 - 2014-05-28 19:40 - 009655296 _____ () [File not signed] C:\Program Files\DAUM\PotPlayer\ffcodec.dll 2016-04-27 17:04 - 2016-04-27 17:04 - 004465664 _____ () [File not signed] C:\Program Files\DAUM\PotPlayer\Module\OpenCodec\OpenCodecUnity.dll 2010-08-10 04:15 - 2010-08-10 04:15 - 000221184 _____ (Apple Computer, Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000180224 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QTCF.dll 2010-08-10 04:15 - 2010-08-10 04:15 - 012115968 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTime.qts 2010-08-10 04:15 - 2010-08-10 04:15 - 000364544 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000507904 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000122880 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 002269184 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000331776 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000585728 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000335872 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 003272704 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000987136 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000839680 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000491520 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000360448 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000589824 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000524288 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000888832 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000364544 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000176128 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx 2010-08-10 04:15 - 2010-08-10 04:15 - 000888832 _____ (Apple Inc.) [File not signed] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx 2017-10-04 07:43 - 2017-08-28 02:40 - 000049152 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2014-04-09 11:36 - 1998-05-11 19:01 - 000126976 ____N (Microsoft Corporation) [File not signed] C:\Program Files\EZ-DUB\OLEPRO32.DLL 2017-10-03 15:43 - 2017-10-03 15:43 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2014-04-15 08:18 - 2006-11-02 02:46 - 000728576 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\PS5UI.DLL 2014-08-19 10:04 - 2014-08-19 10:04 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL 2014-08-19 10:04 - 2014-08-19 10:04 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL 2018-02-14 17:30 - 2018-02-14 17:30 - 000650725 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x86\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\download.microsoft.com -> hxxp://download.microsoft.com IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\internet -> internet IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\mcafee.com -> hxxp://mcafee.com IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\mcafee.com -> hxxps://mcafee.com IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\update.microsoft.com -> hxxp://update.microsoft.com IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\update.microsoft.com -> hxxps://update.microsoft.com IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\europacasino.com -> www.europacasino.com IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\fairsearcher.com -> www.fairsearcher.com IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\viralurl.com -> www.viralurl.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:04 - 2019-11-11 04:05 - 000001306 ____R C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Skype\Phone\;C:\Program Files\Windows Live\Shared HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: Google Update => C:\Users\Scott\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2909F608-F53F-4E85-8B60-3CF0C8602B50}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A93F060F-0771-4EB6-86E8-FC7AC755986D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{AC30EE5E-E2BD-413C-B10C-DF680BEFE90F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{21777E3F-4B64-4367-B448-FFA8EA997095}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{48BF5A3C-9E61-4AE4-88EE-D78D625675F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{9B1850DF-4730-478D-9D13-8278359CF2C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{692F9A1F-19C8-4F16-8190-FC7FBE5714FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{0ECEB16C-69BA-425A-8C14-7D03024D715F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{41943A4A-5F4C-40AF-B76F-8D636F80DC7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8E528E4E-A129-43AF-9A8E-44541BAA0A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{AAD116BE-DCE6-4CE8-AF33-4206523429DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E154B2C5-F420-4BA0-88B3-37085D5C462C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A1C9EB16-F72A-4D10-8FC0-ADB0A0D83334}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E814BFAD-499F-4DCF-8264-CFB3E927F226}] => (Allow) LPort=2869 FirewallRules: [{D20238AF-FF53-4DD5-A019-3F56D9D68C0F}] => (Allow) LPort=1900 FirewallRules: [{A950C91D-A62F-4BA1-BB8C-1C9714F08962}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{24EE453D-ED9E-42B7-895F-7251D40059D9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 10-11-2019 08:24:25 Windows Update ==================== Faulty Device Manager Devices ============ Name: USB Mass Storage Device Description: USB Mass Storage Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Compatible USB storage device Service: USBSTOR Problem: : Windows is removing this device. (Code 21) Resolution: Wait several seconds, and then press the F5 key to update the Device Manager view. If that does not resolve the problem, restart your computer. ==================== Event log errors: ======================== Application errors: ================== Error: (11/11/2019 09:23:09 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC) Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control. System error . Verify that you have sufficient access to that key, or contact your support personnel. Error: (11/11/2019 09:23:07 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC) Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control. System error . Verify that you have sufficient access to that key, or contact your support personnel. Error: (11/11/2019 09:23:04 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC) Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control. System error . Verify that you have sufficient access to that key, or contact your support personnel. Error: (11/11/2019 09:23:03 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC) Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control. System error . Verify that you have sufficient access to that key, or contact your support personnel. Error: (11/11/2019 09:23:01 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC) Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control. System error . Verify that you have sufficient access to that key, or contact your support personnel. Error: (11/11/2019 09:22:59 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC) Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control. System error . Verify that you have sufficient access to that key, or contact your support personnel. Error: (11/11/2019 09:22:57 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC) Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control. System error . Verify that you have sufficient access to that key, or contact your support personnel. Error: (11/11/2019 09:22:56 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC) Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control. System error . Verify that you have sufficient access to that key, or contact your support personnel. System errors: ============= Error: (11/10/2019 08:18:33 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR6. Error: (11/10/2019 07:20:21 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR6. Error: (11/10/2019 06:35:46 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR6. Error: (11/10/2019 06:35:41 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR6. Error: (11/10/2019 06:21:33 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (11/10/2019 05:29:55 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR6. Error: (11/10/2019 05:29:51 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR6. Error: (11/09/2019 04:04:30 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. ==================== Memory info =========================== BIOS: Dell Inc. 1.0.18 02/24/2009 Motherboard: Dell Inc. 0G679R Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz Percentage of memory in use: 94% Total physical RAM: 3061.18 MB Available physical RAM: 167.5 MB Total Virtual: 6120.71 MB Available Virtual: 1107.45 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:168 GB) NTFS Drive j: (Seagate Backup Plus Drive ) (Fixed) (Total:1863.01 GB) (Free:514.35 GB) NTFS Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:177.65 GB) NTFS Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:5588.9 GB) (Free:1103.71 GB) NTFS Drive o: (Seagate Expansion Drive) (Fixed) (Total:7451.91 GB) (Free:81.14 GB) NTFS \\?\Volume{f29edfd7-c00e-11e3-a285-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7A055C85) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 5589 GB) (Disk ID: 9A983881) Partition: GPT. ========================================================== Disk: 6 (Size: 1863 GB) (Disk ID: 8A352DED) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 7. ========================================================== Disk: 8 (Size: 7452 GB) (Disk ID: 18F175A0) Partition: GPT. ==================== End of Addition.txt =======================