Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

On boot System problem with Admin Profile User


  • Please log in to reply

#16
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,653 posts

Please don't run any other fixing tools they will change the system and make my work harder.

 

I will post more instructions for you latter...


  • 0

Advertisements


#17
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,653 posts

Hi,

 

I prepared a fix for you that will try to repair your old profile...

 

- download the file ProfileFix.exe using the link I send you by PM

- execute the script and accept all the security prompts

- when the script finish Notepad will open with a log please copy & paste it contents to your post

 

After the fix don't try to login using your old user because it will not work yet!


  • 0

#18
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Hi Sleepy I will not run anything unless you instruct me to do so.  I did this abt 3-5 days ago before you responded.  I wanted to let you know what happened.

 

Log File

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 4/18/2018 11:20:56 AM >------
Category: 0
Computer Name: Scott-PC
Event Code: 1001
Record Number: 220978
Source Name: Microsoft-Windows-Wininit
Time Written: 04-18-2018 @ 17:20:16
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  218880 file records processed.                                         

File verification completed.
  2005 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  290128 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  218880 file SDs/SIDs processed.                                        

Cleaning up 91 unused index entries from index $SII of file 0x9.
Cleaning up 91 unused index entries from index $SDH of file 0x9.
Cleaning up 91 unused security descriptors.
Security descriptor verification completed.
  35625 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36510672 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  218864 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  44580755 free clusters processed.                                        

Free space verification is complete.
Windows has checked the file system and found no problems.

 488282111 KB total disk space.
 309504212 KB in 158439 files.
    114896 KB in 35626 indexes.
         0 KB in bad sectors.
    339983 KB in use by the system.
     65536 KB occupied by the log file.
 178323020 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  44580755 allocation units available on disk.

Internal Info:
00 57 03 00 1c f6 02 00 ee 83 05 00 00 00 00 00  .W..............
9e 6f 00 00 5c 00 00 00 00 00 00 00 00 00 00 00  .o..\...........
30 8f 18 00 50 01 17 00 80 1c 17 00 00 00 17 00  0...P...........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 1001
Record Number: 220135
Source Name: Microsoft-Windows-Wininit
Time Written: 04-16-2018 @ 17:49:41
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  218880 file records processed.                                         

File verification completed.
  1993 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  296598 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  218880 file SDs/SIDs processed.                                        

Cleaning up 657 unused index entries from index $SII of file 0x9.
Cleaning up 657 unused index entries from index $SDH of file 0x9.
Cleaning up 657 unused security descriptors.
Security descriptor verification completed.
  38860 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34971872 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  218864 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  45042109 free clusters processed.                                        

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 307660012 KB in 150146 files.
    115416 KB in 38861 indexes.
         0 KB in bad sectors.
    338247 KB in use by the system.
     65536 KB occupied by the log file.
 180168436 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  45042109 allocation units available on disk.

Internal Info:
00 57 03 00 5a e2 02 00 17 59 05 00 00 00 00 00  .W..Z....Y......
a9 6f 00 00 5c 00 00 00 00 00 00 00 00 00 00 00  .o..\...........
30 8f 0a 00 50 01 09 00 80 1c 09 00 00 00 09 00  0...P...........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 26212
Record Number: 219076
Source Name: Chkdsk
Time Written: 04-14-2018 @ 23:03:42
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.  

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
  194560 file records processed.                                         

File verification completed.
  2046 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  255548 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  194560 file SDs/SIDs processed.                                        

Cleaning up 86 unused index entries from index $SII of file 0x9.
Cleaning up 86 unused index entries from index $SDH of file 0x9.
Cleaning up 86 unused security descriptors.
Security descriptor verification completed.
  30495 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37693040 USN bytes processed.                                            

Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

 488282111 KB total disk space.
 307166652 KB in 159859 files.
    107432 KB in 30496 indexes.
         0 KB in bad sectors.
    316271 KB in use by the system.
     65536 KB occupied by the log file.
 180691756 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  45172939 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 26212
Record Number: 219073
Source Name: Chkdsk
Time Written: 04-14-2018 @ 22:59:46
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.  

Checking file system on C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
  194560 file records processed.                                         

File verification completed.
  2046 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  255548 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  194560 file SDs/SIDs processed.                                        

Cleaning up 86 unused index entries from index $SII of file 0x9.
Cleaning up 86 unused index entries from index $SDH of file 0x9.
Cleaning up 86 unused security descriptors.
Security descriptor verification completed.
  30495 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37678736 USN bytes processed.                                            

Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

 488282111 KB total disk space.
 307096348 KB in 159856 files.
    107432 KB in 30496 indexes.
         0 KB in bad sectors.
    316655 KB in use by the system.
     65536 KB occupied by the log file.
 180761676 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  45190419 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 1001
Record Number: 212776
Source Name: Microsoft-Windows-Wininit
Time Written: 03-26-2018 @ 22:16:27
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
Deleted corrupt attribute list entry
with type code 128 in file 157410.
Unable to find child frs 0x29d32 with sequence number 0x1ae.
Deleted corrupt attribute list entry
with type code 128 in file 157410.
Unable to find child frs 0xa7fa with sequence number 0x2f6.
  193280 file records processed.                                         

File verification completed.
  1649 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  59 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
Index entry setuperr.log of index $I30 in file 0x1fa points to unused file 0x25723.
Deleting index entry setuperr.log in index $I30 of file 506.
Index entry lastalive0.dat of index $I30 in file 0x69b points to unused file 0x26443.
Deleting index entry lastalive0.dat in index $I30 of file 1691.
Index entry lastalive1.dat of index $I30 in file 0x69b points to unused file 0x2644e.
Deleting index entry lastalive1.dat in index $I30 of file 1691.
Index entry LASTAL~1.DAT of index $I30 in file 0x69b points to unused file 0x26443.
Deleting index entry LASTAL~1.DAT in index $I30 of file 1691.
Index entry LASTAL~2.DAT of index $I30 in file 0x69b points to unused file 0x2644e.
Deleting index entry LASTAL~2.DAT in index $I30 of file 1691.
Index entry ~FontCache-System.dat of index $I30 in file 0x69b points to unused file 0x29560.
Deleting index entry ~FontCache-System.dat in index $I30 of file 1691.
Index entry ~FONTC~2.DAT of index $I30 in file 0x69b points to unused file 0x29560.
Deleting index entry ~FONTC~2.DAT in index $I30 of file 1691.
The file reference 0x1460000000030fb of index entry asl.140239_24Mar18.log of index $I30
with parent 0xb718 is not the same as 0x1470000000030fb.
Deleting index entry asl.140239_24Mar18.log in index $I30 of file 46872.
The file reference 0x1460000000030fb of index entry ASL140~1.LOG of index $I30
with parent 0xb718 is not the same as 0x1470000000030fb.
Deleting index entry ASL140~1.LOG in index $I30 of file 46872.
Correcting error in index $I30 for file 158148.
Correcting error in index $I30 for file 158148.
The index bitmap $I30 in file 0x269c4 is incorrect.
Correcting error in index $I30 for file 158148.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
ff ff ff ff ff ff ff ff 5f 33 5e 36 d4 b4 d3 01  ........_3^6....
3f 46 21 f0 7b c3 d3 01 60 94 21 f0 7b c3 d3 01  ?F!.{...`.!.{...
Sorting index $I30 in file 158148.
  252702 index entries processed.                                        

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file ASL145~1.LOG (12539) into directory file 46872.
Recovering orphaned file asl.145042_26Mar18.log (12539) into directory file 46872.
Recovering orphaned file ASL145~1.LOG (21472) into directory file 48719.
Recovering orphaned file asl.145038_26Mar18.log (21472) into directory file 48719.
Recovering orphaned file thm8C06.tmp (57059) into directory file 158148.
Recovering orphaned file thm1F18.tmp (155624) into directory file 158148.
Recovering orphaned file thmCC83.tmp (157397) into directory file 158148.
Recovering orphaned file thmCC5E.tmp (157401) into directory file 158148.
Recovering orphaned file thmCC5F.tmp (157410) into directory file 158148.
Recovering orphaned file thmCC60.tmp (157465) into directory file 158148.
Recovering orphaned file thmCC61.tmp (157485) into directory file 158148.
  11 unindexed files scanned.                                        

Recovering orphaned file thmCC82.tmp (157487) into directory file 158148.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  193280 file SDs/SIDs processed.                                        

Cleaning up 83 unused index entries from index $SII of file 0x9.
Cleaning up 83 unused index entries from index $SDH of file 0x9.
Cleaning up 83 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 157410.
  29713 data files processed.                                           

CHKDSK is verifying Usn Journal...
The USN Journal entry at offset 0x7ee0e9000 and length 0xb9b0a672 crosses
the page boundary.
The USN Journal entry at offset 0x7ee0ea000 and length 0xb187dffb crosses
the page boundary.
Repairing Usn Journal file record segment.
  35242336 USN bytes processed.                                            

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 281557064 KB in 146743 files.
    101628 KB in 29714 indexes.
         0 KB in bad sectors.
    312655 KB in use by the system.
     65536 KB occupied by the log file.
 206310764 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  51577691 allocation units available on disk.

Internal Info:
00 f3 02 00 54 b1 02 00 80 08 05 00 00 00 00 00  ....T...........
1c 75 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  .u..;...........
11 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Scott-PC
Event Code: 1001
Record Number: 192163
Source Name: Microsoft-Windows-Wininit
Time Written: 01-22-2018 @ 21:15:17
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  187136 file records processed.                                         

File verification completed.
  2944 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  59 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
The file reference 0x2ed000000011744 of index entry lastalive0.dat of index $I30
with parent 0x69b is not the same as 0x2ec000000011744.
Deleting index entry lastalive0.dat in index $I30 of file 1691.
The file reference 0x2be00000001fb89 of index entry lastalive1.dat of index $I30
with parent 0x69b is not the same as 0x2bd00000001fb89.
Deleting index entry lastalive1.dat in index $I30 of file 1691.
The file reference 0x2ed000000011744 of index entry LASTAL~1.DAT of index $I30
with parent 0x69b is not the same as 0x2ec000000011744.
Deleting index entry LASTAL~1.DAT in index $I30 of file 1691.
The file reference 0x2be00000001fb89 of index entry LASTAL~2.DAT of index $I30
with parent 0x69b is not the same as 0x2bd00000001fb89.
Deleting index entry LASTAL~2.DAT in index $I30 of file 1691.
The file reference 0x3040000000117f9 of index entry ~FontCache-FontFace.dat of index $I30
with parent 0x69b is not the same as 0x3030000000117f9.
Deleting index entry ~FontCache-FontFace.dat in index $I30 of file 1691.
The file reference 0x22e00000001569d of index entry ~FontCache-System.dat of index $I30
with parent 0x69b is not the same as 0x22d00000001569d.
Deleting index entry ~FontCache-System.dat in index $I30 of file 1691.
The file reference 0x3040000000117f9 of index entry ~FONTC~1.DAT of index $I30
with parent 0x69b is not the same as 0x3030000000117f9.
Deleting index entry ~FONTC~1.DAT in index $I30 of file 1691.
The file reference 0x22e00000001569d of index entry ~FONTC~2.DAT of index $I30
with parent 0x69b is not the same as 0x22d00000001569d.
Deleting index entry ~FONTC~2.DAT in index $I30 of file 1691.
The file reference 0x25c00000002047c of index entry mpenginedb.db-shm of index $I30
with parent 0xd9e3 is not the same as 0x25b00000002047c.
Deleting index entry mpenginedb.db-shm in index $I30 of file 55779.
The file reference 0x25c00000002047c of index entry MPENGI~2.DB~ of index $I30
with parent 0xd9e3 is not the same as 0x25b00000002047c.
Deleting index entry MPENGI~2.DB~ in index $I30 of file 55779.
Correcting error in index $I30 for file 85918.
Correcting error in index $I30 for file 85918.
The index bitmap $I30 in file 0x14f9e is incorrect.
Correcting error in index $I30 for file 85918.
The down pointer of current index entry with length 0x70 is invalid.
97 04 02 00 00 00 60 02 70 00 52 00 01 00 00 00  ......`.p.R.....
9e 4f 01 00 00 00 2b 00 64 e4 ab 54 0a 92 d3 01  .O....+.d..T....
1c 4d b2 54 0a 92 d3 01 68 78 20 52 28 92 d3 01  .M.T....hx R(...
64 e4 ab 54 0a 92 d3 01 58 01 00 00 00 00 00 00  d..T....X.......
53 01 00 00 00 00 00 00 20 20 00 00 00 00 00 00  S.......  ......
08 02 39 00 44 00 36 00 38 00 46 00 34 00 7e 00  ..9.D.6.8.F.4.~.
31 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff  1...............
b5 04 02 00 00 00 62 02 70 00 52 00 01 00 00 00  ......b.p.R.....
Sorting index $I30 in file 85918.
The file reference 0xa6000000006e8a of index entry thm5492.tmp of index $I30
with parent 0x204fb is not the same as 0xa7000000006e8a.
Deleting index entry thm5492.tmp in index $I30 of file 132347.
  244596 index entries processed.                                        

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file LASTAL~1.DAT (71492) into directory file 1691.
Recovering orphaned file lastalive0.dat (71492) into directory file 1691.
Recovering orphaned file ~FONTC~1.DAT (71673) into directory file 1691.
Recovering orphaned file ~FontCache-FontFace.dat (71673) into directory file 1691.
Recovering orphaned file ~FONTC~2.DAT (87709) into directory file 1691.
Recovering orphaned file ~FontCache-System.dat (87709) into directory file 1691.
Recovering orphaned file LASTAL~2.DAT (129929) into directory file 1691.
Recovering orphaned file lastalive1.dat (129929) into directory file 1691.
Recovering orphaned file MPENGI~2.DB~ (132220) into directory file 55779.
Recovering orphaned file mpenginedb.db-shm (132220) into directory file 55779.
Recovering orphaned file 9d68f46e5f082ffdc5e2b0695a3758df1b691060 (132247) into directory file 85918.
Recovering orphaned file FAILTE~1 (149725) into directory file 55779.
Recovering orphaned file FailTelemetry (149725) into directory file 55779.
  9 unindexed files scanned.                                        

Recovering orphaned file WEBCAC~1.TMP (149767) into directory file 21553.
Recovering orphaned file WebCacheV01.tmp (149767) into directory file 21553.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  187136 file SDs/SIDs processed.                                        

Cleaning up 1547 unused index entries from index $SII of file 0x9.
Cleaning up 1547 unused index entries from index $SDH of file 0x9.
Cleaning up 1547 unused security descriptors.
Security descriptor verification completed.
  28731 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37328368 USN bytes processed.                                            

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 379204948 KB in 141035 files.
     98360 KB in 28733 indexes.
         0 KB in bad sectors.
    308575 KB in use by the system.
     65536 KB occupied by the log file.
 108670228 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  27167557 allocation units available on disk.

Internal Info:
00 db 02 00 32 97 02 00 94 d8 04 00 00 00 00 00  ....2...........
37 75 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  7u..;...........
11 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------


  • 0

#19
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Hi Sleepy, TY for the fix. Log posted. It was a small log ?

 

~~~ ProfileFix script starting... Wed 04/18/2018 11:28 ~~~
 
ARCH: x86
 
::: Loading user profile hive...
The operation completed successfully.

 
::: Loading UsrClass hive...
The operation completed successfully.

 
::: Adjusting Registry permissions on User profile...
Processing ACL of: <machine\TMP>

SetACL finished successfully.
 
::: Adjusting Registry permissions on UsrClass profile...
Processing ACL of: <machine\USR>

SetACL finished successfully.
 
::: Unloading Registry hives...
The operation completed successfully.

The operation completed successfully.


Edited by everythingsm, 18 April 2018 - 12:51 PM.

  • 0

#20
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,653 posts

Hi,
 
Thanks for the log, no errors and that is good.
 
Before doing more things I would like you to remove AVG completely from the computer please follow the instructions on this link:
https://support.avg....o-uninstall-AVG
 
Start from step C) AVG Remover


  • 0

#21
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

I completed the removal. Machine rebooted and came back up and ran another item. I clicked ok. It is complete and I'm back at the desktop. Do you need any logs ?


  • 0

#22
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,653 posts

No logs necessary I will check later using FRST.

 

Now we need to change the registry give me some time to post the instructions.


  • 0

#23
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,653 posts
!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
 
Please follow the instructions exactly in the order I post, if you have any doubts please ask
 
Step 1 - Edit the Registry
  • open Regedit, click Start -> Run -> regedit
  • navigate to the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  • on the left side, right click on the sub-key S-1-5-21-4044866103-2329573634-2605357377-1000 and use the option rename, add .new to the end of the key name like this S-1-5-21-4044866103-2329573634-2605357377-1000.new
  • again on the left side, right click on the sub-key S-1-5-21-4044866103-2329573634-2605357377-1000.bak and use the option rename, remove the .bak on the end of the key name like this S-1-5-21-4044866103-2329573634-2605357377-1000
  • make sure you have the sub-key S-1-5-21-4044866103-2329573634-2605357377-1000 selected on the left
  • on the right side double click the State value and change it to 0
  • close Regedit
Step 2 - Run FRST fix
  • Highlight the contents of the box below, right click on it and select Copy

    Start::
    reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s
    End::

  • Execute FRST/FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    FRST_Fix.png
  • Press the Fix button just once and Wait
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.

  • 0

#24
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Hi Sleepy here ya go.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by SM (19-04-2018 08:27:53) Run:2
Running from C:\Users\SM\Desktop
Loaded Profiles: SM (Available Profiles: Scott & SM & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s

*****************


========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags    REG_DWORD    0xc
    State    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    Sid    REG_BINARY    010100000000000512000000
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1000
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Scott
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BE8030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x0
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1000.new
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\TEMP
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1003
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\SM
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BEB030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x5
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-500
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Administrator
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x100
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BF4010000
    Migrated    REG_BINARY    201283A24154CF01
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x0
    RunLogonScriptSync    REG_DWORD    0x0



========= End of Reg: =========


==== End of Fixlog 08:27:54 ====


  • 0

#25
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,653 posts

Hi,

 

Time to restart the computer and try to logon using the old user account Scott

 

Please report if you can access your normal desktop now or if you see a temporary profile again.


  • 0

Advertisements


#26
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Hi,

 

Tried to log on and it says wrong password. I have always just booted up without the password.  I have tried many different password combos and am trying to see if i have this written down.  Is there a way to by pass this ?

 

There was no Temp Profile.  On the Desk top is SM and Other User Options (My USer Square does not show in options). I select other user then place for User Name and below it an area for Password. I type in Scott and Passwords I use (I rarely don't use the same password on anything). None of the passwords I use will open the User Profile.


Edited by everythingsm, 19 April 2018 - 11:36 AM.

  • 0

#27
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,653 posts

Logon using the SM account then open the Control Panel -> User Accounts -> Manage another account select the Scott account and change the password.

 

https://www.sevenfor...ord-change.html ( follow OPTION TWO)


  • 0

#28
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Sleepy you do not even know the monkey you just pulled off my back ! :alarm: :thumbsup:

 

I have struggled with this since 4/10 and thought this was dust and you saved it. I was literally seconds from adjusting regedit myself and looked in my mailbox one last time and your message was there. I might have gotten the User Profile done with .bak but I had no idea reg the fixes you did with FAR etc.

 

All seems in tack except Firefox is older edition.  The rest seems to be here from what I can see.  I have some questions I want to pose reg how this might have happened, making a copy of the Admin User Id for future situations. My first is do I just upgrade FireFox and will that put the remaining back to normal ?


  • 0

#29
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,653 posts

Good.

 

Before doing more things please reboot the machine and logon again with the scott account to see if it continues to work.

 

Run a new FRST scan from this user and post the new logs so I can review the system state.


  • 0

#30
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Machine booted and I was able to get into Scott User Profile. My Win Update History show only Essential Updates for the last 4 days. No history of anything else.  I did turn the updates off during this process because I didn't want to take in updates I already had. I had a prob earlier and read to use CHECK FOR UPDATES BUT LET ME TELL WHEN TO INSTALL. Updates are off right now.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19.04.2018
Ran by Scott (administrator) on SCOTT-PC (19-04-2018 15:10:18)
Running from C:\Users\Scott\Desktop
Loaded Profiles: Scott (Available Profiles: Scott & SM & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\EZ-DUB\EZ-DUB.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguix.exe" /fmw.trayonly
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [12762872 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Policies\Explorer: [NoDriveAutoRun] -1
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [12762872 2018-03-06] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EZ-DUB Finder.lnk [2014-04-09]
ShortcutTarget: EZ-DUB Finder.lnk -> C:\Program Files\EZ-DUB\EZ-DUB.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C6031F9-D42E-4882-9D5F-83F90B249A56}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111213&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {09533787-AE1B-4686-AD2C-648367BFEF2B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {454575F2-C92B-4CBB-B1F6-3D04AC434B77} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228 [2018-04-19]
FF Extension: (BlockSite Plus) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{6d43fee4-72e7-4290-b75a-b898e4f4676d} [2018-04-16] [Legacy]
FF Extension: (NoScript) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-04-19]
FF Extension: (Adblock Plus) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-19]
FF Extension: (YouTube to MP3 Button) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{ec791a2e-1b4f-4bcc-a4d0-5e795de557dc}.xpi [2018-03-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: (Freemake Video Downloader Plugin) - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-05-31] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: (Freemake Youtube Download Button) - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-05-31] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @talk.google.com/O1DPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-09-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-01-24] (Ellora Assets Corp.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc.)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [58656 2018-03-19] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167656 2018-04-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [93920 2018-04-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-04-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [72824 2018-04-19] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimbus.sys [80792 2017-04-25] (Paragon Software GmbH)
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uimdevim.sys [20376 2017-04-25] (Paragon Software GmbH)
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-22] (Ulead Systems, Inc.) [File not signed]
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-19 15:05 - 2018-04-19 15:10 - 000026636 _____ C:\Users\Scott\Desktop\FRST.txt
2018-04-19 15:03 - 2018-04-19 15:03 - 001764864 _____ (Farbar) C:\Users\Scott\Desktop\FRST.exe
2018-04-19 08:28 - 2018-04-19 08:28 - 000003481 _____ C:\Users\SM\Desktop\Fixlog2.txt
2018-04-19 05:17 - 2018-04-19 05:19 - 000000000 ____D C:\Users\SM\AppData\Local\CrashDumps
2018-04-18 12:16 - 2018-04-18 12:16 - 000000000 ____D C:\Users\SM\AppData\Local\Avg
2018-04-18 12:07 - 2018-04-18 12:17 - 000000000 ____D C:\AVG_Remover
2018-04-18 12:04 - 2018-04-18 12:04 - 007986864 _____ ( ) C:\Users\SM\Desktop\AVG_Remover.exe
2018-04-18 11:27 - 2018-04-18 11:27 - 000621817 _____ C:\Users\SM\Desktop\ProfileFix.exe
2018-04-18 11:20 - 2018-04-18 11:22 - 000047694 _____ C:\Users\SM\Desktop\ListChkdskResult.txt
2018-04-18 10:24 - 2018-04-18 10:24 - 000000000 ____D C:\Users\SM\Documents\e-Sword
2018-04-17 16:01 - 2018-04-17 16:01 - 000197679 _____ C:\Users\SM\Desktop\ListChkdskResult.exe
2018-04-17 15:19 - 2018-04-19 12:58 - 000000000 ____D C:\Users\SM\AppData\Roaming\vlc
2018-04-17 15:04 - 2018-04-19 08:27 - 000003481 _____ C:\Users\SM\Desktop\Fixlog.txt
2018-04-17 14:14 - 2018-04-17 14:16 - 000032894 _____ C:\Users\SM\Desktop\Addition.txt
2018-04-17 14:13 - 2018-04-17 14:16 - 000051249 _____ C:\Users\SM\Desktop\FRST.txt
2018-04-17 14:12 - 2018-04-19 15:10 - 000000000 ____D C:\FRST
2018-04-17 14:11 - 2018-04-17 14:11 - 001763840 _____ (Farbar) C:\Users\SM\Desktop\FRST.exe
2018-04-17 11:57 - 2018-04-17 11:57 - 000001358 _____ C:\DelFix.txt
2018-04-16 14:41 - 2018-04-16 14:41 - 000001186 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2018-04-16 14:41 - 2018-04-16 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2018-04-16 12:20 - 2018-04-16 12:20 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2018-04-16 11:59 - 2018-04-19 14:53 - 000093920 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-16 11:59 - 2018-04-19 14:53 - 000072824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-16 11:58 - 2018-04-19 14:53 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-16 11:58 - 2018-04-16 11:58 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-16 11:58 - 2018-04-16 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-16 11:58 - 2018-04-16 11:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-16 11:58 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
2018-04-16 10:50 - 2018-04-19 14:53 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-16 05:47 - 2018-04-16 05:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2018-04-15 12:24 - 2018-04-16 08:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2018-04-15 05:51 - 2018-04-15 05:51 - 000000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2018-04-15 05:51 - 2018-04-15 05:51 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2018-04-15 04:15 - 2018-04-18 05:06 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-04-15 04:15 - 2018-04-15 04:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2018-04-15 04:15 - 2018-04-15 04:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-04-14 17:54 - 2018-04-19 09:44 - 000000000 ____D C:\Users\SM\AppData\LocalLow\Mozilla
2018-04-14 17:54 - 2018-04-14 17:58 - 000000000 ____D C:\Users\SM\AppData\Local\Mozilla
2018-04-14 17:54 - 2018-04-14 17:54 - 000000000 ____D C:\Users\SM\AppData\Roaming\Mozilla
2018-04-14 17:47 - 2018-04-14 17:47 - 000000000 ____D C:\Users\SM\AppData\Local\VirtualStore
2018-04-14 14:21 - 2018-04-17 12:05 - 000068240 _____ C:\Users\SM\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-14 14:21 - 2018-04-14 14:21 - 000001417 _____ C:\Users\SM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-14 14:21 - 2018-04-14 14:21 - 000000363 _____ C:\Users\Scott\RecentPlaces.lnk
2018-04-14 14:21 - 2018-04-14 14:21 - 000000020 ___SH C:\Users\SM\ntuser.ini
2018-04-14 14:21 - 2018-04-14 14:21 - 000000000 ____D C:\Users\SM\AppData\Roaming\Apple Computer
2018-04-14 14:21 - 2018-04-14 14:21 - 000000000 ____D C:\Users\SM\AppData\Roaming\Adobe
2018-04-14 14:20 - 2018-04-16 10:49 - 000000000 ____D C:\Users\SM
2018-04-14 14:20 - 2014-04-11 22:01 - 000000000 ____D C:\Users\SM\AppData\Local\Microsoft Help
2018-04-14 14:20 - 2011-04-11 19:24 - 000000000 ____D C:\Users\SM\AppData\Roaming\Media Center Programs
2018-04-14 14:10 - 2018-04-16 11:37 - 000068240 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-14 14:10 - 2018-04-14 14:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2018-04-14 14:09 - 2018-04-14 14:09 - 000001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-14 14:09 - 2018-04-14 14:09 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-04-14 14:09 - 2018-04-14 14:09 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-04-14 10:59 - 2018-04-16 11:25 - 000000000 ____D C:\Users\TEMP\AppData\Local\CrashDumps
2018-04-14 08:50 - 2018-04-17 10:56 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-14 08:48 - 2018-04-16 08:20 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-13 14:56 - 2018-04-13 15:02 - 000001109 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-04-13 06:09 - 2018-04-16 08:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-04-13 06:09 - 2018-04-13 06:09 - 000000941 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-04-13 06:08 - 2018-04-13 06:09 - 000000000 ____D C:\Program Files\Speccy
2018-04-11 17:28 - 2018-04-11 17:28 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Apple Computer
2018-04-10 16:33 - 2018-04-13 15:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-10 16:32 - 2018-04-17 11:59 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2018-04-10 16:09 - 2018-04-16 08:13 - 000000000 ____D C:\Windows\system32\%LocalAppData%
2018-04-10 15:53 - 2018-04-10 15:53 - 000000000 __SHD C:\Users\TEMP\PrivacIE
2018-04-10 15:52 - 2018-04-16 10:49 - 000000000 ____D C:\Users\TEMP
2018-04-10 15:52 - 2018-04-10 15:52 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Apple Computer
2018-04-10 15:52 - 2014-04-13 09:47 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
2018-04-10 15:52 - 2014-04-11 22:01 - 000000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2018-04-10 15:52 - 2011-04-11 19:24 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2018-04-10 13:36 - 2018-04-10 13:47 - 647411862 _____ C:\Users\Scott\Downloads\Brandi Love Sexy SM plays muse 1080p.mp4
2018-04-10 12:55 - 2018-04-09 12:13 - 2394188621 _____ C:\Users\Scott\Downloads\Tasha Reign VIXEN BIG.mp4
2018-04-10 12:53 - 2018-04-10 13:06 - 379962391 _____ C:\Users\Scott\Downloads\HA_720P.part2.rar
2018-04-10 12:50 - 2018-04-09 00:06 - 1124889025 _____ C:\Users\Scott\Downloads\Reagan49hd18.MP4
2018-04-10 12:47 - 2018-04-10 06:17 - 1218021084 _____ C:\Users\Scott\Downloads\Isis Love 5UtKkXIpd51h5fQwhek7XlKzUtK32YGyZ.mp4
2018-04-10 05:30 - 2018-04-10 05:53 - 1300727034 _____ C:\Users\Scott\Downloads\nina-elle REDO -tgf-with-mike-mancini_1080p.mp4
2018-04-10 05:30 - 2018-04-10 05:37 - 416686780 _____ C:\Users\Scott\Downloads\Keio Valentien Marks Head bobber and Hand Jobbers 1on1 1080p.mp4
2018-04-10 05:29 - 2018-04-10 06:02 - 1690422862 _____ C:\Users\Scott\Downloads\Gia Paige WildOnCam CherrpPimps 1080p.mp4
2018-04-10 04:25 - 2018-04-10 05:22 - 1063727106 _____ C:\Users\Scott\Downloads\Alexa Nova [bleep]ing- Flexible 3 1080p.mp4
2018-04-10 04:24 - 2018-04-10 05:23 - 1229332728 _____ C:\Users\Scott\Downloads\Whitney Wright [bleep]ing Flexible 3 1080p.mp4
2018-04-10 04:23 - 2018-04-10 05:19 - 927473880 _____ C:\Users\Scott\Downloads\roccos-intimate-castings-10-chad-rockwell-2_1080p.mp4
2018-04-10 04:23 - 2018-04-10 04:50 - 1581045531 _____ C:\Users\Scott\Downloads\Lana Rhoades Hardx Anal workout 1080p.mp4
2018-04-10 04:23 - 2018-04-10 04:37 - 822177309 _____ C:\Users\Scott\Downloads\vixen-tasha-reign_1080p.mp4
2018-04-10 04:22 - 2018-04-10 04:47 - 1104199564 _____ C:\Users\Scott\Downloads\Meggan Mallone VIXEN Practice makes perfect 1080p.mp4
2018-04-09 09:51 - 2018-04-08 17:01 - 1218175115 _____ C:\Users\Scott\Downloads\Kristen Scott Sex Addict Spies On Slutty SD 040918.mp4
2018-04-09 07:57 - 2018-04-09 09:20 - 502765890 _____ C:\Users\Scott\Downloads\Ryan Conner RyanConner.com  121317 1080p.mp4
2018-04-09 07:57 - 2018-04-09 09:16 - 1088516776 _____ C:\Users\Scott\Downloads\Carolina Sweets POVd Fit to [bleep] 1080p.mp4
2018-04-09 07:37 - 2018-04-09 07:53 - 968359280 _____ C:\Users\Scott\Downloads\Ryan Conner Video 20 Tommy Pistol 1080p.mp4
2018-04-09 06:25 - 2018-04-09 07:54 - 760592444 _____ C:\Users\Scott\Downloads\Ana Rose Massage in the foyer 1080p.mp4
2018-04-09 06:23 - 2018-04-09 07:24 - 2237903372 _____ C:\Users\Scott\Downloads\Eve Ellwood BANG POV 1080p.mp4
2018-04-09 05:55 - 2018-04-09 06:11 - 943400758 _____ C:\Users\Scott\Downloads\Missy Martinez The horniest 1080p.mp4
2018-04-09 05:55 - 2018-04-09 06:06 - 669070837 _____ C:\Users\Scott\Downloads\Holly Michaels Gets [bleep]ed by-some-guys_720p.mp4
2018-04-09 05:46 - 2018-04-09 13:19 - 1616380729 _____ C:\Users\Scott\Downloads\Lela Star Lela Commissions A [bleep].mp4
2018-04-09 05:39 - 2018-04-09 05:53 - 787284057 _____ C:\Users\Scott\Downloads\Ryan Conner Video 19 Nathan Bronson 1080p.mp4
2018-04-09 05:38 - 2018-04-09 05:59 - 1065620630 _____ C:\Users\Scott\Downloads\Alyssia Kent Deep tissue massage 1080p.mp4
2018-04-09 05:38 - 2018-04-09 05:52 - 759897613 _____ C:\Users\Scott\Downloads\Bailey Brooke Under the canopy 1080p.mp4
2018-04-09 05:37 - 2018-04-09 05:54 - 941369600 _____ C:\Users\Scott\Downloads\Holly Michaels POVd Road head 1080p.mp4
2018-04-09 05:36 - 2018-04-09 05:48 - 642388722 _____ C:\Users\Scott\Downloads\Jessa Rhodes Cum on my feet 1080p.mp4
2018-04-09 05:26 - 2018-04-09 15:15 - 1983228030 _____ C:\Users\Scott\Downloads\MOMPOV-XOUT 10 Judith.mp4
2018-04-08 08:21 - 2018-04-08 12:06 - 1245968936 _____ C:\Users\Scott\Downloads\Karma RX MFHG 040818 1080p.mp4
2018-04-08 08:21 - 2018-04-08 08:54 - 1271594677 _____ C:\Users\Scott\Downloads\Eva Lovia Bang.com Strips her tiny purple bikini 1080p.mp4
2018-04-08 08:21 - 2018-04-08 08:31 - 529217747 _____ C:\Users\Scott\Downloads\Zaya Cassidy Fresh meat 720p.mp4
2018-04-08 05:16 - 2017-09-09 11:24 - 2269294838 _____ C:\Users\Scott\Downloads\Amia Miley Wildoncam CherryPimps.mp4
2018-04-08 05:11 - 2018-04-08 05:11 - 000000515 _____ C:\Users\Scott\Desktop\Seagate Backup Plus Drive (K) - Shortcut.lnk
2018-04-08 05:10 - 2017-10-01 20:48 - 1765693969 _____ C:\Users\Scott\Downloads\Amia Miley Beach Patrol 2.mp4
2018-04-07 15:36 - 2018-04-07 16:23 - 000000000 ____D C:\Users\Scott\Downloads\Legion
2018-04-07 13:42 - 2017-05-14 06:23 - 2334518637 _____ C:\Users\Scott\Downloads\Amia Miley Ultimate [bleep] Toy Amia Miley Sc4.mp4
2018-04-07 05:40 - 2018-04-07 05:51 - 643094276 _____ C:\Users\Scott\Downloads\Gina Valentina TUSHY 2 1080p.mp4
2018-04-07 05:40 - 2018-04-07 05:48 - 418998378 _____ C:\Users\Scott\Downloads\Amia Miley JeshbyJesh 2 1080p.mp4
2018-04-07 05:39 - 2018-04-07 08:02 - 2142401930 _____ C:\Users\Scott\Downloads\Amia Miley POV 1080p.mp4
2018-04-07 05:39 - 2018-04-07 06:05 - 1463559504 _____ C:\Users\Scott\Downloads\Samantha Saint Wickedlive 720p.mp4
2018-04-07 05:17 - 2018-04-07 05:32 - 778154204 _____ C:\Users\Scott\Downloads\Amia Miley Stretching out.mp4
2018-04-07 05:16 - 2018-04-07 05:35 - 853794418 _____ C:\Users\Scott\Downloads\Amia Miley BB Pink.mp4
2018-04-06 09:44 - 2018-03-21 05:35 - 1529686843 _____ C:\Users\Scott\Downloads\Alexis Fawx Plump as a peach.mp4
2018-04-06 09:42 - 2014-11-10 20:22 - 1052359784 _____ C:\Users\Scott\Downloads\Rachel Roxxx Pornfedlity Black Lingerie.mp4
2018-04-06 09:36 - 2016-09-15 21:05 - 834161286 _____ C:\Users\Scott\Downloads\Rachel Roxxx Nuru.mp4
2018-04-06 09:23 - 2016-03-19 01:46 - 857100617 _____ C:\Users\Scott\Downloads\Rachel Roxxx Virtual Reality.mp4
2018-04-06 06:22 - 2018-04-06 06:28 - 943458695 _____ C:\Users\Scott\Downloads\Rachel Roxxx Breast Massage.mp4
2018-04-06 06:22 - 2018-04-06 06:28 - 637954566 _____ C:\Users\Scott\Downloads\Rachel Roxxx Good Service.mp4
2018-04-06 05:59 - 2018-04-06 08:07 - 463261253 _____ C:\Users\Scott\Downloads\Julia Ann MFHM 122917 720p.mp4
2018-04-06 05:57 - 2018-04-06 06:14 - 788538394 _____ C:\Users\Scott\Downloads\Naughty Alysha Alyshas whorebus 1080p.mp4
2018-04-06 05:57 - 2018-04-06 06:02 - 302334135 _____ C:\Users\Scott\Downloads\Naughty Alysha Bike week banging 3 1080p.mp4
2018-04-06 05:56 - 2018-04-06 06:01 - 300882473 _____ C:\Users\Scott\Downloads\Naughty Alysha Hubby doesnt mind 1080p.mp4
2018-04-06 05:55 - 2018-04-06 06:05 - 526602986 _____ C:\Users\Scott\Downloads\Naughty Alysha Membership benefits 1080p.mp4
2018-04-06 05:51 - 2018-04-06 05:59 - 482831439 _____ C:\Users\Scott\Downloads\Rachel Roxxx She's a handful 720p.mp4
2018-04-06 05:23 - 2018-04-06 05:34 - 546584207 _____ C:\Users\Scott\Downloads\Naughty Alysha One las tstop 1080p.mp4
2018-04-06 05:21 - 2018-04-06 05:32 - 516598327 _____ C:\Users\Scott\Downloads\Naughty Alysha Thats what friends are for 1080p.mp4
2018-04-06 05:20 - 2018-04-06 05:34 - 715444563 _____ C:\Users\Scott\Downloads\Naughty Alysha Im easy in the big easy 1080p.mp4
2018-04-06 05:18 - 2018-04-06 05:50 - 876541657 _____ C:\Users\Scott\Downloads\Naughty Alysha Bike week banging 2 1080p.mp4
2018-04-06 05:18 - 2018-04-06 05:35 - 922894740 _____ C:\Users\Scott\Downloads\Naughty Alysha You look familiar 1080p.mp4
2018-04-06 05:16 - 2018-04-06 05:35 - 980384801 _____ C:\Users\Scott\Downloads\Nina Elle MFHM 080217 1080p.mp4
2018-04-06 05:16 - 2018-04-06 05:35 - 1019398355 _____ C:\Users\Scott\Downloads\Nina Elle MFHM 072417_1080p.mp4
2018-04-04 08:06 - 2018-04-16 11:59 - 000167656 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-27 19:17 - 2018-03-27 19:17 - 000199426 _____ C:\Users\Scott\Desktop\hidden_power_of_universal_laws_psitek.pdf
2018-03-26 15:12 - 2018-03-26 15:12 - 000000000 __SHD C:\found.002
2018-03-25 19:07 - 2018-03-25 19:07 - 015333512 _____ (Piriform Ltd) C:\Users\Scott\Downloads\ccsetup541.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-19 15:06 - 2016-11-16 03:11 - 000000000 ____D C:\Users\Scott\AppData\LocalLow\Mozilla
2018-04-19 15:00 - 2009-07-13 21:34 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-19 15:00 - 2009-07-13 21:34 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-19 14:52 - 2009-07-13 21:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-19 14:23 - 2014-04-10 16:38 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Mozilla
2018-04-19 09:50 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\inf
2018-04-17 09:56 - 2010-11-20 14:01 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 19:44 - 2014-04-25 06:09 - 000000000 ____D C:\Windows\Minidump
2018-04-16 14:42 - 2018-03-14 10:36 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-04-16 14:41 - 2014-09-10 17:06 - 000000000 ____D C:\ProgramData\Unchecky
2018-04-16 11:13 - 2016-05-24 07:33 - 000002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1.lnk
2018-04-16 10:59 - 2014-04-10 12:55 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-16 10:49 - 2014-04-09 15:18 - 000000000 ____D C:\Users\Administrator
2018-04-16 10:48 - 2014-05-31 07:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2018-04-16 10:48 - 2014-04-09 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-04-16 08:22 - 2014-04-09 11:08 - 000000000 ____D C:\Users\Scott
2018-04-16 08:22 - 2009-07-13 21:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-04-16 08:22 - 2009-07-13 21:52 - 000000000 ____D C:\Windows\Offline Web Pages
2018-04-16 08:22 - 2009-07-13 21:52 - 000000000 ____D C:\Windows\Downloaded Program Files
2018-04-16 08:22 - 2009-07-13 21:52 - 000000000 ____D C:\Program Files\Windows Sidebar
2018-04-16 08:22 - 2009-07-13 19:37 - 000000000 __RSD C:\Windows\Media
2018-04-16 08:22 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\TAPI
2018-04-16 08:22 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\Msdtc
2018-04-16 08:22 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\ias
2018-04-16 08:22 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\rescache
2018-04-16 08:21 - 2014-08-13 11:38 - 000000000 ____D C:\Windows\pss
2018-04-16 08:21 - 2009-07-13 21:34 - 000000000 ____D C:\Windows\Setup
2018-04-16 08:21 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\sysprep
2018-04-16 08:21 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\NDF
2018-04-16 08:21 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
2018-04-16 08:21 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\servicing
2018-04-16 08:21 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\security
2018-04-16 08:21 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\PLA
2018-04-16 08:20 - 2018-03-14 10:18 - 000000000 ____D C:\Users\Scott\AppData\Local\Paragon
2018-04-16 08:20 - 2018-03-05 15:49 - 000000000 ____D C:\Users\Scott\AppData\Local\FlvtoYoutubeDownloader
2018-04-16 08:20 - 2018-03-05 15:46 - 000000000 ____D C:\Users\Scott\AppData\Local\Flvto YouTube Downloader
2018-04-16 08:20 - 2018-01-24 05:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2018-04-16 08:20 - 2017-08-03 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-04-16 08:20 - 2017-06-22 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-16 08:20 - 2017-05-14 10:15 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2018-04-16 08:20 - 2017-03-10 05:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2018-04-16 08:20 - 2016-12-22 04:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-04-16 08:20 - 2016-12-20 20:22 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Skype
2018-04-16 08:20 - 2016-12-20 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-04-16 08:20 - 2016-12-20 20:21 - 000000000 ____D C:\ProgramData\Skype
2018-04-16 08:20 - 2016-12-20 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-04-16 08:20 - 2016-12-20 20:11 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2018-04-16 08:20 - 2016-11-20 05:14 - 000000000 ____D C:\Users\Scott\AppData\Local\Intel
2018-04-16 08:20 - 2016-11-20 05:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2018-04-16 08:20 - 2016-08-15 14:09 - 000000000 ___SD C:\Users\Scott\Documents\My Data Sources
2018-04-16 08:20 - 2016-08-07 13:11 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Anvsoft
2018-04-16 08:20 - 2016-06-02 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-04-16 08:20 - 2016-06-02 09:40 - 000000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2018-04-16 08:20 - 2015-11-28 08:29 - 000000000 ____D C:\Users\Scott\Downloads\OLD
2018-04-16 08:20 - 2014-08-25 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2018-04-16 08:20 - 2014-08-25 11:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2018-04-16 08:20 - 2014-08-19 13:59 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-04-16 08:20 - 2014-08-19 07:55 - 000000000 ____D C:\ProgramData\VS Revo Group
2018-04-16 08:20 - 2014-08-18 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2018-04-16 08:20 - 2014-07-14 22:12 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-16 08:20 - 2014-06-27 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword Module Installer
2018-04-16 08:20 - 2014-05-31 07:13 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2018-04-16 08:20 - 2014-05-14 08:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2018-04-16 08:20 - 2014-05-08 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2018-04-16 08:20 - 2014-05-05 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Scan to PDF Free
2018-04-16 08:20 - 2014-04-24 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec ACT!
2018-04-16 08:20 - 2014-04-14 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2018-04-16 08:20 - 2014-04-14 20:56 - 000000000 ____D C:\Users\Scott\AppData\Local\Downloaded Installations
2018-04-16 08:20 - 2014-04-13 13:43 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-16 08:20 - 2014-04-13 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-04-16 08:20 - 2014-04-13 11:43 - 000000000 ____D C:\Program Files\7-Zip
2018-04-16 08:20 - 2014-04-11 10:04 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Thunderbird
2018-04-16 08:20 - 2014-04-11 09:08 - 000000000 ___RD C:\Users\Scott\OneDrive
2018-04-16 08:20 - 2014-04-11 06:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-04-16 08:20 - 2014-04-09 14:28 - 000000000 ____D C:\Users\Scott\AppData\Roaming\vlc
2018-04-16 08:20 - 2014-04-09 13:04 - 000000000 ____D C:\ProgramData\Apple
2018-04-16 08:20 - 2014-04-09 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ-DUB
2018-04-16 08:20 - 2014-04-09 11:08 - 000000000 ____D C:\Users\Scott\AppData\Local\VirtualStore
2018-04-16 08:20 - 2014-04-07 13:17 - 000000000 ____D C:\Users\Scott\Desktop\DESKTOP Utilities
2018-04-16 08:20 - 2014-01-08 16:37 - 000000000 ____D C:\Users\Scott\Desktop\Ear
2018-04-16 08:20 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\AppCompat
2018-04-16 08:20 - 2009-07-13 19:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-16 08:18 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\registration
2018-04-16 08:14 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\Vss
2018-04-16 08:14 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\system32\spool
2018-04-16 08:08 - 2009-07-13 21:34 - 000000000 ____D C:\Windows\ServiceProfiles
2018-04-16 08:03 - 2009-07-13 19:37 - 000000000 ____D C:\Windows\Help
2018-04-16 08:00 - 2014-04-09 13:20 - 000000000 ____D C:\Users\Scott\Documents\ACT
2018-04-16 08:00 - 2014-04-07 12:59 - 000000000 ____D C:\Users\Scott\Desktop\DESKTOP  Study
2018-04-16 08:00 - 2009-04-03 11:53 - 000000000 ____D C:\Users\Scott\Documents\NewInfo
2018-04-16 07:59 - 2018-02-23 05:15 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Digiarty
2018-04-16 07:59 - 2016-12-20 20:22 - 000000000 ____D C:\Users\Scott\AppData\Local\Skype
2018-04-16 07:59 - 2016-11-21 14:33 - 000000000 ____D C:\ProgramData\Sophos
2018-04-16 07:59 - 2016-01-15 17:52 - 000000000 ____D C:\Users\Scott\AppData\Local\Google
2018-04-16 07:59 - 2014-08-19 07:55 - 000000000 ____D C:\Users\Scott\AppData\Local\VS Revo Group
2018-04-16 07:59 - 2014-04-11 10:04 - 000000000 ____D C:\Users\Scott\AppData\Local\Thunderbird
2018-04-16 07:59 - 2014-04-11 06:22 - 000000000 ____D C:\ProgramData\Adobe
2018-04-16 07:59 - 2014-04-10 16:38 - 000000000 ____D C:\Users\Scott\AppData\Local\Mozilla
2018-04-16 07:59 - 2014-04-10 12:56 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Adobe
2018-04-16 07:59 - 2014-04-09 13:04 - 000000000 ____D C:\ProgramData\Apple Computer
2018-04-16 07:59 - 2014-04-09 13:03 - 000000000 ____D C:\Users\Scott\AppData\LocalLow\Apple Computer
2018-04-16 07:59 - 2009-11-12 11:50 - 000000000 ____D C:\Users\Scott\AppData\Local\Apps\2.0
2018-04-16 07:59 - 2009-07-13 21:52 - 000000000 ____D C:\Program Files\MSBuild
2018-04-14 17:45 - 2011-04-11 19:24 - 000000000 ____D C:\Windows\CSC
2018-04-14 16:44 - 2009-04-02 07:58 - 000000000 ____D C:\Users\Scott\Documents\My Scans
2018-04-14 15:21 - 2014-07-17 18:00 - 000000000 ____D C:\EEK
2018-04-14 15:02 - 2014-07-17 17:44 - 000000000 ____D C:\ProgramData\Emsisoft
2018-04-14 14:21 - 2009-07-13 21:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-04-13 18:05 - 2014-04-10 16:38 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-04-13 15:02 - 2014-04-10 16:38 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-10 13:04 - 2016-11-06 07:39 - 000000000 ____D C:\Users\Scott\Downloads\Redo Delete
2018-04-10 08:07 - 2014-04-10 12:55 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-04-10 08:07 - 2014-04-10 12:55 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-04-10 03:25 - 2014-04-11 06:19 - 000002627 _____ C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
2018-04-09 12:20 - 2016-10-10 12:11 - 000000000 ____D C:\Users\Scott\Desktop\Books NEWEST
2018-04-09 11:57 - 2014-12-09 11:37 - 000000000 ____D C:\Users\Scott\Desktop\Will Rogers
2018-04-08 03:40 - 2009-07-13 21:53 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-07 11:48 - 2014-10-07 12:44 - 000000000 ____D C:\Users\Scott\Desktop\Post
2018-04-04 09:19 - 2014-04-23 08:09 - 000000000 ____D C:\Users\Scott\AppData\Local\CutePDF Writer
2018-03-30 13:26 - 2013-04-12 11:50 - 000000000 ____D C:\Users\Scott\Documents\e-Sword
2018-03-25 19:17 - 2017-06-22 03:35 - 000000000 ____D C:\Program Files\CCleaner
2018-03-24 07:25 - 2018-03-05 15:52 - 000000136 _____ C:\Users\Scott\AppData\Roaming\downloads.json
2018-03-24 07:24 - 2018-03-05 15:49 - 000000000 ____D C:\Users\Scott\Documents\YouTubeDownloads

==================== Files in the root of some directories =======

2018-03-05 15:52 - 2018-03-24 07:25 - 000000136 _____ () C:\Users\Scott\AppData\Roaming\downloads.json
2014-04-11 06:19 - 2014-04-11 06:19 - 000000455 _____ () C:\Users\Scott\AppData\Roaming\dsf.dat
2014-04-11 06:19 - 2018-04-10 03:25 - 000002627 _____ () C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
2014-05-17 22:53 - 2016-07-14 18:20 - 000007602 _____ () C:\Users\Scott\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-18 18:03

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19.04.2018
Ran by Scott (19-04-2018 15:10:43)
Running from C:\Users\Scott\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-04-09 18:07:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4044866103-2329573634-2605357377-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4044866103-2329573634-2605357377-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4044866103-2329573634-2605357377-1002 - Limited - Enabled)
Scott (S-1-5-21-4044866103-2329573634-2605357377-1000 - Administrator - Enabled) => C:\Users\Scott
SM (S-1-5-21-4044866103-2329573634-2605357377-1003 - Administrator - Enabled) => C:\Users\SM

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
. . . (HKLM\...\{679012E8-DFAC-4484-AD14-D08C6FD7FB4B}) (Version: 2.1.28.3 - Intel) Hidden
7-Zip 17.01 beta (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
ACT! 2000 (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\ACT! 2000) (Version:  - )
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\d24084d039586cae) (Version: 8.4.0.5 - Dell)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com)
EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System)
EZ-DUB Finder (HKLM\...\{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON) Hidden
EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON)
Flvto YouTube Downloader (HKLM\...\Flvto YouTube Downloader) (Version: 1.0.9 - Hotger)
Freemake Video Converter version 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Freemake YouTube To MP3 Boom (HKLM\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 21.1 - Intel)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MOBZync (HKLM\...\{417FF61C-66A9-4A76-8AF7-0E3994AC8C31}) (Version: 0.9.2 - MOBZystems)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Potplayer (HKLM\...\PotPlayer) (Version:  - Daum Communications Corp.)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Seagate Manager Installer (HKLM\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com)
Unchecky v1.2 (HKLM\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A3667A92C7}}_is1) (Version:  - windows-movie-maker.org)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll (Google Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01138799-A432-413E-9233-4142970467DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {14A54D07-0B8E-4E6C-BEFB-DEB6A8F28FA3} - System32\Tasks\{33AB1714-0F1F-41BE-AE4D-4CE707FC8AB9} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {16FEA387-FAD4-443A-B4E6-FF988F0C4AE6} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {2793D72D-CFC5-444E-9A9B-8F524FA71D11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {3527F7EE-4B8E-422D-8FEE-5083930043EB} - System32\Tasks\{29D5E377-CE4A-4947-BFE7-6DDD9A5B4E48} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {3C66B5AA-E80B-4D41-AE1B-A079372C78A8} - System32\Tasks\{8C2A7429-5BBC-4A32-ADA5-FE99F091FC16} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {4AD47043-4D67-4F39-91A9-D2CC29BC3ABA} - System32\Tasks\{E9D04DF9-CB1A-4CD2-812C-5092FD85C825} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {5656C4ED-3456-4135-BC27-E175548C6CE5} - System32\Tasks\{44D3594B-D2F9-4834-9AC4-F0DB2A6AF30F} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {57C82026-7C2B-4385-BFC4-A703AC171EDF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {5E143A35-2398-45E0-AA08-747CFD6B4E72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {606E7679-296E-47AD-BEDC-561DB8C5C216} - System32\Tasks\{FEB863AF-49C3-4878-8B79-25D08C06B6B4} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {71C9B795-5C44-45DD-BD07-19F04583060F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {7768604C-8CBC-4A2B-AED0-A4F2024106D8} - System32\Tasks\{3A1EEAA2-E709-4F63-B471-039AB4F070B6} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {82F944B0-DC1B-4832-8854-D074A94AF0F7} - System32\Tasks\{FF244946-B9B9-40C5-963E-7DDF2E841CBD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {8C7185EE-DE6D-4769-9993-D38D6083431A} - System32\Tasks\{4F631F87-16B4-4E00-A335-12B11782D7AD} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {95C85358-9525-40F4-AA85-56630A07C528} - System32\Tasks\{FFF85220-D9CF-419E-B476-7CD90CAF7426} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {9CAD1C03-B916-417B-BE7B-C537DAB00942} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {A1A327C7-552B-4D71-BF2A-39631CCDB3E3} - System32\Tasks\{B9F54951-8F68-4BAD-A9D5-012EB4EAC459} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {B809CE6A-00DF-4AF7-9DC7-606F924952CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {B860E51A-F298-48AF-B95B-4DB83A4F070A} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {BB8E71B2-D43C-4F0F-8962-BAB9883D1A29} - System32\Tasks\{746B6DDB-026D-46DC-BE02-6386A60BB78B} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {D5341DCE-D5E5-4C44-A1AC-0E0F0EBA53EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {D8597A4D-A621-4012-B014-264A1A2A9049} - System32\Tasks\{B68C5D2C-97E0-4176-AE26-74584708E6FD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {D86561A4-68E3-4867-B905-F0487E4BF858} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {DD732DE6-D589-4CD6-86D9-CA5BC8B0ADA6} - System32\Tasks\{C1FEB967-16F4-4ECF-AF9B-26F198453BD9} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {E397C2F9-8ADD-4316-A8FB-7B68F3812912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {EB4ED08B-2D3E-4E89-A94A-AC5A1C3C6FAB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F43C98AE-5690-4997-B5F8-E545FFF6803E} - System32\Tasks\{50D840F2-A880-4AFE-B759-4D2B2B700A7D} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-05-14 08:20 - 2013-10-23 14:23 - 000089136 _____ () C:\Windows\System32\cpwmon2k.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-22 04:39 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-22 04:39 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-22 04:39 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-22 04:39 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-22 04:39 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-06-08 19:04 - 2016-06-08 19:04 - 000117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-04-16 11:58 - 2018-03-27 13:47 - 001912096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-16 11:58 - 2018-03-12 15:09 - 001936672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2005-09-13 19:47 - 2005-09-13 19:47 - 000266240 _____ () C:\Program Files\EZ-DUB\EZ-DUB.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\internet -> internet
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\mcafee.com -> hxxps://mcafee.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\123simsen.com -> www.123simsen.com

There are 7714 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2018-04-19 14:52 - 000001306 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2909F608-F53F-4E85-8B60-3CF0C8602B50}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A93F060F-0771-4EB6-86E8-FC7AC755986D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC30EE5E-E2BD-413C-B10C-DF680BEFE90F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21777E3F-4B64-4367-B448-FFA8EA997095}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{48BF5A3C-9E61-4AE4-88EE-D78D625675F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9B1850DF-4730-478D-9D13-8278359CF2C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{692F9A1F-19C8-4F16-8190-FC7FBE5714FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0ECEB16C-69BA-425A-8C14-7D03024D715F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{41943A4A-5F4C-40AF-B76F-8D636F80DC7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8E528E4E-A129-43AF-9A8E-44541BAA0A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAD116BE-DCE6-4CE8-AF33-4206523429DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E154B2C5-F420-4BA0-88B3-37085D5C462C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A1C9EB16-F72A-4D10-8FC0-ADB0A0D83334}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E814BFAD-499F-4DCF-8264-CFB3E927F226}] => (Allow) LPort=2869
FirewallRules: [{D20238AF-FF53-4DD5-A019-3F56D9D68C0F}] => (Allow) LPort=1900
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

10-04-2018 16:25:11 Windows Update
14-04-2018 16:16:08 Tweaking.com - Windows Repair 2018
14-04-2018 18:01:29 Windows Update
15-04-2018 10:53:25 Restore Operation
16-04-2018 11:03:41 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2018 02:52:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/19/2018 02:19:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/19/2018 11:42:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/19/2018 10:53:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/19/2018 09:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/19/2018 05:36:00 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3784) WebCacheLocal: An attempt to open the file "C:\Users\SM\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/19/2018 05:35:50 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3784) WebCacheLocal: An attempt to open the file "C:\Users\SM\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/19/2018 05:35:40 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3784) WebCacheLocal: An attempt to open the file "C:\Users\SM\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (04/19/2018 02:52:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_DEVIM

Error: (04/19/2018 02:19:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_DEVIM

Error: (04/19/2018 11:42:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_DEVIM

Error: (04/19/2018 10:53:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_DEVIM

Error: (04/19/2018 09:50:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_DEVIM

Error: (04/19/2018 08:10:43 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (04/19/2018 06:02:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (04/19/2018 04:05:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_DEVIM


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 51%
Total physical RAM: 3061.18 MB
Available physical RAM: 1471.3 MB
Total Virtual: 6120.7 MB
Available Virtual: 4673.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:169.79 GB) NTFS
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:166.4 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1174.43 GB) NTFS
Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:5588.9 GB) (Free:19.5 GB) NTFS

\\?\Volume{f29edfd7-c00e-11e3-a285-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7A055C85)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 5589 GB) (Disk ID: 9A983881)

Partition: GPT.

========================================================
Disk: 6 (Size: 1863 GB) (Disk ID: 8A352DED)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.

==================== End of Addition.txt ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP