Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win7 Flashing Hourglass/cursor other problems Trojan in FRST DL [Solve


  • This topic is locked This topic is locked

#1
everythingsm

everythingsm

    Member

  • Member
  • PipPipPip
  • 171 posts

Win7, 32Bit Malwarebytes Premium, Microsoft Essentials,CC Cleaner Free Edition

 

I could not DL a good version of FRST because all three I download starting with the link from GeeksToGo site had a Trojan in it. I had an OLD VERSION of FRST so I ran it and provided the log. I also provided Adw because I ran it and it came up with a file in question C:\Windows\system32\GroupPolicy\User\Registry.pol .

 

I ran MalwareB nothing found. AdwCleaner info below. Ran Mbytes in SafeMode nothing found. Tried to run Sofus I get 1606 error and can not run updated version.

 

First day at the cursor the hourglass comes up and blinks repeatedly. 2nd day same blinking at the cursor and my computer locked up.  I had to shut down with power button. Tried to go into Safe Mode and my CPU locked up and I had to use Power Button to power down then came back up and the system ran a disk check which I believe showed no problems.

2nd  Day tried to run Sofos Virus Removal and I get Error 1606. Could not access network location data. 1st day I could access Sofos and I was running the scan but it was late and I decided to wait until day two to complete the scan now I get this error. Another odd thing When I change file names a DUPLICATE with no data but only a jpeg remains in the folder with the new named file.

 

 

i found after reading and searching the TaskManager

* googleupdate.exe turned off in TaskManager and the Blinking Hourglass goes away.  I set in Startup NOT to Start googleupdate but it starts anyway. I only use google for search engine and I had a copy of Chrome on my system and I deleted that awhile ago. I never had problems with the 3ea google entries until lately. I never saw them in my system before.

 

AdwCleaner

C\Windows\system32\GroupPolicy\User\Registry.pol to remove

 

# AdwCleaner v3.307 - Report created 06/11/2019 at 05:57:39

# Updated 17/08/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

# Username : Scott - SCOTT-PC

# Running from : C:\Users\Scott\Desktop\DESKTOP Utilities\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Windows\system32\GroupPolicy\User\Registry.pol

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.19036

 

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://ixquick.com/

 

-\\ Mozilla Firefox v66.0.4 (x86 en-US)

 

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\txhldk6d.default\prefs.js ]

 

 

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\prefs.js ]

 

 

[ File : C:\Users\SM\AppData\Roaming\Mozilla\Firefox\Profiles\43mkhyks.default\prefs.js ]

 

 

*************************

 

AdwCleaner[R0].txt - [1149 octets] - [20/06/2018 17:26:59]

AdwCleaner[R1].txt - [1168 octets] - [23/08/2018 10:42:56]

AdwCleaner[R2].txt - [1193 octets] - [06/11/2019 05:57:39]

AdwCleaner[S0].txt - [1212 octets] - [20/06/2018 17:56:33]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1313 octets] ##########

 

 

 

 

 

OLD VERSION FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19.04.2018
Ran by Scott (administrator) on SCOTT-PC (07-11-2019 06:05:00)
Running from J:\Seagate Backup\SCOTT-PC\C\Users\Scott\Documents\NewInfo\My Documents\ScottPersonal\Computer\Computer Fix 052518\FRST-OlderVersion
Loaded Profiles: Scott &  (Available Profiles: Scott & SM & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\EZ-DUB\EZ-DUB.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google LLC.) C:\Users\Scott\AppData\Local\Google\Update\Install\{8E467853-7744-42FC-9890-C91DDFBC9468}\GoogleVideoSupportPluginInstaller.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Daum Communications) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Daum Communications) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\microsoft office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\microsoft office\Office12\WINWORD.EXE
(Daum Communications) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035201690\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Policies\Explorer: [NoDriveAutoRun] -1
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\Policies\Explorer: [NoDriveAutoRun] -1
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000.new-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035213988\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000.new-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035213988\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000.new-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035213988\...\Run: [Google Update] => C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
HKU\S-1-5-21-4044866103-2329573634-2605357377-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214173\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EZ-DUB Finder.lnk [2014-04-09]
ShortcutTarget: EZ-DUB Finder.lnk -> C:\Program Files\EZ-DUB\EZ-DUB.exe ()
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C6031F9-D42E-4882-9D5F-83F90B249A56}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ixquick.com/
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ixquick.com/
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111213&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {09533787-AE1B-4686-AD2C-648367BFEF2B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {454575F2-C92B-4CBB-B1F6-3D04AC434B77} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169 -> {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111213&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169 -> {09533787-AE1B-4686-AD2C-648367BFEF2B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169 -> {454575F2-C92B-4CBB-B1F6-3D04AC434B77} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000.new-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035213988 -> {8ED32383-468A-4A24-BDD3-1CF6EFCBCB5F} URL =

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228 [2019-11-07]
FF Homepage: Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228 -> hxxps://www.startpage.com/
FF Extension: (ePUB Reader) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{323353ee-cfbd-4178-9676-85566d98c8b1}.xpi [2019-07-25]
FF Extension: (NoScript) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-04-19]
FF Extension: (ePub to PDF converter) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{8a0f8ab2-8697-4228-a27c-3200e8989ed7}.xpi [2019-07-25]
FF Extension: (Adblock Plus) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-24]
FF Extension: (Baidu Search Update) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\features\{8e7c2858-31be-4289-ba96-b2ade21ea15c}\[email protected] [2019-05-06]
FF Extension: (Firefox Monitor) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\features\{8e7c2858-31be-4289-ba96-b2ade21ea15c}\[email protected] [2019-05-06]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\[email protected] [2019-05-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @talk.google.com/O1DPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169: @talk.google.com/GoogleTalkPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169: @talk.google.com/O1DPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [171928 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2358672 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [188816 2017-12-14] (Dell Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc.)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [30912 2017-12-10] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [30520 2017-12-10] (Dell Computer Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-01-08] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-11-06] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [190624 2019-11-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64296 2019-11-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-11-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [86768 2019-11-07] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKslada68005; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E94387ED-6823-471E-8AF4-A8D7BCEA8303}\MpKslada68005.sys [49504 2019-11-07] (Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [33816 2017-09-11] (Intel Corporation )
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-22] (Ulead Systems, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-07 05:49 - 2019-11-07 05:49 - 000000000 _____ C:\Users\Scott\Downloads\FRST.exe
2019-11-07 05:40 - 2019-11-07 05:41 - 000000000 ____D C:\Users\Scott\Desktop\Esoteric Pictures
2019-11-07 04:40 - 2019-11-07 04:54 - 768791078 _____ C:\Users\Scott\Downloads\dani-jenson-gets-a-cp_1080p.mp4
2019-11-07 04:35 - 2019-11-07 04:50 - 687500431 _____ C:\Users\Scott\Downloads\nicole-aniston-nicole-s-oasis_1080p.mp4
2019-11-07 04:34 - 2019-11-07 04:53 - 738396595 _____ C:\Users\Scott\Downloads\hello-sexy-2_1080p.mp4
2019-11-07 04:27 - 2019-11-07 04:47 - 766467627 _____ C:\Users\Scott\Downloads\hello-sexy-3_1080p.mp4
2019-11-07 04:19 - 2019-11-07 04:48 - 1140851350 _____ C:\Users\Scott\Downloads\hardx-bella-roland-new-to-anal_1080p.mp4
2019-11-07 04:17 - 2019-11-07 04:43 - 1054815631 _____ C:\Users\Scott\Downloads\lubed-winter-jade-soaked-winter_1080p.mp4
2019-11-07 04:16 - 2019-11-07 04:32 - 550628150 _____ C:\Users\Scott\Downloads\exxxtrasmall-aubree-ice6_720p.mp4
2019-11-07 04:13 - 2019-11-07 04:33 - 1167221000 _____ C:\Users\Scott\Downloads\sis-loves-me-indica-flower_1080p.mp4
2019-11-07 04:08 - 2019-11-07 04:13 - 222035127 _____ C:\Users\Scott\Downloads\lara-cumkitten-brutal-zerfickt-und-als-sperma-eimer-b_1080p.mp4
2019-11-07 04:07 - 2019-11-07 04:12 - 244058561 _____ C:\Users\Scott\Downloads\lara-cumkitten-rastplatz-[bleep]-zerfickt-mega-cumshot_1080p.mp4
2019-11-07 04:06 - 2019-11-07 04:11 - 196617593 _____ C:\Users\Scott\Downloads\lara-cumkitten-fickdate-mit-andy-schlampen-matratze_1080p.mp4
2019-11-07 04:05 - 2019-11-07 04:11 - 280558565 _____ C:\Users\Scott\Downloads\lara-cumkitten-fickdate-auf-der-strasse-klargemacht_1080p.mp4
2019-11-07 03:51 - 2019-11-07 03:51 - 000190624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-11-07 03:51 - 2019-11-07 03:51 - 000064296 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-11-07 03:50 - 2019-11-07 03:50 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-07 03:50 - 2019-11-07 03:50 - 000086768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-11-06 07:50 - 2019-11-07 05:23 - 000000000 ____D C:\Users\Scott\Desktop\Problem 110619
2019-11-05 13:04 - 2019-11-05 13:27 - 2044512433 _____ C:\Users\Scott\Downloads\LaSirena69 BB Pierced Nipple Maid Gets [bleep]ed 1080p.mp4
2019-11-05 10:42 - 2019-11-05 15:33 - 895439364 _____ C:\Users\Scott\Downloads\watchmen.s01e01.720p.mp4
2019-11-05 10:09 - 2019-11-05 12:06 - 1442968451 _____ C:\Users\Scott\Downloads\Kali Roses POVD Oil Me Down 1080p.mp4
2019-11-05 10:06 - 2019-11-05 15:44 - 2403321075 _____ C:\Users\Scott\Downloads\Kleio Valentien DeepLush Passionate Moment BIG 1080p.mp4
2019-11-04 13:27 - 2019-11-04 14:14 - 879847232 _____ C:\Users\Scott\Downloads\Kali Roses Familystrokes 1080p.mp4
2019-11-04 13:26 - 2019-11-04 13:55 - 459896502 _____ C:\Users\Scott\Downloads\Kali Roses Teenpies 720p.mp4
2019-11-04 13:22 - 2019-11-04 13:56 - 974168864 _____ C:\Users\Scott\Downloads\Kali Roses JaysPOV Horny teen ss 1080p.mp4
2019-11-04 13:21 - 2019-11-04 14:14 - 1746786822 _____ C:\Users\Scott\Downloads\Kali Roses BB Bangbus 1080p.mp4
2019-11-04 10:58 - 2019-11-04 11:37 - 1934715390 _____ C:\Users\Scott\Downloads\Kali Roses VR Kalifornication 1080p.mp4
2019-11-04 10:57 - 2019-11-04 11:27 - 827166762 _____ C:\Users\Scott\Downloads\Kali Roses WankzVR Taco Tuesday 1080p.mp4
2019-11-04 10:52 - 2019-11-04 11:24 - 1124617366 _____ C:\Users\Scott\Downloads\Kali Roses POV Propertysex Property manager issues 1080p.mp4
2019-11-04 09:38 - 2019-11-04 09:47 - 732902537 _____ C:\Users\Scott\Downloads\Canel Skin Momxxx 1080p.mp4
2019-11-04 09:20 - 2019-11-04 13:28 - 1618962920 _____ C:\Users\Scott\Downloads\Winter Jade POVD Pumped Pussy 1080p.mp4
2019-11-04 08:21 - 2019-11-04 08:49 - 1223223487 _____ C:\Users\Scott\Downloads\LaSirena69 BANG Rammed 1080p.mp4
2019-11-04 08:20 - 2019-11-04 09:08 - 698695612 _____ C:\Users\Scott\Downloads\LaSirena69 MrLuckyPOVsirena A very sexy Halloween 1080p.mp4
2019-11-04 08:02 - 2019-11-04 10:22 - 1009645930 _____ C:\Users\Scott\Downloads\KS-RL Problem.mp4
2019-11-04 07:52 - 2019-11-04 09:44 - 1362304557 _____ C:\Users\Scott\Downloads\Karissa Shannon Absolutely Bootiful In Leggings 1080p.mp4
2019-11-04 07:47 - 2019-11-04 09:15 - 1078639259 _____ C:\Users\Scott\Downloads\Karissa Shannon Sneaky Shannon Silhouette 1080p.mp4
2019-11-04 06:59 - 2019-11-04 07:13 - 1176603672 _____ C:\Users\Scott\Downloads\Angela White VR Knows how to wash your car right 1080p.mp4
2019-11-04 06:51 - 2019-11-04 07:04 - 995783816 _____ C:\Users\Scott\Downloads\Angela White BANG Surprise 1080p.mp4
2019-11-04 06:37 - 2019-11-04 06:43 - 578216470 _____ C:\Users\Scott\Downloads\Angela White VR Your white knight 1080p.mp4
2019-11-01 05:32 - 2019-11-01 06:12 - 1578029512 _____ C:\Users\Scott\Downloads\Dani jensen Pervmom POV  Ginger MILF Dreams 1080p.mp4
2019-11-01 04:24 - 2019-11-01 04:43 - 1170160192 _____ C:\Users\Scott\Downloads\Vina Sky BANG YNGR POV 1080p.mp4
2019-11-01 04:20 - 2019-11-01 04:35 - 919783253 _____ C:\Users\Scott\Downloads\Jessie Lee RawAttack 1080p.mp4
2019-10-30 05:03 - 2019-10-30 05:28 - 1770784386 _____ C:\Users\Scott\Downloads\Winter Jade Dadcrush POV Innapropriate talks with stepdad 1080p.mp4
2019-10-30 05:01 - 2019-10-30 05:19 - 1083796854 _____ C:\Users\Scott\Downloads\Winter Jade Pornfidelity In dreaming of winter 720p.mp4
2019-10-28 09:56 - 2019-10-28 09:56 - 002271416 _____ C:\Users\Scott\Downloads\The_Mystery_of_Oak_Island_Pt-3_Swan_Secrets.pdf
2019-10-28 07:52 - 2019-10-28 08:21 - 1902901452 _____ C:\Users\Scott\Downloads\Sovereign Syre Wildoncam Cherry Pimps 1080p.mp4
2019-10-24 12:38 - 2019-10-24 14:50 - 1310023139 _____ C:\Users\Scott\Downloads\Khloe Kapri VR MSHF 101419 1080p.mp4
2019-10-24 12:34 - 2019-10-24 15:00 - 1739337611 _____ C:\Users\Scott\Downloads\Gia Derza POV Teen Hooker To Come [bleep] Him While His Wife Is Gone 1080.mp4
2019-10-24 12:26 - 2019-10-24 12:33 - 263100594 _____ C:\Users\Scott\Downloads\Gia Derza Cherry Pimps 720p.mp4
2019-10-24 12:25 - 2019-10-24 12:39 - 760900836 _____ C:\Users\Scott\Downloads\Gia Derza VR Fondling Memories  1080p.mp4
2019-10-23 09:02 - 2019-10-23 09:14 - 576252771 _____ C:\Users\Scott\Downloads\Alexa POV Wars 1080p.mp4
2019-10-23 09:01 - 2019-10-23 09:12 - 407227389 _____ C:\Users\Scott\Downloads\Nia Nacci VR One year later 1080p.mp4
2019-10-23 09:00 - 2019-10-23 09:16 - 599674470 _____ C:\Users\Scott\Downloads\Tasha Reign VR Reign Supreme 1080p.mp4
2019-10-23 08:24 - 2019-10-23 08:38 - 981759354 _____ C:\Users\Scott\Downloads\Indica Flower Pornfidelity Free Spirit 720p.mp4
2019-10-23 07:38 - 2019-10-23 08:45 - 1133057219 _____ C:\Users\Scott\Downloads\Kimber Woods Pornfidelity 1080p.mp4
2019-10-23 07:21 - 2019-10-23 09:23 - 882517858 _____ C:\Users\Scott\Downloads\Ryan Conner Scene with Steve Holmes 1080p.mp4
2019-10-23 07:08 - 2019-10-23 11:03 - 1441070657 _____ C:\Users\Scott\Downloads\Ryan Conner Full Service POV #5 1080p.mp4
2019-10-23 04:37 - 2019-10-23 06:34 - 1442028771 _____ C:\Users\Scott\Downloads\Gianna Dior HW1on1 102319 1080p.mp4
2019-10-21 05:05 - 2019-10-20 23:01 - 1928093611 _____ C:\Users\Scott\Downloads\Ava Addams MFHM 102119 1080p.mp4
2019-10-20 08:13 - 2019-10-20 11:05 - 2111671506 _____ C:\Users\Scott\Downloads\Kit Mercer RawAttack.mp4
2019-10-20 08:09 - 2019-10-20 08:23 - 714260743 _____ C:\Users\Scott\Downloads\Kit Mercer MrLuckyPOV Late night [bleep] 1080p.mp4
2019-10-20 07:19 - 2019-10-20 07:32 - 729831088 _____ C:\Users\Scott\Downloads\Abigail Mac MOFOs POV Being Squeezed1080p.mp4
2019-10-20 07:14 - 2019-10-20 07:48 - 2257056221 _____ C:\Users\Scott\Downloads\Kit Mercer WildOnCam CherryPimps 090519 1080p.mp4
2019-10-20 07:03 - 2019-10-20 07:18 - 999325344 _____ C:\Users\Scott\Downloads\September Reighn RawAttack 1080p.mp4
2019-10-18 05:51 - 2019-10-18 06:10 - 235804827 _____ C:\Users\Scott\Downloads\Kaylani Lei Onlyfan Las Vegas Hotel Hard Sex.mp4
2019-10-17 08:24 - 2019-10-17 10:25 - 1484742287 _____ C:\Users\Scott\Downloads\Lauren Phillips POV Lauren’s Anal Training 1080p.mp4
2019-10-17 06:29 - 2019-09-22 18:46 - 1072490240 _____ C:\Users\Scott\Downloads\Olivia Austin POV ss Actual Reality 1080p.mp4
2019-10-17 06:08 - 2019-10-17 08:18 - 949301882 _____ C:\Users\Scott\Downloads\Linzee Ryder POV Always Be Closing 1080p.mp4
2019-10-16 06:32 - 2019-10-16 06:51 - 1121842225 _____ C:\Users\Scott\Downloads\Adira Allure Rawattack POV 1080p.mp4
2019-10-16 06:14 - 2019-10-16 06:30 - 734295492 _____ C:\Users\Scott\Downloads\Aubrey Black Toughlovex POV 1080p.mp4
2019-10-16 06:11 - 2019-10-16 06:33 - 792098810 _____ C:\Users\Scott\Downloads\Evi Rei Blackvalleygirls POV 720p.mp4
2019-10-16 06:11 - 2019-10-16 06:32 - 758414105 _____ C:\Users\Scott\Downloads\Evi Rei Pornfidelity Ebony Teaserporn 720p.mp4
2019-10-16 06:09 - 2019-10-16 06:30 - 1077825421 _____ C:\Users\Scott\Downloads\Julie Cash Cash Grab 1080p.mp4
2019-10-16 05:51 - 2019-10-16 06:05 - 795406709 _____ C:\Users\Scott\Downloads\Kendra Spade LookatHernow 1080p.mp4
2019-10-16 05:49 - 2019-10-16 06:03 - 704775454 _____ C:\Users\Scott\Downloads\Khloe Kapri VR MSHF 101419 1080p SMALL.mp4
2019-10-16 05:29 - 2019-10-15 16:25 - 1766199594 _____ C:\Users\Scott\Downloads\Karma Rx POV I'll [bleep] Who I Want 1080p.mp4
2019-10-14 07:58 - 2019-10-14 07:59 - 043444059 _____ C:\Users\Scott\Downloads\The Ghost in the Machine.pdf
2019-10-14 07:41 - 2019-10-14 07:41 - 021619722 _____ C:\Users\Scott\Downloads\1910__waite___book_of_black_magic_and_pacts.pdf
2019-10-12 07:44 - 2019-10-12 07:57 - 936775036 _____ C:\Users\Scott\Downloads\LaSirena69 Catch Me If You Cam 1080p.mp4
2019-10-12 05:08 - 2019-10-12 05:33 - 1727265629 _____ C:\Users\Scott\Downloads\Olive Glass Pornfidelity The Artist 1080p.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-07 06:05 - 2018-04-17 13:12 - 000000000 ____D C:\FRST
2019-11-07 05:27 - 2009-07-13 20:34 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-07 05:27 - 2009-07-13 20:34 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-07 04:35 - 2014-04-11 05:19 - 000002627 _____ C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
2019-11-07 03:31 - 2016-11-16 02:11 - 000000000 ____D C:\Users\Scott\AppData\LocalLow\Mozilla
2019-11-07 03:26 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-06 13:42 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2019-11-06 07:14 - 2014-08-13 10:38 - 000000000 ____D C:\Windows\pss
2019-11-06 07:06 - 2018-06-20 17:26 - 000000000 ____D C:\AdwCleaner
2019-11-06 06:51 - 2019-07-03 11:34 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-11-03 08:00 - 2018-04-22 04:32 - 000000000 ____D C:\Users\Scott\AppData\Local\CrashDumps
2019-11-03 07:36 - 2010-11-20 13:01 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-01 07:34 - 2014-04-23 07:09 - 000000000 ____D C:\Users\Scott\AppData\Local\CutePDF Writer
2019-10-29 13:24 - 2009-07-13 20:53 - 000032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-10-29 10:50 - 2016-11-06 06:39 - 000000000 ____D C:\Users\Scott\Downloads\Redo Delete
2019-10-24 12:16 - 2016-08-07 12:11 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Anvsoft
2019-10-20 10:00 - 2014-04-09 13:28 - 000000000 ____D C:\Users\Scott\AppData\Roaming\vlc
2019-10-10 08:38 - 2014-10-07 11:44 - 000000000 ____D C:\Users\Scott\Desktop\Post
2019-10-09 05:07 - 2014-04-10 11:55 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-10-09 05:07 - 2014-04-10 11:55 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-10-09 05:07 - 2014-04-10 11:55 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2018-03-05 14:52 - 2018-11-05 04:32 - 000000136 _____ () C:\Users\Scott\AppData\Roaming\downloads.json
2014-04-11 05:19 - 2014-04-11 05:19 - 000000455 _____ () C:\Users\Scott\AppData\Roaming\dsf.dat
2014-04-11 05:19 - 2019-11-07 04:35 - 000002627 _____ () C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
2014-05-17 21:53 - 2018-06-20 09:51 - 000007627 _____ () C:\Users\Scott\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-10-30 11:17

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19.04.2018
Ran by Scott (07-11-2019 06:07:54)
Running from J:\Seagate Backup\SCOTT-PC\C\Users\Scott\Documents\NewInfo\My Documents\ScottPersonal\Computer\Computer Fix 052518\FRST-OlderVersion
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-04-09 18:07:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4044866103-2329573634-2605357377-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4044866103-2329573634-2605357377-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4044866103-2329573634-2605357377-1002 - Limited - Enabled)
Scott (S-1-5-21-4044866103-2329573634-2605357377-1000 - Administrator - Enabled) => C:\Users\Scott
SM (S-1-5-21-4044866103-2329573634-2605357377-1003 - Administrator - Enabled) => C:\Users\SM

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
. . . (HKLM\...\{679012E8-DFAC-4484-AD14-D08C6FD7FB4B}) (Version: 2.1.28.3 - Intel) Hidden
4K Video Downloader 4.4 (HKLM\...\{4E97C234-3F6C-4AA9-BFAF-0166F3050A68}) (Version: 4.4.11.2412 - Open Media LLC)
7-Zip 17.01 beta (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
ACT! 2000 (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\ACT! 2000) (Version:  - )
ACT! 2000 (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\ACT! 2000) (Version:  - )
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.270 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
Any Video Converter 6.2.8 (HKLM\...\Any Video Converter) (Version: 6.2.8 - Anvsoft)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{8BD286A4-87C7-406B-9257-F8D8E6ACB35F}) (Version: 2.1.4.14 - Dell)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com)
EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System)
EZ-DUB Finder (HKLM\...\{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON) Hidden
EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON)
Freemake Video Converter version 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 21.1 - Intel)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MKVToolNix 37.0.0 (32-bit) (HKLM\...\MKVToolNix) (Version: 37.0.0 - Moritz Bunkus)
MOBZync (HKLM\...\{417FF61C-66A9-4A76-8AF7-0E3994AC8C31}) (Version: 0.9.2 - MOBZystems)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 66.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 66.0.4 (x86 en-US)) (Version: 66.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.4 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Potplayer (HKLM\...\PotPlayer) (Version:  - Daum Communications Corp.)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Seagate Manager Installer (HKLM\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com)
Unchecky v1.2 (HKLM\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A3667A92C7}}_is1) (Version:  - windows-movie-maker.org)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214301_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214301_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214301_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214301_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214301_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214301_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214301_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\FileSyncApi.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01138799-A432-413E-9233-4142970467DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {055CA5F0-675D-458E-9819-A757926A19D8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-02-04] (Piriform Software Ltd)
Task: {16FEA387-FAD4-443A-B4E6-FF988F0C4AE6} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {2793D72D-CFC5-444E-9A9B-8F524FA71D11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {2C2CB54E-0339-42F1-BB54-14553B6D61F0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3527F7EE-4B8E-422D-8FEE-5083930043EB} - System32\Tasks\{29D5E377-CE4A-4947-BFE7-6DDD9A5B4E48} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {3C66B5AA-E80B-4D41-AE1B-A079372C78A8} - System32\Tasks\{8C2A7429-5BBC-4A32-ADA5-FE99F091FC16} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {4AD47043-4D67-4F39-91A9-D2CC29BC3ABA} - System32\Tasks\{E9D04DF9-CB1A-4CD2-812C-5092FD85C825} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {55A8CE47-45C6-42F4-8E60-44DB95A1D460} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {5656C4ED-3456-4135-BC27-E175548C6CE5} - System32\Tasks\{44D3594B-D2F9-4834-9AC4-F0DB2A6AF30F} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {5E143A35-2398-45E0-AA08-747CFD6B4E72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {606E7679-296E-47AD-BEDC-561DB8C5C216} - System32\Tasks\{FEB863AF-49C3-4878-8B79-25D08C06B6B4} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {7768604C-8CBC-4A2B-AED0-A4F2024106D8} - System32\Tasks\{3A1EEAA2-E709-4F63-B471-039AB4F070B6} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {82F944B0-DC1B-4832-8854-D074A94AF0F7} - System32\Tasks\{FF244946-B9B9-40C5-963E-7DDF2E841CBD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {8C7185EE-DE6D-4769-9993-D38D6083431A} - System32\Tasks\{4F631F87-16B4-4E00-A335-12B11782D7AD} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {95C85358-9525-40F4-AA85-56630A07C528} - System32\Tasks\{FFF85220-D9CF-419E-B476-7CD90CAF7426} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {9CAD1C03-B916-417B-BE7B-C537DAB00942} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [2019-10-09] (Adobe)
Task: {A1A327C7-552B-4D71-BF2A-39631CCDB3E3} - System32\Tasks\{B9F54951-8F68-4BAD-A9D5-012EB4EAC459} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {A586C56D-020B-41C3-9864-2D1F53101E1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core1d3ee31fee3153 => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {B6B422B1-9A0A-4CFD-9E16-86954AEA5927} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {B809CE6A-00DF-4AF7-9DC7-606F924952CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {B860E51A-F298-48AF-B95B-4DB83A4F070A} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {D5341DCE-D5E5-4C44-A1AC-0E0F0EBA53EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {D8597A4D-A621-4012-B014-264A1A2A9049} - System32\Tasks\{B68C5D2C-97E0-4176-AE26-74584708E6FD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {D86561A4-68E3-4867-B905-F0487E4BF858} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-10-09] (Adobe)
Task: {E397C2F9-8ADD-4316-A8FB-7B68F3812912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {EB4ED08B-2D3E-4E89-A94A-AC5A1C3C6FAB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {EB9AABAD-A564-4055-AE59-870994CE7889} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {F43C98AE-5690-4997-B5F8-E545FFF6803E} - System32\Tasks\{50D840F2-A880-4AFE-B759-4D2B2B700A7D} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {F77D9B1B-3B6B-4171-AE23-6E2726E2B81E} - System32\Tasks\{5BF74C34-4AFD-43FA-A983-8364BA8DB453} => C:\Windows\system32\pcalua.exe -a C:\Users\Scott\Downloads\SupportAssistLauncher(1).exe -d C:\Users\Scott\Downloads
Task: {FED05C45-ECF3-4391-909C-0A43E4AD7866} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-05-14 07:20 - 2013-10-23 13:23 - 000089136 _____ () C:\Windows\System32\cpwmon2k.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 000087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 001242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-22 03:39 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-22 03:39 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-22 03:39 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-22 03:39 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-22 03:39 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2005-09-13 18:47 - 2005-09-13 18:47 - 000266240 _____ () C:\Program Files\EZ-DUB\EZ-DUB.exe
2019-07-03 11:33 - 2019-05-30 07:56 - 002360664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-07-03 11:33 - 2019-06-21 05:30 - 002239848 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 000756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2016-04-27 17:04 - 2016-04-27 17:04 - 004465664 _____ () C:\Program Files\DAUM\PotPlayer\Module\OpenCodec\OpenCodecUnity.dll
2014-05-28 19:40 - 2014-05-28 19:40 - 009655296 _____ () C:\Program Files\DAUM\PotPlayer\ffcodec.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\internet -> internet
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\mcafee.com -> hxxps://mcafee.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\123simsen.com -> www.123simsen.com

There are 7714 more sites.

IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\internet -> internet
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\mcafee.com -> hxxps://mcafee.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\...\123simsen.com -> www.123simsen.com

There are 7714 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2019-11-07 03:26 - 000001306 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035202169\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000.new-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035213988\Control Panel\Desktop\\Wallpaper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4044866103-2329573634-2605357377-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214173\Control Panel\Desktop\\Wallpaper -> C:\Users\SM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4044866103-2329573634-2605357377-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11072019035214301\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Google Update => C:\Users\Scott\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2909F608-F53F-4E85-8B60-3CF0C8602B50}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A93F060F-0771-4EB6-86E8-FC7AC755986D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC30EE5E-E2BD-413C-B10C-DF680BEFE90F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21777E3F-4B64-4367-B448-FFA8EA997095}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{48BF5A3C-9E61-4AE4-88EE-D78D625675F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9B1850DF-4730-478D-9D13-8278359CF2C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{692F9A1F-19C8-4F16-8190-FC7FBE5714FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0ECEB16C-69BA-425A-8C14-7D03024D715F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{41943A4A-5F4C-40AF-B76F-8D636F80DC7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8E528E4E-A129-43AF-9A8E-44541BAA0A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAD116BE-DCE6-4CE8-AF33-4206523429DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E154B2C5-F420-4BA0-88B3-37085D5C462C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A1C9EB16-F72A-4D10-8FC0-ADB0A0D83334}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E814BFAD-499F-4DCF-8264-CFB3E927F226}] => (Allow) LPort=2869
FirewallRules: [{D20238AF-FF53-4DD5-A019-3F56D9D68C0F}] => (Allow) LPort=1900
FirewallRules: [{A950C91D-A62F-4BA1-BB8C-1C9714F08962}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{24EE453D-ED9E-42B7-895F-7251D40059D9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

06-11-2019 17:58:04 Scheduled Checkpoint
07-11-2019 05:30:33 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2019 06:10:59 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC)
Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/07/2019 06:10:54 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC)
Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/07/2019 06:10:51 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC)
Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/07/2019 06:10:49 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC)
Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/07/2019 06:10:45 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC)
Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/07/2019 06:10:40 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC)
Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/07/2019 06:10:16 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC)
Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/07/2019 06:10:14 AM) (Source: MsiInstaller) (EventID: 11404) (User: Scott-PC)
Description: Product: Google Talk Plugin -- Error 1404. Could not delete key \Software\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\Control.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.


System errors:
=============
Error: (11/06/2019 07:17:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/06/2019 07:17:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/06/2019 07:04:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/06/2019 07:03:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (11/06/2019 06:52:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dell Data Vault Service API service depends on the Dell Data Vault Collector service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/06/2019 06:51:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/06/2019 06:51:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/06/2019 06:51:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 82%
Total physical RAM: 3061.18 MB
Available physical RAM: 545.49 MB
Total Virtual: 6120.71 MB
Available Virtual: 2716.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:81.18 GB) NTFS
Drive j: (Seagate Backup Plus Drive ) (Fixed) (Total:1863.01 GB) (Free:511.19 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:177.65 GB) NTFS
Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:5588.9 GB) (Free:1057.39 GB) NTFS
Drive m: (SCOTT'S NAN) (Removable) (Total:7.34 GB) (Free:0.23 GB) FAT32

\\?\Volume{f29edfd7-c00e-11e3-a285-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7A055C85)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 5589 GB) (Disk ID: 9A983881)

Partition: GPT.

========================================================
Disk: 6 (Size: 1863 GB) (Disk ID: 8A352DED)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 8.

==================== End of Addition.txt ============================

 

 

 

 

Thanks for Your Help

 

Attached Thumbnails

  • FRSTtrojanGeek.JPG
  • FRSTtrojanInDL.JPG

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,246 posts

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 
 
Temporarily disable Spybot:
 
To disable Live Protection:

  • Open Spybot by right-clicking on the Spybot icon and clicking “Run as administrator”.
  • Click on the Live Protection status in the Start Center.
  • This will open the Live Protection Settings window.
  • Untick the checkbox beside “Scan all programs before they start”.

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

RKill can be downloaded from the following location:

http://www.bleepingc...download/rkill/

A report, rkill.log will be created in the root directory, usualy C:\. Post that report on your next reply
 
Once you have ran Rkill, lets try to run FRST:
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click FRST(64) and select Run as administrator.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

  • 0

#3
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Hi,

Thanks for your help and instructions. I’m going to follow  your instructions and I do have a question. Why when I tried to run FRST (version from Geekto go and other sites ) did my version DL show there was a Trojan (per my attachments) attached in the DL ??? I will follow your instruction but I’m tentative before trying FRST due to not knowing the above question's answer ???

 

*

 I tried to remove 2ea Programs before you responded to my Thread. Dell Support Assist (this program I have seen now on a regular basis will pop up in my Task Manager and just start running.. it's not scheduled to run). Google Talk Plugin (Some how I was on google page and the option for Voice came up and I’m guessing it got loaded on my system… I now have 2ea Files in Programs the original 2016 and now a NEW Copy date current 2019). I will not make any additional moves without your direction. Neither of these programs were removed as I tried to Uninstall.

 

I tried to disable Spybot “Scan all Programs before Start” could not find what you asked for so I provided an attachment for Settings.

 

The first time I tried to run Rkill error message. I got it to run and have provided the attachment.

 

I still cannot run FRST. Essentials cleans the file and moves it from my DL area... Event Viewer jpeg provided.

 

Why can't I run FRST ? Are these false positives for a Trojan or all of these links infected ???

 

 

Attached Thumbnails

  • RKill.JPG
  • EventViewer.JPG
  • Spybot.JPG

Attached Files


  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,246 posts

I will contact FRST developer.

 

Remove both, Spybot and Microsoft Essentials for the time being.

 

Open an Administrator Command prompt (Type CMD on the search line and once CMD.exe is found, press CTRL+SHIFT+ENTER)

 

Type the following command and press Enter:

DISM /Online /Cleanup-Image /ScanHealth

If a corruption is found, please time the following command and press Enter

DISM /Online /Cleanup-Image /RestoreHealth

In any case, also type the following command and press Enter:

SFC /ScanNow

If successful type the following and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%"\Desktop\sfcdetails.txt

Type Exit and press Enter to leave the prompt.

This will create a file on your desktop, sfcdetails.txt. Please post its contents in a reply.

Let me know any error you may experience with this.
 


  • 0

#5
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

I will contact FRST developer.

 

Remove both, Spybot and Microsoft Essentials for the time being.

 

If you mean to Uninstall Spybot & Essentials I would rather not at this time. There is too much time in between our communications and I must use this system right now and I do not feel safe without Essentials and working on this system especially since it's said it's caught Six Trojans. I need to know why FRST can't run ?

 

 

Open an Administrator Command prompt (Type CMD on the search line and once CMD.exe is found, press CTRL+SHIFT+ENTER)

 

Type the following command and press Enter:

DISM /Online /Cleanup-Image /ScanHealth

 

 

Ran multiple times. The first time I ran and typed in all letters and then i ran by Copy/Plaste. I have Incuded all attachments.


If a corruption is found, please time the following command and press Enter

DISM /Online /Cleanup-Image /RestoreHealth

 

 

Attachment included.


In any case, also type the following command and press Enter:

SFC /ScanNow

If successful type the following and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%"\Desktop\sfcdetails.txt

Type Exit and press Enter to leave the prompt.

This will create a file on your desktop, sfcdetails.txt. Please post its contents in a reply.

 

 

All completed Attachments included.


Let me know any error you may experience with this.

 

 

87 was the only error I saw. I belive the google entries at Startup may be frauds. Once this files starts I have the Cursor hourglass problem then I turn process off in TaskManager and the problem goes away, I believe  something is in my system starting this creating this google entrie and blocking FRST ... just my thoughts.

 

 

Thanks for your help.

 

 

Attached Thumbnails

  • Six Trojans.JPG
  • DISM Online Cleanup-Image ScanHealth.JPG
  • CopyPaste.JPG
  • Third time ScanHealth.JPG
  • Tried RESTOREHEALTH.JPG
  • SFC ScanNow.JPG

Attached Files


  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,246 posts

Lets check your disk for errors.

 

Open an Administrator Command prompt. At the prompt type the following and press Enter:

 

CHKDSK /R

 

Since the drive will be on use, you will be asked to schedule CHKDSK on the next boot. Select Yes and restart the computer.

 

Se if you can obtain a screenshot  of the window and post it for my review.

 

You can also run CHKDSK in the Recovery Console as follows:

 

Enter the System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
     
  • Type in the following and press Enter.
    .

    bcdedit | find "osdevice"

  • Note the osdevice partition letter, then type.

    CHKDSK X: /R

  • Where X is the osdevice letter, and press Enter
  • The tool will start to run.

See if you can send me a photograph of the results on screen.

 

Upon finished, type exit and press Enter. Restart the computer

Let me know if that makes a difference.

 


  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,246 posts

Please update your essential definitions:

 

https://www.microsof...defenderupdates


  • 0

#8
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Had some good news Tried FRST again and I was able to DL and run. I did not do any of the repair yet I want you to look at logs that are coming.


Edited by everythingsm, 11 November 2019 - 12:06 PM.

  • 0

#9
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Tried to attach Additional but I don't see it ?


  • 0

#10
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

FRST.Txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2019
Ran by Scott (administrator) on SCOTT-PC (Dell Inc. Inspiron 530s) (11-11-2019 11:19:04)
Running from C:\Users\Scott\Desktop
Loaded Profiles: Scott (Available Profiles: Scott & SM & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\EZ-DUB\EZ-DUB.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Daum Communications Corp. -> Daum Communications) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
(Daum Communications Corp. -> Daum Communications) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
(Daum Communications Corp. -> Daum Communications) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel® Software Development Products -> ) C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Seagate Technology, LLC -> Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Ulead Systems, Inc.) [File not signed] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.) [File not signed]
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate Technology, LLC -> Seagate LLC)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc. -> Apple Inc.)
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Policies\Explorer: [NoDriveAutoRun] -1
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EZ-DUB Finder.lnk [2014-04-09]
ShortcutTarget: EZ-DUB Finder.lnk -> C:\Program Files\EZ-DUB\EZ-DUB.exe () [File not signed]
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01138799-A432-413E-9233-4142970467DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-15] (Google Inc -> Google Inc.)
Task: {16FEA387-FAD4-443A-B4E6-FF988F0C4AE6} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1328392 2016-03-17] (Intel® Software -> Intel Corporation)
Task: {2793D72D-CFC5-444E-9A9B-8F524FA71D11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {3527F7EE-4B8E-422D-8FEE-5083930043EB} - System32\Tasks\{29D5E377-CE4A-4947-BFE7-6DDD9A5B4E48} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [9777040 2012-09-09] (Apple Inc. -> Apple Inc.)
Task: {3C66B5AA-E80B-4D41-AE1B-A079372C78A8} - System32\Tasks\{8C2A7429-5BBC-4A32-ADA5-FE99F091FC16} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {4AD47043-4D67-4F39-91A9-D2CC29BC3ABA} - System32\Tasks\{E9D04DF9-CB1A-4CD2-812C-5092FD85C825} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {5656C4ED-3456-4135-BC27-E175548C6CE5} - System32\Tasks\{44D3594B-D2F9-4834-9AC4-F0DB2A6AF30F} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {5E143A35-2398-45E0-AA08-747CFD6B4E72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1045720 2015-09-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {5E82797A-DA1F-4045-815B-88463B45E870} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {606E7679-296E-47AD-BEDC-561DB8C5C216} - System32\Tasks\{FEB863AF-49C3-4878-8B79-25D08C06B6B4} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [9777040 2012-09-09] (Apple Inc. -> Apple Inc.)
Task: {6A4D1CEF-E086-4A5E-B44F-0864B4192078} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [192704 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {7768604C-8CBC-4A2B-AED0-A4F2024106D8} - System32\Tasks\{3A1EEAA2-E709-4F63-B471-039AB4F070B6} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {82F944B0-DC1B-4832-8854-D074A94AF0F7} - System32\Tasks\{FF244946-B9B9-40C5-963E-7DDF2E841CBD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {8C7185EE-DE6D-4769-9993-D38D6083431A} - System32\Tasks\{4F631F87-16B4-4E00-A335-12B11782D7AD} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {95C85358-9525-40F4-AA85-56630A07C528} - System32\Tasks\{FFF85220-D9CF-419E-B476-7CD90CAF7426} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {9CAD1C03-B916-417B-BE7B-C537DAB00942} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-09] (Adobe Inc. -> Adobe)
Task: {A1A327C7-552B-4D71-BF2A-39631CCDB3E3} - System32\Tasks\{B9F54951-8F68-4BAD-A9D5-012EB4EAC459} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {A586C56D-020B-41C3-9864-2D1F53101E1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core1d3ee31fee3153 => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-15] (Google Inc -> Google Inc.)
Task: {B6B422B1-9A0A-4CFD-9E16-86954AEA5927} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [38872 2018-02-14] (Dell Inc. -> Dell Inc.)
Task: {B809CE6A-00DF-4AF7-9DC7-606F924952CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {B860E51A-F298-48AF-B95B-4DB83A4F070A} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {D5341DCE-D5E5-4C44-A1AC-0E0F0EBA53EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [5753752 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
Task: {D8597A4D-A621-4012-B014-264A1A2A9049} - System32\Tasks\{B68C5D2C-97E0-4176-AE26-74584708E6FD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {D86561A4-68E3-4867-B905-F0487E4BF858} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe Inc. -> Adobe)
Task: {E397C2F9-8ADD-4316-A8FB-7B68F3812912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-15] (Google Inc -> Google Inc.)
Task: {EB4ED08B-2D3E-4E89-A94A-AC5A1C3C6FAB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [6193080 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
Task: {F43C98AE-5690-4997-B5F8-E545FFF6803E} - System32\Tasks\{50D840F2-A880-4AFE-B759-4D2B2B700A7D} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {F77D9B1B-3B6B-4171-AE23-6E2726E2B81E} - System32\Tasks\{5BF74C34-4AFD-43FA-A983-8364BA8DB453} => C:\Windows\system32\pcalua.exe -a C:\Users\Scott\Downloads\SupportAssistLauncher(1).exe -d C:\Users\Scott\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-4044866103-2329573634-2605357377-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-4044866103-2329573634-2605357377-1000] => localhost:21320
AutoConfigURL: [S-1-5-21-4044866103-2329573634-2605357377-1000] => localhost:21320
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3C6031F9-D42E-4882-9D5F-83F90B249A56}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1localhost:21320

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ixquick.com/
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111213&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {09533787-AE1B-4686-AD2C-648367BFEF2B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000 -> {454575F2-C92B-4CBB-B1F6-3D04AC434B77} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228 [2019-11-11]
FF DownloadDir: C:\Users\Scott\Downloads
FF Homepage: Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228 -> hxxps://www.startpage.com/
FF Extension: (ePUB Reader) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{323353ee-cfbd-4178-9676-85566d98c8b1}.xpi [2019-07-25]
FF Extension: (NoScript) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-04-19]
FF Extension: (ePub to PDF converter) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{8a0f8ab2-8697-4228-a27c-3200e8989ed7}.xpi [2019-07-25]
FF Extension: (Adblock Plus) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-24]
FF Extension: (Baidu Search Update) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\features\{8e7c2858-31be-4289-ba96-b2ade21ea15c}\[email protected] [2019-05-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-09] (Adobe Inc. -> )
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] (Apple Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @talk.google.com/O1DPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2018-04-16]
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npo1d.dll [2018-04-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [171928 2017-12-14] (Dell Inc -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2358672 2017-12-14] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [188816 2017-12-14] (Dell Inc -> Dell Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] (Intel® Software Development Products -> )
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology, LLC -> Seagate Technology LLC)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc. -> Dell Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] (Intel® Software Development Products -> )
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] (Intel® Software Development Products -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [30912 2017-12-10] (Techporch Incorporated -> Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [30520 2017-12-10] (Techporch Incorporated -> Dell Computer Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [190624 2019-11-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64296 2019-11-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-11-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [86768 2019-11-11] (Malwarebytes Corporation -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [33816 2017-09-11] (Intel® Intel Network Drivers -> Intel Corporation )
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [22656 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-22] (Ulead Systems, Inc.) [File not signed]
R3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-11 11:19 - 2019-11-11 11:21 - 000037323 _____ C:\Users\Scott\Desktop\FRST.txt
2019-11-11 08:30 - 2019-11-11 08:30 - 000190624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-11-11 08:30 - 2019-11-11 08:30 - 000064296 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-11-11 08:29 - 2019-11-11 08:29 - 000086768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-11-11 08:28 - 2019-11-11 08:28 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-11 08:22 - 2019-11-11 08:22 - 001989120 _____ (Farbar) C:\Users\Scott\Desktop\FRST.exe
2019-11-09 10:36 - 2019-11-09 10:35 - 000001306 ____R C:\Windows\system32\Drivers\etc\hosts.20191109-103655.backup
2019-11-09 10:35 - 2019-11-09 10:34 - 000001306 ____R C:\Windows\system32\Drivers\etc\hosts.20191109-103550.backup
2019-11-09 10:34 - 2019-11-09 05:46 - 000001306 _____ C:\Windows\system32\Drivers\etc\hosts.20191109-103445.backup
2019-11-07 05:40 - 2019-11-07 05:41 - 000000000 ____D C:\Users\Scott\Desktop\Esoteric Pictures
2019-11-06 07:50 - 2019-11-11 10:35 - 000000000 ____D C:\Users\Scott\Desktop\Problem 110619

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-11 11:21 - 2018-04-17 13:12 - 000000000 ____D C:\FRST
2019-11-11 10:10 - 2019-08-20 08:14 - 000000000 ____D C:\Users\Scott\Desktop\+Most Resent
2019-11-11 10:09 - 2016-10-10 11:11 - 000000000 ____D C:\Users\Scott\Desktop\Books NEWEST
2019-11-11 09:27 - 2009-07-13 20:34 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-11 09:27 - 2009-07-13 20:34 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-11 08:54 - 2018-04-22 04:32 - 000000000 ____D C:\Users\Scott\AppData\Local\CrashDumps
2019-11-11 07:10 - 2010-11-20 13:01 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-11 07:10 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2019-11-11 04:42 - 2014-04-11 05:19 - 000002627 _____ C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
2019-11-11 04:10 - 2016-11-16 02:11 - 000000000 ____D C:\Users\Scott\AppData\LocalLow\Mozilla
2019-11-11 04:05 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-09 09:33 - 2014-04-13 12:43 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-11-07 10:36 - 2019-07-03 11:34 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-11-07 09:35 - 2015-11-28 07:29 - 000000000 ____D C:\Users\Scott\Downloads\OLD
2019-11-07 07:54 - 2012-10-18 17:59 - 000000000 ____D C:\temp
2019-11-07 07:53 - 2018-03-25 18:17 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-11-07 07:53 - 2017-06-22 02:35 - 000000000 ____D C:\Program Files\CCleaner
2019-11-07 07:25 - 2018-05-12 07:06 - 000000000 ____D C:\Program Files\Dell
2019-11-07 07:24 - 2018-05-12 07:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-11-06 07:14 - 2014-08-13 10:38 - 000000000 ____D C:\Windows\pss
2019-11-06 07:06 - 2018-06-20 17:26 - 000000000 ____D C:\AdwCleaner
2019-11-05 10:01 - 2018-05-17 14:47 - 000003240 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core1d3ee31fee3153
2019-11-05 10:01 - 2016-01-15 16:52 - 000003512 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000UA
2019-11-01 07:34 - 2014-04-23 07:09 - 000000000 ____D C:\Users\Scott\AppData\Local\CutePDF Writer
2019-10-29 13:24 - 2009-07-13 20:53 - 000032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-10-29 10:50 - 2016-11-06 06:39 - 000000000 ____D C:\Users\Scott\Downloads\Redo Delete
2019-10-24 12:16 - 2016-08-07 12:11 - 000000000 ____D C:\Users\Scott\AppData\Roaming\Anvsoft
2019-10-20 10:00 - 2014-04-09 13:28 - 000000000 ____D C:\Users\Scott\AppData\Roaming\vlc

==================== Files in the root of some directories ========

2018-03-05 14:52 - 2018-11-05 04:32 - 000000136 _____ () C:\Users\Scott\AppData\Roaming\downloads.json
2014-04-11 05:19 - 2014-04-11 05:19 - 000000455 _____ () C:\Users\Scott\AppData\Roaming\dsf.dat
2014-04-11 05:19 - 2019-11-11 04:42 - 000002627 _____ () C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
2014-05-17 21:53 - 2018-06-20 09:51 - 000007627 _____ () C:\Users\Scott\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-09 07:46
==================== End of FRST.txt ========================

 

 

Attached Files


  • 0

#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,246 posts

Our experts contacted Microsoft and submitted a copy of FRST, as it was a false positive. Once the definitions are updated, FRST should not be detected as malware.

  • Highlight the entire content of the quote box below.

Start::
CloseProcesses:
FirewallRules: [{E814BFAD-499F-4DCF-8264-CFB3E927F226}] => (Allow) LPort=2869
FirewallRules: [{D20238AF-FF53-4DD5-A019-3F56D9D68C0F}] => (Allow) LPort=1900
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google Inc -> Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google Inc -> Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
MSCONFIG\startupreg: Google Update => C:\Users\Scott\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
HOSTS:
CMD: fltmc instances
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Update and Run Malwarebytes Antimalware:

 

screenshot-1.png

  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program.
  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
  • You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

  • 0

#12
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

TY and all that helped confirm the situation with FRST. Things looking better ... no google entries in TaskManager Processes and the Cursor Hourglass blinking seems to be gone. All reports included.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 10-11-2019
Ran by Scott (12-11-2019 10:40:47) Run:1
Running from C:\Users\Scott\Desktop
Loaded Profiles: Scott (Available Profiles: Scott & SM & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
FirewallRules: [{E814BFAD-499F-4DCF-8264-CFB3E927F226}] => (Allow) LPort=2869
FirewallRules: [{D20238AF-FF53-4DD5-A019-3F56D9D68C0F}] => (Allow) LPort=1900
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
FF Plugin HKU\S-1-5-21-4044866103-2329573634-2605357377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google Inc -> Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google Inc -> Google)
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
MSCONFIG\startupreg: Google Update => C:\Users\Scott\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
HOSTS:
CMD: fltmc instances
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:

*****************

Processes closed successfully.

 

 

 

 

 

# AdwCleaner v3.307 - Report created 12/11/2019 at 11:01:28
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Scott - SCOTT-PC
# Running from : C:\Users\Scott\Desktop\DESKTOP Utilities\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\system32\GroupPolicy\User\Registry.pol

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.19036

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v66.0.4 (x86 en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\txhldk6d.default\prefs.js ]


[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ga1mnb9r.default-1435092364228\prefs.js ]


[ File : C:\Users\SM\AppData\Roaming\Mozilla\Firefox\Profiles\43mkhyks.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1149 octets] - [20/06/2018 17:26:59]
AdwCleaner[R1].txt - [1168 octets] - [23/08/2018 10:42:56]
AdwCleaner[R2].txt - [1393 octets] - [06/11/2019 05:57:39]
AdwCleaner[R3].txt - [1453 octets] - [06/11/2019 07:04:11]
AdwCleaner[R4].txt - [1513 octets] - [12/11/2019 10:56:34]
AdwCleaner[S0].txt - [1212 octets] - [20/06/2018 17:56:33]
AdwCleaner[S1].txt - [1416 octets] - [12/11/2019 11:01:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1476 octets] ##########
 

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/12/19
Scan Time: 11:14 AM
Log File: 9681017a-0580-11ea-a1d2-0024e80181a9.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.13295
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 288453
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 26 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

Thanks


  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,246 posts
Congratulations.

Please use this application to remove quarantined items:

Please download KpRm by Kernel-panik and save to your Desktop.
  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools

  • Click the "Run" button.
83d04018-47a2-5dbd-b805-0bc0ce2992aa.png
  • When the tool has finished, it will create and open a log report and delete itself.
Here are some suggestions:

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system.Keeping your programs up-to-date

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :Best regards :)
  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,246 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP