laptop very slow since reinstall

Collapse
X
Collapse
 
  • Page of 3
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • Loosie
    PCHF Member
    • Feb 2017
    • 97
    #1

    laptop very slow since reinstall

    Hi I have a Dell E4300 running Windows 7 Pro. It had Win 7(not sure of version) & running fine but tried to do a free upgrade but it crashed & I had to do a whole clean reinstall at the start of the year. Ever since then it’s been slow & ‘sticky’ with everything. It also overheats more than it did before, although I have the power set at 80% ATM, because that is a gen problem with these laptops I have learned. I have Avira virus program & Malwarebytes.
    Below are the FRST & aswMBR scan logs;


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
    [/quote]

    Ran by Anya (administrator) on ANYA-PC (01-03-2017 11:57:39)
    Running from C:\Users\Anya\Desktop\PC prework
    Loaded Profiles: Anya (Available Profiles: Anya)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
    (Toolwiz) C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Toolwiz.com) C:\Program Files (x86)\ToolwizCareFree\ToolwizTools.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
    (dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
    (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
    (Microsoft Corporation) C:\Windows\System32\calc.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
    HKLM-x32...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
    HKU\S-1-5-21-3010178862-2183218474-3834878404-1000...\Run: [ToolwizCareFree] => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [5274328 2017-01-08] (Toolwiz)
    HKU\S-1-5-21-3010178862-2183218474-3834878404-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
    GroupPolicy: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
    Tcpip..\Interfaces{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: [DhcpNameServer] 10.0.0.138
    Tcpip..\Interfaces{4C627B19-BC24-470C-A374-BA04D5043EF9}: [DhcpNameServer] 192.168.42.129
    [HEADING=1]Internet Explorer:[/HEADING]
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138
    HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp10_adw_hp
    SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 → DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms }
    SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 → {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms }
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    [HEADING=1]FireFox:[/HEADING]
    FF DefaultProfile: dolfqtls.default
    FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default [2017-03-01]
    FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default → mail.yahoo.com
    FF Session Restore: Mozilla\Firefox\Profiles\dolfqtls.default → is enabled.
    FF Extension: (Avira Browser Safety) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\Extensions\abs@avira.com.xpi [2017-02-09]
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\features{ce52f54d-0d9c-4224-b2d6-5d5791543a5a}\disableSHA1rollout@mozilla.org.xpi [2017-02-27]
    FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_ 221.dll [2017-02-17] ()
    FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_ 221.dll [2017-02-17] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
    FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
    [HEADING=1]Chrome:[/HEADING]
    CHR HKLM...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
    R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-04] (SurfRight B.V.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
    R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-03-01] (Malwarebytes)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-01 11:54 - 2017-03-01 11:57 - 00000000 ___DC C:\FRST
    2017-03-01 11:49 - 2017-03-01 11:57 - 00000000 ___DC C:\Users\Anya\Desktop\PC prework
    2017-03-01 10:22 - 2017-02-27 15:02 - 00697053 ____C C:\Users\Anya\Documents\stock%20crate%20needs.doc_ 1.odt
    2017-03-01 09:28 - 2017-03-01 11:14 - 00110536 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-03-01 09:28 - 2017-03-01 11:14 - 00081696 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-03-01 09:28 - 2017-03-01 11:14 - 00043968 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-03-01 09:28 - 2017-03-01 11:13 - 00251848 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-03-01 09:28 - 2017-03-01 09:28 - 00176584 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Malwarebytes
    2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\Program Files\Malwarebytes
    2017-03-01 09:27 - 2017-01-20 07:47 - 00077416 ____C C:\Windows\system32\Drivers\mbae64.sys
    2017-03-01 09:14 - 2017-03-01 09:14 - 00002786 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
    2017-03-01 09:14 - 2017-03-01 09:14 - 00000822 ____C C:\Users\Public\Desktop\CCleaner.lnk
    2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\Program Files\CCleaner
    2017-03-01 09:13 - 2017-03-01 09:14 - 55566792 ____C (Malwarebytes ) C:\Users\Anya\Downloads\mb3-setup-consumer-3.0.6.1469.exe
    2017-03-01 08:53 - 2017-03-01 08:54 - 09261616 ____C (Piriform Ltd) C:\Users\Anya\Downloads\ccsetup527.exe
    2017-02-27 10:22 - 2017-02-27 10:22 - 01961016 ____C C:\Users\Anya\Downloads\Ramblings 3 - February 21st 2017.pdf
    2017-02-26 22:52 - 2017-02-26 22:52 - 01793086 ____C C:\Users\Anya\Downloads\14475841_975050299290299_6 153463609927139328_n.mp4
    2017-02-22 19:16 - 2017-02-22 19:16 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017(1).pdf
    2017-02-22 18:58 - 2017-02-22 18:58 - 00100877 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39(1). pdf
    2017-02-22 18:58 - 2017-02-22 18:58 - 00100875 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39.pdf
    2017-02-22 18:56 - 2017-02-22 18:56 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017.pdf
    2017-02-21 21:46 - 2017-02-24 21:16 - 00047120 ____C C:\Users\Anya\Documents\My Places.kmz
    2017-02-20 13:47 - 2017-02-20 13:47 - 00543652 ____C C:\Users\Anya\Downloads\parknotesnourlangie.pdf
    2017-02-17 20:15 - 2017-02-17 20:15 - 00000000 ___DC C:\Program Files (x86)\Windows Resource Kits
    2017-02-17 20:11 - 2017-02-17 20:11 - 00002130 ____C C:\Users\Anya\Downloads\reset_fp.zip
    2017-02-17 20:05 - 2017-02-17 20:05 - 00379392 ____C C:\Users\Anya\Downloads\subinacl.msi
    2017-02-16 22:02 - 2017-02-16 22:03 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
    2017-02-14 23:35 - 2017-02-14 23:35 - 00000000 ___DC C:\Windows\System32\Tasks\Games
    2017-02-14 21:44 - 2017-02-14 21:44 - 00000000 ___DC C:\Program Files (x86)\Driver Detective
    2017-02-13 16:48 - 2017-02-13 16:50 - 01325535 ____C C:\Users\Anya\Downloads\Ramblings 1a - February 7th 2017.pdf
    2017-02-12 23:43 - 2017-02-12 23:43 - 00248541 ____C C:\Users\Anya\Downloads\FlashBrowserVersion.pdf
    2017-02-10 10:01 - 2017-02-10 10:01 - 00327713 ____C C:\Users\Anya\Downloads\109.full.pdf
    2017-02-10 10:01 - 2017-02-10 10:01 - 00213450 ____C C:\Users\Anya\Downloads\ARRT_Std_Terms.pdf
    2017-02-09 12:09 - 2017-02-09 12:09 - 00562254 ____C C:\Users\Anya\Downloads\pdf2doc.zip
    2017-02-09 11:56 - 2017-02-09 11:56 - 00118501 ____C C:\Users\Anya\Downloads\R Oosthuizen Response.pdf
    2017-02-08 09:55 - 2017-03-01 11:54 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
    2017-02-08 09:43 - 2017-02-08 09:52 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
    2017-02-07 21:18 - 2017-02-07 21:18 - 00416082 ____C C:\Users\Anya\Documents\L fore paw AP 06-12-2016_52524.JPEG
    2017-02-07 21:18 - 2017-02-07 21:18 - 00346479 ____C C:\Users\Anya\Documents\Tilly Lavender Consultation History Notes.pdf
    2017-02-07 15:14 - 2017-02-07 15:14 - 00137063 ____C C:\Users\Anya\Documents\civil-claims-app-11854.pdf
    2017-02-07 13:41 - 2017-02-07 13:41 - 00000154 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
    2017-02-07 13:36 - 2017-02-07 13:36 - 00000290 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
    2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
    2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
    2017-02-07 02:12 - 2017-02-08 09:45 - 00569645 ____C C:\Users\Anya\Documents\High detail front right paw 28-11-2016_52524.JPEG
    2017-02-06 12:16 - 2017-02-06 12:16 - 00000000 ___DC C:\Program Files (x86)\Display
    2017-02-06 11:44 - 2017-02-20 22:59 - 00000000 ___DC C:\Program Files (x86)\SpeedItup Free
    2017-02-02 12:10 - 2017-02-02 12:10 - 00005606 ____C C:\Windows\system32.crusader
    2017-02-01 19:45 - 2017-02-01 19:45 - 00508320 ____C C:\Users\Anya\Documents\AL606-12-16 Front Extremity_52524.JPEG
    2017-02-01 19:44 - 2017-02-01 19:44 - 00459920 ____C C:\Users\Anya\Documents\AL706-12-16 Front Extremity (3)_52524.JPEG
    2017-02-01 19:39 - 2017-02-01 19:39 - 00587748 ____C C:\Users\Anya\Documents\High detail front right paw 3 28-11-2016_52524.JPEG
    2017-02-01 19:39 - 2017-02-01 19:39 - 00566078 ____C C:\Users\Anya\Documents\High detail front right paw 2 28-11-2016_52524.JPEG

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-01 11:56 - 2017-01-02 17:56 - 00000264 ____C C:\Windows\Tasks{3414E28B-7B30-5D60-A18E-73890419B134}.job
    2017-03-01 11:21 - 2017-01-02 18:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
    2017-03-01 11:21 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-03-01 11:21 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-03-01 11:14 - 2017-01-03 16:33 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-03-01 11:14 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\inf
    2017-03-01 11:12 - 2009-07-14 16:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
    2017-03-01 10:39 - 2017-01-07 23:55 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\ParetoLogic
    2017-03-01 09:25 - 2017-01-25 18:16 - 00000000 ___DC C:\Windows\Minidump
    2017-03-01 09:25 - 2017-01-03 09:53 - 00000000 ___DC C:\Windows\Panther
    2017-02-26 08:59 - 2017-01-07 23:08 - 00000430 ____C C:\Windows\Tasks\TechUtilities.job
    2017-02-24 11:39 - 2017-01-19 15:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-02-22 12:18 - 2017-01-02 16:56 - 00000000 ___DC C:\Users\Anya\Documents\tio & telstra
    2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\finance
    2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\family & health
    2017-02-19 21:35 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
    2017-02-19 21:34 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\Anya’s phone
    2017-02-19 21:34 - 2017-01-02 16:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
    2017-02-19 21:33 - 2017-01-02 16:53 - 00000000 ___DC C:\Users\Anya\Documents\Anya
    2017-02-17 20:09 - 2017-01-03 16:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
    2017-02-17 20:08 - 2017-01-03 16:33 - 00802904 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-02-17 20:08 - 2017-01-03 16:33 - 00144472 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-02-17 20:08 - 2017-01-03 16:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
    2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\system32\Macromed
    2017-02-15 10:06 - 2009-07-14 16:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
    2017-02-14 13:38 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\LiveKernelReports
    2017-02-08 09:52 - 2017-01-19 19:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
    2017-02-06 09:26 - 2017-01-02 18:38 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
    2017-02-02 12:49 - 2017-01-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
    2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
    2017-02-02 12:01 - 2017-01-02 19:16 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2017-02-02 12:01 - 2017-01-02 18:04 - 00000000 ___DC C:\ProgramData\Package Cache

    ==================== Files in the root of some directories =======

    2017-01-03 14:58 - 2017-01-03 14:58 - 0000044 ____C () C:\Users\Anya\AppData\Roaming\WB.CFG
    [HEADING=1]Files to move or delete:[/HEADING]
    C:\Windows\Tasks{3414E28B-7B30-5D60-A18E-73890419B134}.job

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-01-03 09:54

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
    [HEADING=1]Ran by Anya (01-03-2017 12:00:30)
    Running from C:\Users\Anya\Desktop\PC prework
    Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
    Boot Mode: Normal[/HEADING]
    ==================== Accounts: =============================

    Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
    Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
    Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Avira Antivirus (HKLM-x32...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
    Avira Connect (HKLM-x32...{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
    Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
    CCleaner (HKLM...\CCleaner) (Version: 5.27 - Piriform)
    EasyBluePrint (HKLM-x32...{598B5BFB-3491-4C9B-9D20-F6477932FFCE}) (Version: 1.00.0000 - Lazycat Labs LLC)
    Google Earth (HKLM-x32...{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    HitmanPro 3.7 (HKLM...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
    Image Composite Editor (HKLM...{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
    Malwarebytes version 3.0.6.1469 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    Microsoft .NET Framework 4.6.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32...{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    MVHShellExtension (HKLM...{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
    OpenOffice 4.1.2 (HKLM-x32...{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    paint.net (HKLM...{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
    Quicken CashBook - Version 8 (HKLM-x32...\Quicken CashBook - Version 8) (Version: - )
    situhome (HKLM-x32...{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
    situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
    Toolwiz Care (HKLM-x32...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
    Visual Studio 2012 x64 Redistributables (HKLM...{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32...{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
    Wings 3D 2.1.5 (HKLM-x32...\Wings 3D 2.1.5) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
    Task: {33037067-24A4-4C51-9BF4-C93967D001CB} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2017-01-08] (Toolwiz)
    Task: {4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
    Task: {792F89C5-CD6D-420F-B59F-A6FD747F23A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-02-17] (Adobe Systems Incorporated)
    Task: {84DD79D9-08FF-42FE-B5A0-F88E208EA467} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000
    Task: {977EEB1A-1D70-420F-8E80-26BACAE87F7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
    Task: {9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
    Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
    Task: {A8A2EB79-53E4-43C3-8391-143FC1FC3B23} - System32\Tasks{3414E28B-7B30-5D60-A18E-73890419B134} => C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe <==== ATTENTION
    Task: {CF69B18C-0219-4C72-A7C0-B5155F4BFF07} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
    Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe -t C:\Program Files\TechUtilities\TechUtilities.exe
    Task: C:\Windows\Tasks{3414E28B-7B30-5D60-A18E-73890419B134}.job => C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe <==== ATTENTION

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2017-03-01 09:27 - 2017-01-20 07:47 - 02264352 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-03-01 09:27 - 2017-01-20 07:47 - 02254800 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-03-01 09:27 - 2017-01-20 07:47 - 02829776 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
    2017-01-04 14:53 - 2017-01-04 14:53 - 03052032 ____C () C:\Windows\assembly\NativeImages_v4.0.30319_64\Pai ntDotNetc8826574#\1231046019f02411806acdb82aa3f17a \PaintDotNet.SystemLayer.Native.x64.ni.dll
    2016-12-12 17:01 - 2016-12-12 17:01 - 01083088 ____C () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64 .dll
    2015-10-21 15:50 - 2015-10-21 15:50 - 00988160 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
    2015-10-21 15:49 - 2015-10-21 15:49 - 00170496 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
    2015-10-21 15:49 - 2015-10-21 15:49 - 00136192 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
    2015-10-21 15:49 - 2015-10-21 15:49 - 00303616 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\Wallpaper → C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
    DNS Servers: 10.0.0.138
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    ==================== Faulty Device Manager Devices =============

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

    Name: Broadcom USH
    Description: Broadcom USH
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

    ==================== Event log errors: =========================
    [HEADING=1]Application errors:[/HEADING]
    Error: (03/01/2017 11:13:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/01/2017 07:49:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (02/25/2017 09:22:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (02/23/2017 12:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: googleearth.exe, version: 7.1.8.3036, time stamp: 0x587ddf05
    Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
    Exception code: 0xc0000005
    Fault offset: 0x0002f347
    Faulting process id: 0x3d4
    Faulting application start time: 0x01d28c9daba8551c
    Faulting application path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
    Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report Id: 620c036c-f8ff-11e6-801a-0024e8dc6112

    Error: (02/22/2017 09:16:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (02/20/2017 10:42:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (02/19/2017 02:17:06 PM) (Source: Avira Service Host) (EventID: 0) (User: )
    Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
    at Avira.OE.ServiceHost.ServiceHost.OnPowerEvent(Obje ct sender, PowerBroadcastStatusEventArgs e)
    at Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs)
    at Avira.OE.ServiceHost.WindowsService.OnPowerEvent(P owerBroadcastStatus powerStatus)
    at System.ServiceProcess.ServiceBase.DeferredPowerEve nt(Int32 eventType, IntPtr eventData).

    Error: (02/19/2017 02:05:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (02/17/2017 08:21:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (02/14/2017 09:12:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    [HEADING=1]System errors:[/HEADING]
    Error: (03/01/2017 07:48:09 AM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8007bd14e0, 0xfffff88004039cb0, 0x0000000000000000, 0x000000000000000c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030117-29640-01.

    Error: (03/01/2017 07:47:58 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:58:33 PM on ‎2/‎27/‎2017 was unexpected.

    Error: (02/27/2017 09:05:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

    Error: (02/25/2017 02:04:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

    Error: (02/24/2017 09:09:54 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (02/24/2017 01:55:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HitmanProScheduler service.

    Error: (02/22/2017 07:58:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

    Error: (02/22/2017 09:15:02 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:17:55 AM on ‎2/‎22/‎2017 was unexpected.

    Error: (02/21/2017 06:19:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.

    Error: (02/20/2017 10:41:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

    ==================== Memory info ===========================

    Processor: Intel(R) Core™2 Duo CPU P9400 @ 2.40GHz
    Percentage of memory in use: 79%
    Total physical RAM: 4047.92 MB
    Available physical RAM: 828.74 MB
    Total Virtual: 8094.04 MB
    Available Virtual: 4544.62 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.46 GB) (Free:21.82 GB) NTFS

    ==================== MBR & Partition Table ==================

    ================================================== ======
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=504 MB) - (Type=27)

    ==================== End of Addition.txt ============================


    aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
    [HEADING=1]Run date: 2017-03-01 12:10:33[/HEADING]
    12:10:33.299 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:10:33.299 Number of processors: 2 586 0x170A
    12:10:33.301 ComputerName: ANYA-PC UserName: Anya
    12:10:36.188 Initialize success
    12:10:36.870 VM: initialized successfully
    12:10:36.873 VM: Intel CPU BiosDisabled
    12:17:41.631 AVAST engine defs: 17010903
    12:19:02.667 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
    12:19:02.670 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
    12:19:02.896 Disk 0 MBR read successfully
    12:19:02.899 Disk 0 MBR scan
    12:19:02.906 Disk 0 Windows 7 default MBR code
    12:19:02.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    12:19:02.926 Disk 0 default boot code
    12:19:02.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
    12:19:02.973 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
    12:19:03.034 Disk 0 scanning C:\Windows\system32\drivers
    12:19:15.284 Service scanning
    12:19:43.094 Modules scanning
    12:19:43.106 Disk 0 trace - called modules:
    12:19:43.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    12:19:43.158 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800439d060]
    12:19:43.164 3 CLASSPNP.SYS[fffff880011d143f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040b5680]
    12:19:44.592 AVAST engine scan C:\Windows
    12:19:47.579 AVAST engine scan C:\Windows\system32
    12:32:25.222 AVAST engine scan C:\Windows\system32\drivers
    12:34:02.728 AVAST engine scan C:\Users\Anya
    13:20:58.634 AVAST engine scan C:\ProgramData
    13:22:09.962 Disk 0 statistics 4191535/0/0 @ 0.96 MB/s
    13:22:10.019 Scan finished successfully
    13:37:13.672 Disk 0 MBR has been saved successfully to “C:\Users\Anya\Desktop\PC prework\MBR.dat”
    13:37:13.722 The log file has been saved successfully to “C:\Users\Anya\Desktop\PC prework\aswMBR.txt”
    Tags: None
    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7041
      #2
      Let’s clean some trash from the machine before a FRST fix…

      Clean up temp files and reduce startup load with CCleaner.


      Note: This tool will clean your browsing history as well.
      [ul]
      [li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]



      Rogue Killer Scan.

      Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

      Link 1
      Link 2

      [ul]
      [li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
      [li]After All items are checked then press Remove Selected.[/li]
      [li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
      [li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

      JRT Scan.

      Please download Junkware Removal Tool and save it on your desktop.

      [ul]
      [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
      Adware Cleaner Scan.

      Please download AdwCleaner by Xplode onto your desktop.

      [ul]
      [li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

      Let’s have a fresh look at your system after the above scans please.

      Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

      Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

      If you are unsure if your operating system is 32 or 64 Bit please go HERE.

      [ul]
      [li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
      [li]Make sure that Addition option is checked, as well as Shortcut.txt[/li][li]Press Scan button and wait.[/li][li]The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt – & Shortcut.txt[/li][/ul]
      Please Copy & Paste them into your next reply. But attach Shortcut.txt

        Comment

        • Loosie
          PCHF Member
          • Feb 2017
          • 97
          #3
          Right… I had run CCleaner & Malwarebytes before I posted this thread this morn btw, but I followed the instrucs above(thanks mal) before doing another one. Then the logs for the others are below as requested… Shortcut file is attached.

          Rogue;
          RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
          mail : Support Form | Contact • Adlice Software
          Feedback : http://forum.adlice.com
          Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
          Blog : http://www.adlice.com
          Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
          Started in : Normal mode
          User : Anya [Administrator]
          Started from : C:\Users\Anya\Desktop\PCHF programs\RogueKillerX64.exe
          Mode : Scan – Date : 03/01/2017 19:04:48 (Duration : 00:17:45)

          ¤¤¤ Processes : 0 ¤¤¤

          ¤¤¤ Registry : 5 ¤¤¤
          [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx : → Found
          [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : Search - Microsoft Bing → Found
          [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : Search - Microsoft Bing → Found
          [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 → Found
          [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 → Found

          ¤¤¤ Tasks : 2 ¤¤¤
          [Suspicious.Path] %WINDIR%\Tasks{3414E28B-7B30-5D60-A18E-73890419B134}.job – C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe (/Check) → Found
          [Suspicious.Path] {3414E28B-7B30-5D60-A18E-73890419B134} – C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe (/Check) → Found

          ¤¤¤ Files : 3 ¤¤¤
          [PUP.Gen1][Folder] C:\Users\Anya\AppData\Roaming\ParetoLogic → Found
          [PUP.Gen1][Folder] C:\Program Files (x86)\Driver Detective → Found
          [PUP.Gen1][Folder] C:\Program Files (x86)\SpeedItup Free → Found

          ¤¤¤ WMI : 0 ¤¤¤

          ¤¤¤ Hosts File : 0 ¤¤¤

          ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

          ¤¤¤ Web browsers : 1 ¤¤¤
          [PUM.HomePage][Firefox:Config] dolfqtls.default : user_pref(“browser.startup.homepage”, “mail.yahoo.com”); → Found

          ¤¤¤ MBR Check : ¤¤¤
          +++++ PhysicalDrive0: WDC WD1600BEVT-75ZCT2 ATA Device +++++
          — User —
          [MBR] 47c5e781ab77453373e0941962d72004
          [BSP] ec87961bac3f884dc2a63fa0e35af3c1 : Windows Vista/7/8|VT.Unknown MBR Code
          Partition table:
          0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
          1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152019 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
          2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 311543808 | Size: 504 MB
          User = LL1 … OK
          User = LL2 … OK

          JRT;
          Junkware Removal Tool (JRT) by Malwarebytes
          Version: 8.1.1 (02.11.2017)
          Operating System: Windows 7 Professional x64
          Ran by Anya (Administrator) on Wed 03/01/2017 at 19:52:37.43
          Code:
          

File System: 11

Successfully deleted: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Invalidprefs.js (File)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWTV4YGS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWTV4YGS (Temporary Internet Files Folder)

Registry: 0
          Scan was completed on Wed 03/01/2017 at 19:54:14.31
          End of JRT log
          Code:
          ADW;

> # AdwCleaner v6.043 - Logfile created 01/03/2017 at 19:57:50
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-28.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Anya - ANYA-PC
# Running from : C:\Users\Anya\Desktop\PCHF programs\adwcleaner_6.043.exe
# Mode: Scan
# Support :  https://www.malwarebytes.com/support 



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\ReviverSoft
Key Found:  HKLM\SOFTWARE\ReviverSoft
Key Found:  HKLM\SOFTWARE\Auslogics


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6380 Bytes] - [21/09/2016 22:23:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [5907 Bytes] - [21/09/2016 20:41:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1245 Bytes] - [01/03/2017 19:57:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1318 Bytes] ##########




FRST;

> Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by Anya (administrator) on ANYA-PC (01-03-2017 20:20:32)
Running from C:\Users\Anya\Desktop\PC prework
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:  http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ 

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4C627B19-BC24-470C-A374-BA04D5043EF9}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp10_adw_hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: dolfqtls.default
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default [2017-03-01]
FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default -> hxxps://mg.mail.yahoo.com/neo/launch?.rand=4329iole1n0eg#6349
FF Extension: (Avira Browser Safety) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\abs@avira.com.xpi [2017-02-09]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\features\{ce52f54d-0d9c-4224-b2d6-5d5791543a5a}\disableSHA1rollout@mozilla.org.xpi [2017-02-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-04] (SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-01] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-03-01] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 19:04 - 2017-03-01 19:04 - 00028272 ____C C:\Windows\system32\Drivers\TrueSight.sys
2017-03-01 18:44 - 2017-03-01 18:44 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Avira
2017-03-01 18:41 - 2017-03-01 19:03 - 00000000 ___DC C:\ProgramData\RogueKiller
2017-03-01 13:10 - 2017-03-01 13:11 - 03071606 ____C C:\Users\Anya\Downloads\Ramblings 4 -  February 28th 2017.pdf
2017-03-01 13:03 - 2017-03-01 13:04 - 06029906 ____C C:\Users\Anya\Downloads\27th February 2017.pdf
2017-03-01 11:54 - 2017-03-01 20:20 - 00000000 ___DC C:\FRST
2017-03-01 11:49 - 2017-03-01 20:15 - 00000000 ___DC C:\Users\Anya\Desktop\PC prework
2017-03-01 10:22 - 2017-02-27 15:02 - 00697053 ____C C:\Users\Anya\Documents\stock%20crate%20needs.doc_1.odt
2017-03-01 09:28 - 2017-03-01 20:13 - 00176584 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-01 09:28 - 2017-03-01 20:12 - 00110536 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-01 09:28 - 2017-03-01 20:12 - 00081696 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-01 09:28 - 2017-03-01 20:12 - 00043968 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-01 09:28 - 2017-03-01 20:11 - 00251848 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\Program Files\Malwarebytes
2017-03-01 09:27 - 2017-01-20 07:47 - 00077416 ____C C:\Windows\system32\Drivers\mbae64.sys
2017-03-01 09:14 - 2017-03-01 17:03 - 00002788 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\Program Files\CCleaner
2017-02-27 10:22 - 2017-02-27 10:22 - 01961016 ____C C:\Users\Anya\Downloads\Ramblings 3 -  February 21st 2017.pdf
2017-02-26 22:52 - 2017-02-26 22:52 - 01793086 ____C C:\Users\Anya\Downloads\14475841_975050299290299_6153463609927139328_n.mp4
2017-02-22 19:16 - 2017-02-22 19:16 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100877 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100875 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39.pdf
2017-02-22 18:56 - 2017-02-22 18:56 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017.pdf
2017-02-21 21:46 - 2017-02-24 21:16 - 00047120 ____C C:\Users\Anya\Documents\My Places.kmz
2017-02-20 13:47 - 2017-02-20 13:47 - 00543652 ____C C:\Users\Anya\Downloads\parknotesnourlangie.pdf
2017-02-17 20:15 - 2017-02-17 20:15 - 00000000 ___DC C:\Program Files (x86)\Windows Resource Kits
2017-02-17 20:11 - 2017-02-17 20:11 - 00002130 ____C C:\Users\Anya\Downloads\reset_fp.zip
2017-02-17 20:05 - 2017-02-17 20:05 - 00379392 ____C C:\Users\Anya\Downloads\subinacl.msi
2017-02-16 22:02 - 2017-02-16 22:03 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
2017-02-14 23:35 - 2017-02-14 23:35 - 00000000 ___DC C:\Windows\System32\Tasks\Games
2017-02-13 16:48 - 2017-02-13 16:50 - 01325535 ____C C:\Users\Anya\Downloads\Ramblings 1a -  February 7th 2017.pdf
2017-02-12 23:43 - 2017-02-12 23:43 - 00248541 ____C C:\Users\Anya\Downloads\FlashBrowserVersion.pdf
2017-02-10 10:01 - 2017-02-10 10:01 - 00327713 ____C C:\Users\Anya\Downloads\109.full.pdf
2017-02-10 10:01 - 2017-02-10 10:01 - 00213450 ____C C:\Users\Anya\Downloads\ARRT_Std_Terms.pdf
2017-02-09 12:09 - 2017-02-09 12:09 - 00562254 ____C C:\Users\Anya\Downloads\pdf2doc.zip
2017-02-09 11:56 - 2017-02-09 11:56 - 00118501 ____C C:\Users\Anya\Downloads\R Oosthuizen Response.pdf
2017-02-08 09:55 - 2017-03-01 16:42 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
2017-02-08 09:43 - 2017-02-08 09:52 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
2017-02-07 21:18 - 2017-02-07 21:18 - 00416082 ____C C:\Users\Anya\Documents\L fore paw AP 06-12-2016_52524.JPEG
2017-02-07 21:18 - 2017-02-07 21:18 - 00346479 ____C C:\Users\Anya\Documents\Tilly Lavender Consultation History Notes.pdf
2017-02-07 15:14 - 2017-02-07 15:14 - 00137063 ____C C:\Users\Anya\Documents\civil-claims-app-11854.pdf
2017-02-07 13:41 - 2017-02-07 13:41 - 00000154 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
2017-02-07 13:36 - 2017-02-07 13:36 - 00000290 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
2017-02-07 02:12 - 2017-02-08 09:45 - 00569645 ____C C:\Users\Anya\Documents\High detail front right paw 28-11-2016_52524.JPEG
2017-02-06 12:16 - 2017-02-06 12:16 - 00000000 ___DC C:\Program Files (x86)\Display
2017-02-02 12:10 - 2017-02-02 12:10 - 00005606 ____C C:\Windows\system32\.crusader
2017-02-01 19:45 - 2017-02-01 19:45 - 00508320 ____C C:\Users\Anya\Documents\AL606-12-16 Front Extremity_52524.JPEG
2017-02-01 19:44 - 2017-02-01 19:44 - 00459920 ____C C:\Users\Anya\Documents\AL706-12-16 Front Extremity (3)_52524.JPEG
2017-02-01 19:39 - 2017-02-01 19:39 - 00587748 ____C C:\Users\Anya\Documents\High detail front right paw 3 28-11-2016_52524.JPEG
2017-02-01 19:39 - 2017-02-01 19:39 - 00566078 ____C C:\Users\Anya\Documents\High detail front right paw 2 28-11-2016_52524.JPEG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 20:19 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-01 20:19 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-01 20:16 - 2017-01-02 18:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
2017-03-01 20:14 - 2016-09-21 20:40 - 00000000 ___DC C:\AdwCleaner
2017-03-01 20:12 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\inf
2017-03-01 20:10 - 2009-07-14 16:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-03-01 17:06 - 2017-01-07 23:08 - 00000332 ____C C:\Windows\Tasks\TechUtilities.job
2017-03-01 17:06 - 2017-01-03 16:33 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-01 17:03 - 2017-01-19 15:48 - 00004478 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-01 17:03 - 2017-01-12 00:02 - 00003642 ____C C:\Windows\System32\Tasks\SDMsgUpdate (Local)
2017-03-01 17:03 - 2017-01-12 00:02 - 00003634 ____C C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2017-03-01 17:03 - 2017-01-09 13:33 - 00003332 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-01 17:03 - 2017-01-09 13:33 - 00003204 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-01 17:03 - 2017-01-08 12:01 - 00003324 _____ C:\Windows\System32\Tasks\ToolwizCareFree
2017-03-01 17:03 - 2017-01-07 23:08 - 00003162 _____ C:\Windows\System32\Tasks\TechUtilities
2017-03-01 17:03 - 2017-01-03 16:33 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-01 09:25 - 2017-01-25 18:16 - 00000000 ___DC C:\Windows\Minidump
2017-03-01 09:25 - 2017-01-03 09:53 - 00000000 ___DC C:\Windows\Panther
2017-02-24 11:39 - 2017-01-19 15:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 12:18 - 2017-01-02 16:56 - 00000000 ___DC C:\Users\Anya\Documents\tio & telstra
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\finance
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\family & health
2017-02-19 21:35 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
2017-02-19 21:34 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\Anya's phone
2017-02-19 21:34 - 2017-01-02 16:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
2017-02-19 21:33 - 2017-01-02 16:53 - 00000000 ___DC C:\Users\Anya\Documents\Anya
2017-02-17 20:09 - 2017-01-03 16:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
2017-02-17 20:08 - 2017-01-03 16:33 - 00802904 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-17 20:08 - 2017-01-03 16:33 - 00144472 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\system32\Macromed
2017-02-15 10:06 - 2009-07-14 16:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
2017-02-14 13:38 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\LiveKernelReports
2017-02-08 09:52 - 2017-01-19 19:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
2017-02-06 09:26 - 2017-01-02 18:38 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2017-02-02 12:49 - 2017-01-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-02-02 12:01 - 2017-01-02 19:16 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-02 12:01 - 2017-01-02 18:04 - 00000000 ___DC C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2017-01-03 14:58 - 2017-01-03 14:58 - 0000044 ____C () C:\Users\Anya\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
2017-03-01 18:41 - 2010-11-21 14:23 - 1731936 ____C (Microsoft Corporation) C:\Users\Anya\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-03 09:54

==================== End of FRST.txt ============================


Addition;

> Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Anya (01-03-2017 20:24:21)
Running from C:\Users\Anya\Desktop\PC prework
Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
EasyBluePrint (HKLM-x32\...\{598B5BFB-3491-4C9B-9D20-F6477932FFCE}) (Version: 1.00.0000 - Lazycat Labs LLC)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version:  - )
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {33037067-24A4-4C51-9BF4-C93967D001CB} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2017-01-08] (Toolwiz)
Task: {4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
Task: {792F89C5-CD6D-420F-B59F-A6FD747F23A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-17] (Adobe Systems Incorporated)
Task: {84DD79D9-08FF-42FE-B5A0-F88E208EA467} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000
Task: {977EEB1A-1D70-420F-8E80-26BACAE87F7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {CF69B18C-0219-4C72-A7C0-B5155F4BFF07} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-01 09:27 - 2017-01-20 07:47 - 02264352 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-01 09:27 - 2017-01-20 07:47 - 02254800 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-01 09:27 - 2017-01-20 07:47 - 02829776 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

01-03-2017 19:52:38 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2017 08:12:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2017 05:08:25 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:25 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:25 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:25 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/01/2017 05:08:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:18 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/01/2017 05:08:17 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:17 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:17 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
   0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (03/01/2017 08:08:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/01/2017 08:08:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/01/2017 08:08:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/01/2017 08:08:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/01/2017 08:08:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/01/2017 08:08:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HitmanPro Scheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/01/2017 08:08:56 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The handle is invalid.  If this error persists, your smart card or reader may not be functioning correctly.

Command Header: XX XX XX XX

Error: (03/01/2017 07:46:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (03/01/2017 06:19:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (03/01/2017 05:08:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 81%
Total physical RAM: 4047.92 MB
Available physical RAM: 755.61 MB
Total Virtual: 8094.04 MB
Available Virtual: 4802.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.46 GB) (Free:21.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)

==================== End of Addition.txt ============================

            Comment

            • Malnutrition
              PCHF Moderator
              • Jul 2016
              • 7041
              #4
              FRST Fix.

              Click Here To Download Fixlist.

              Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

              ClearLNK

              Download ClearLNK save it to your desktop.
              Drag the file Shortcut.txt made with FRST earlier.
              As per picture.
              A report on the work as a file ClearLNK- .log
              Will be produced, post that log.

              https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fup2sha.re%2Fuploads% 2F2015%2F3%2FBPD7B3BAgEQl.gif&hash=f65630ba2178027 f4643224f28999e44

              Run Check Disk

              Run chkdsk /f /r from elevated command prompt.

              [MEDIA=youtube]4feZG3LebOg[/MEDIA]

              After the checkdisk…

              https://sites.google.com/site/canned...kdskResult.png Scan with ListChkDskResult

              Please download ListChkDskResult by SleepyDude and save it to your desktop.
              [ul]
              [li]Right-click on https://sites.google.com/site/canned...kdskResult.png icon and select https://sites.google.com/site/canned...RunAsAdmin.jpg Run as Administrator to start the tool.[/li][li]A message about checking Windows Event Log will pop-up. Click OK.[/li][li]Wait patiently until a notepad window will open. This won’t take long.[/li][li]The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.[/li][/ul]
              Please include the content of this file in your next reply.

              Speccy Scan.

              [ul]
              [li]Please go here and download Speccy.[/li][li]Install and run the program.[/li][li]Upon Completion:[/li][li]Hit File[/li][li]Publish Snap Shot[/li][li]A link will appear, post that link.[/li][/ul]

                Comment

                • Loosie
                  PCHF Member
                  • Feb 2017
                  • 97
                  #5
                  FRST Fixlog;
                  Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
                  Ran by Anya (02-03-2017 21:19:55) Run:1
                  Running from C:\Users\Anya\Desktop\PC prework
                  Loaded Profiles: Anya (Available Profiles: Anya)
                  Boot Mode: Normal
                  ==============================================
                  fixlist content:

                  Start
                  CreateRestorePoint:
                  Closeprocesses:
                  Emptytemp:
                  GroupPolicy: Restriction <======= ATTENTION
                  CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
                  Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
                  Tcpip..\Interfaces{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: [DhcpNameServer] 10.0.0.138
                  Tcpip..\Interfaces{4C627B19-BC24-470C-A374-BA04D5043EF9}: [DhcpNameServer] 192.168.42.129
                  HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp10_adw_hp
                  SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
                  SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
                  SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 → DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms }
                  SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 → {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms }
                  Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
                  Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
                  Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
                  Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
                  StartMenuInternet: IEXPLORE.EXE - iexplore.exe
                  FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
                  FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
                  CHR HKLM...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
                  CHR HKLM-x32...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
                  S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
                  2017-02-14 23:35 - 2017-02-14 23:35 - 00000000 ___DC C:\Windows\System32\Tasks\Games
                  2017-03-01 17:06 - 2017-01-07 23:08 - 00000332 ____C C:\Windows\Tasks\TechUtilities.job
                  2017-03-01 17:06 - 2017-01-03 16:33 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
                  2017-03-01 17:03 - 2017-01-19 15:48 - 00004478 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
                  2017-03-01 17:03 - 2017-01-12 00:02 - 00003642 ____C C:\Windows\System32\Tasks\SDMsgUpdate (Local)
                  2017-03-01 17:03 - 2017-01-12 00:02 - 00003634 ____C C:\Windows\System32\Tasks\SDMsgUpdate (TE)
                  2017-03-01 17:03 - 2017-01-09 13:33 - 00003332 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
                  2017-03-01 17:03 - 2017-01-09 13:33 - 00003204 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
                  2017-03-01 17:03 - 2017-01-08 12:01 - 00003324 _____ C:\Windows\System32\Tasks\ToolwizCareFree
                  2017-03-01 17:03 - 2017-01-07 23:08 - 00003162 _____ C:\Windows\System32\Tasks\TechUtilities
                  2017-03-01 17:03 - 2017-01-03 16:33 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
                  2017-01-03 14:58 - 2017-01-03 14:58 - 0000044 ____C () C:\Users\Anya\AppData\Roaming\WB.CFG
                  Task: {0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
                  Task: {33037067-24A4-4C51-9BF4-C93967D001CB} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2017-01-08] (Toolwiz)
                  Task: {4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
                  Task: {792F89C5-CD6D-420F-B59F-A6FD747F23A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
                  Task: {7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-02-17] (Adobe Systems Incorporated)
                  Task: {84DD79D9-08FF-42FE-B5A0-F88E208EA467} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000
                  Task: {977EEB1A-1D70-420F-8E80-26BACAE87F7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
                  Task: {9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
                  Task: {CF69B18C-0219-4C72-A7C0-B5155F4BFF07} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
                  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
                  Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe
                  C:\Windows\Tasks\TechUtilities.job
                  C:\SmartDraw 2016
                  C:\Program Files\TechUtilities
                  C:\Windows\system32\Drivers\etc\hosts
                  Hosts:
                  FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
                  C:\Program Files (x86)\SpeedItup Free
                  C:\Program Files (x86)\Driver Detective
                  C:\Users\Anya\AppData\Roaming\ParetoLogic
                  C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe
                  DeleteKey: HKLM\SOFTWARE\ReviverSoft
                  DeleteKey: HKLM\SOFTWARE\Auslogics
                  CMD: gpupdate /force
                  FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
                  RemoveProxy:
                  CMD: ipconfig /flushdns
                  reboot:
                  end

                  Restore point was successfully created.
                  Processes closed successfully.
                  C:\Windows\system32\GroupPolicy\Machine => moved successfully
                  C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
                  C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
                  HKLM\SOFTWARE\Policies\Google => key removed successfully
                  HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\DhcpNameServer => value removed successfully
                  HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}\DhcpNameServer => value removed successfully
                  HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{4C627B19-BC24-470C-A374-BA04D5043EF9}\DhcpNameServer => value removed successfully
                  HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
                  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
                  HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully
                  HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} => key removed successfully
                  HKCR\CLSID{76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} => key not found.
                  HKCR\PROTOCOLS\Filter\deflate => key not found.
                  HKCR\CLSID{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
                  HKCR\Wow6432Node\PROTOCOLS\Filter\deflate => key not found.
                  HKCR\Wow6432Node\CLSID{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
                  HKCR\PROTOCOLS\Filter\gzip => key not found.
                  HKCR\CLSID{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
                  HKCR\Wow6432Node\PROTOCOLS\Filter\gzip => key not found.
                  HKCR\Wow6432Node\CLSID{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
                  HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.E XE\shell\open\command\Default => value restored successfully
                  HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3 => key removed successfully
                  C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
                  HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9 => key removed successfully
                  C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
                  HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeo hchalpbbcdekjklbdgfkk => key removed successfully
                  HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
                  HKLM\System\CurrentControlSet\Services\WinDefend => key removed successfully
                  WinDefend => service removed successfully
                  C:\Windows\System32\Tasks\Games => moved successfully
                  C:\Windows\Tasks\TechUtilities.job => moved successfully
                  C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
                  C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
                  C:\Windows\System32\Tasks\SDMsgUpdate (Local) => moved successfully
                  C:\Windows\System32\Tasks\SDMsgUpdate (TE) => moved successfully
                  C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A => moved successfully
                  C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => moved successfully
                  “C:\Windows\System32\Tasks\ToolwizCareFree” => not found.
                  C:\Windows\System32\Tasks\TechUtilities => moved successfully
                  C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
                  C:\Users\Anya\AppData\Roaming\WB.CFG => moved successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{0BBF5E2 B-CFF9-4454-B1E5-48FD7878F641} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0BBF5E2 B-CFF9-4454-B1E5-48FD7878F641} => key removed successfully
                  C:\Windows\System32\Tasks\TechUtilities => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TechUtil ities => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3303706 7-24A4-4C51-9BF4-C93967D001CB} => key not found.
                  C:\Windows\System32\Tasks\ToolwizCareFree => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ToolwizC areFree => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{4CD9118 4-FF75-43A9-AFF0-B0E8793FFEA2} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4CD9118 4-FF75-43A9-AFF0-B0E8793FFEA2} => key removed successfully
                  C:\Windows\System32\Tasks\SDMsgUpdate (Local) => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SDMsgUpd ate (Local) => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{792F89C 5-CD6D-420F-B59F-A6FD747F23A3} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{792F89C 5-CD6D-420F-B59F-A6FD747F23A3} => key removed successfully
                  C:\Windows\System32\Tasks\Adobe Acrobat Update Task => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{7FCD042 A-B1B9-48E0-BCAB-416DD1E526E8} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7FCD042 A-B1B9-48E0-BCAB-416DD1E526E8} => key removed successfully
                  C:\Windows\System32\Tasks\Adobe Flash Player Updater => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{84DD79D 9-08FF-42FE-B5A0-F88E208EA467} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{84DD79D 9-08FF-42FE-B5A0-F88E208EA467} => key removed successfully
                  C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000 => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\Up dateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000 => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{977EEB1 A-1D70-420F-8E80-26BACAE87F7F} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{977EEB1 A-1D70-420F-8E80-26BACAE87F7F} => key removed successfully
                  C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{9E37EBF D-A90E-4D66-AEBC-A4E874CF58F3} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9E37EBF D-A90E-4D66-AEBC-A4E874CF58F3} => key removed successfully
                  C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{CF69B18 C-0219-4C72-A7C0-B5155F4BFF07} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CF69B18 C-0219-4C72-A7C0-B5155F4BFF07} => key removed successfully
                  C:\Windows\System32\Tasks\SDMsgUpdate (TE) => not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SDMsgUpd ate (TE) => key removed successfully
                  C:\Windows\Tasks\Adobe Flash Player Updater.job => not found.
                  C:\Windows\Tasks\TechUtilities.job => not found.
                  “C:\Windows\Tasks\TechUtilities.job” => not found.
                  C:\SmartDraw 2016 => moved successfully
                  “C:\Program Files\TechUtilities” => not found.
                  Could not move “C:\Windows\system32\Drivers\etc\hosts” => Scheduled to move on reboot.
                  Could not move “C:\Windows\System32\Drivers\etc\hosts” => Scheduled to move on reboot.
                  HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\SPPSVC-In-TCP => value removed successfully
                  “C:\Program Files (x86)\SpeedItup Free” => not found.
                  “C:\Program Files (x86)\Driver Detective” => not found.
                  “C:\Users\Anya\AppData\Roaming\ParetoLogic” => not found.
                  “C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe” => not found.
                  HKLM\SOFTWARE\ReviverSoft => key not found.
                  HKLM\SOFTWARE\Auslogics => key not found.

                  ========= gpupdate /force =========

                  Updating Policy…

                  User Policy update has completed successfully.

                  Computer Policy update has completed successfully.

                  ========= End of CMD: =========

                  HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\SPPSVC-In-TCP-NoScope => value removed successfully

                  ========= RemoveProxy: =========

                  HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
                  HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
                  HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
                  HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

                  ========= End of RemoveProxy: =========

                  ========= ipconfig /flushdns =========

                  Windows IP Configuration

                  Successfully flushed the DNS Resolver Cache.

                  ========= End of CMD: =========

                  =========== EmptyTemp: ==========

                  BITS transfer queue => 0 B
                  DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 111560330 B
                  Java, Flash, Steam htmlcache => 506 B
                  Windows/system/drivers => 607 B
                  Edge => 0 B
                  Chrome => 0 B
                  Firefox => 182882028 B
                  Opera => 0 B

                  Temp, IE cache, history, cookies, recent:
                  Users => 0 B
                  Default => 0 B
                  Public => 0 B
                  ProgramData => 0 B
                  systemprofile => 66228 B
                  systemprofile32 => 65960 B
                  LocalService => 66228 B
                  NetworkService => 66228 B
                  Anya => 193970661 B

                  RecycleBin => 9851621732 B
                  EmptyTemp: => 9.6 GB temporary data Removed.

                  ================================

                  Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-03-2017 21:26:46)

                  “C:\Windows\system32\Drivers\etc\hosts” => Could not move
                  Could not restore Hosts.
                  “C:\Windows\System32\Drivers\etc\hosts” => Could not move
                  Could not restore Hosts.

                  ==== End of Fixlog 21:26:46 ====

                  ClearLNK;
                  ClearLNK by Alex Dragokas ver. 2.9.0.11
                  OS: x64 Windows 7 Pro, 6.1.7601, Service Pack: 1
                  Time: 02.03.2017 - 21:35
                  Language: OS: EN (0x409). Display: EN (0x409). Non-Unicode: EN (0x409)
                  Elevated: Yes
                  User: Anya (group: Administrator)

                  _____________________________ Begin of Log ______________________________
                  .
                  [ OK ] 2 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk” → [ “C:\Windows\ehome\ehshell.exe” ] (icon has been recovered)
                  [ OK ] 5 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk” → [ “C:\Windows\system32\WindowsAnytimeUpgradeUI.exe” ] (icon has been recovered)
                  [ OK ] 6 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk” → [ “C:\Program Files\DVD Maker\DVDMaker.exe” ] (icon has been recovered)
                  [ OK ] 7 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk” → [ “C:\Windows\system32\WFS.exe” ] (icon has been recovered)
                  [ OK ] 8 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk” → [ “C:\Windows\System32\xpsrchvw.exe” ] (icon has been recovered)
                  [ OK ] 31 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk” → [ “C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe” ] (icon has been recovered)
                  [ OK ] 32 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk” → [ “C:\Windows\system32\recdisc.exe” ] (icon has been recovered)
                  [ OK ] 33 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk” → [ “C:\Windows\System32\msra.exe” ] (icon has been recovered)
                  [ OK ] 43 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk” → [ “C:\Windows\System32\comexp.msc” ] (icon has been recovered)
                  [ OK ] 44 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk” → [ “C:\Windows\System32\odbcad32.exe” ] (icon has been recovered)
                  [ OK ] 45 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk” → [ “C:\Windows\System32\iscsicpl.exe” ] (icon has been recovered)
                  [ OK ] 46 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk” → [ “C:\Windows\system32\MdSched.exe” ] (icon has been recovered)
                  [ OK ] 47 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk” → [ “C:\Windows\System32\printmanagement.msc” ] (icon has been recovered)
                  [ OK ] 48 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk” → [ “C:\Windows\System32\services.msc” ] (icon has been recovered)
                  [ OK ] 49 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk” → [ “C:\Windows\system32\msconfig.exe” ] (icon has been recovered)
                  [ OK ] 50 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk” → [ “C:\Windows\System32\WF.msc” ] (icon has been recovered)
                  [ OK ] 51 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk” → [ “C:\Windows\System32\calc.exe” ] (icon has been recovered)
                  [ OK ] 52 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk” → [ “C:\Windows\System32\displayswitch.exe” ] (icon has been recovered)
                  [ OK ] 53 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk” → [ “C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mip.exe” ] (icon has been recovered)
                  [ OK ] 54 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk” → [ “C:\Windows\system32\NetProj.exe” ] (icon has been recovered)
                  [ OK ] 55 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk” → [ “C:\Windows\System32\mspaint.exe” ] (icon has been recovered)
                  [ OK ] 56 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk” → [ “C:\Windows\System32\mstsc.exe” ] (icon has been recovered)
                  [ OK ] 57 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk” → [ “C:\Windows\system32\SnippingTool.exe” ] (icon has been recovered)
                  [ OK ] 58 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk” → [ “C:\Windows\system32\SoundRecorder.exe” ] (icon has been recovered)
                  [ OK ] 59 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk” → [ “C:\Windows\system32\StikyNot.exe” ] (icon has been recovered)
                  [ OK ] 60 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk” → [ “C:\Windows\System32\mobsync.exe” ] (icon has been recovered)
                  [ OK ] 61 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk” → [ “C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe” ] (icon has been recovered)
                  [ OK ] 62 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk” → [ “C:\Windows\SysWOW64\Windowspowershell\v1.0\powers hell.exe” ] (icon has been recovered)
                  [ OK ] 63 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk” → [ “C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerS hell_ISE.exe” ] (icon has been recovered)
                  [ OK ] 64 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk” → [ “C:\Windows\System32\WindowsPowerShell\v1.0\PowerS hell_ISE.exe” ] (icon has been recovered)
                  [ OK ] 65 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk” → [ “C:\Windows\System32\WindowsPowerShell\v1.0\powers hell.exe” ] (icon has been recovered)
                  [ OK ] 66 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk” → [ “C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe” ] (icon has been recovered)
                  [ OK ] 67 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk” → [ “C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe” ] (icon has been recovered)
                  [ OK ] 68 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk” → [ “C:\Program Files\Windows Journal\Journal.exe” ] (icon has been recovered)
                  [ OK ] 69 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk” → [ “C:\Windows\System32\charmap.exe” ] (icon has been recovered)
                  [ OK ] 70 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk” → [ “C:\Windows\System32\dfrgui.exe” ] (icon has been recovered)
                  [ OK ] 71 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk” → [ “C:\Windows\System32\cleanmgr.exe” ] (icon has been recovered)
                  [ OK ] 72 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk” → [ “C:\Windows\System32\msinfo32.exe” ] (icon has been recovered)
                  [ OK ] 73 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk” → [ “C:\Windows\system32\rstrui.exe” ] (icon has been recovered)
                  [ OK ] 74 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk” → [ “C:\Windows\System32\migwiz\PostMig.exe” ] (icon has been recovered)
                  [ OK ] 75 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk” → [ “C:\Windows\System32\migwiz\migwiz.exe” ] (icon has been recovered)
                  [ OK ] 85 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Internet Explorer (64-bit).lnk” → [ “C:\Program Files\Internet Explorer\iexplore.exe” ] (Method RN-S) (OK)
                  [ OK ] 89 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Notepad.lnk” → [ “C:\Windows\System32\notepad.exe” ] (icon has been recovered)
                  [ OK ] 91 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Windows Explorer.lnk” → [ “C:\Windows\explorer.exe” ] (icon has been recovered)
                  [ OK ] 94 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\System Tools\Private Character Editor.lnk” → [ “C:\Windows\System32\eudcedit.exe” ] (icon has been recovered)
                  [ OK ] 95 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Accessibility\Magnify.ln k” → [ “C:\Windows\System32\Magnify.exe” ] (icon has been recovered)
                  [ OK ] 96 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Accessibility\Narrator.l nk” → [ “C:\Windows\system32\narrator.exe” ] (icon has been recovered)
                  [ OK ] 97 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk” → [ “C:\Windows\System32\osk.exe” ] (icon has been recovered)
                  [ OK ] 110 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk” → [ “C:\Windows\explorer.exe” ] (icon has been recovered)
                  [ OK ] 115 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Notepad.lnk” → [ “C:\Windows\System32\notepad.exe” ] (icon has been recovered)
                  [ OK ] 117 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Windows Explorer.lnk” → [ “C:\Windows\explorer.exe” ] (icon has been recovered)
                  [ OK ] 120 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk” → [ “C:\Windows\System32\eudcedit.exe” ] (icon has been recovered)
                  [ OK ] 121 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Accessibility\Magnify.ln k” → [ “C:\Windows\System32\Magnify.exe” ] (icon has been recovered)
                  [ OK ] 122 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Accessibility\Narrator.l nk” → [ “C:\Windows\system32\narrator.exe” ] (icon has been recovered)
                  [ OK ] 123 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk” → [ “C:\Windows\System32\osk.exe” ] (icon has been recovered)
                  [ OK ] 126 “C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk” → [ “C:\Windows\System32\control.exe” ] (Method RN-S) (OK)
                  [ OK ] 127 “C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk” → [ “C:\Windows\System32\wuapp.exe” ] (Method RN-S) (OK)
                  [ OK ] 128 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk” → [ “C:\Program Files (x86)\Windows Sidebar\sidebar.exe” ] (Method RN-S) (OK)
                  [ OK ] 129 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk” → [ “C:\Program Files (x86)\Windows Media Player\wmplayer.exe” ] (Method RN-S) (OK)
                  [ OK ] 130 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk” → [ “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” ] (Method RN-S) (OK)
                  [ OK ] 131 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk” → [ “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” ] (Method RN-S) (OK)
                  [ OK ] 133 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\Uninstall Quicken CashBook - Version 8.lnk” → [ “C:\Windows\uninst.exe” ] (Method RN-S) (OK)
                  [ OK ] 134 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk” → [ “C:\Windows\System32\control.exe” ] (Method RN-S) (OK)
                  [ OK ] 135 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk” → [ “C:\Program Files\HitmanPro\HitmanPro.exe” ] (Method RN-S) (OK)
                  [ OK ] 136 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk” → [ “C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe” ] (Method RN-S) (OK)
                  [ OK ] 137 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk” → [ “C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe” ] (Method RN-S) (OK)
                  [ OK ] 138 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk” → [ “C:\Windows\System32\msiexec.exe” ] (Method RN-S) (OK)
                  [ OK ] 139 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Blue Print\Uninstall\Uninstall.lnk” → [ “C:\Windows\SysWOW64\msiexec.exe” ] (Method RN-S) (OK)
                  [ OK ] 140 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Connect.lnk” → [ “C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe” ] (Method RN-S) (OK)
                  [ OK ] 141 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk” → [ “C:\Windows\System32\compmgmt.msc” ] (Method RN-S) (OK)
                  [ OK ] 142 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk” → [ “C:\Windows\System32\eventvwr.msc” ] (Method RN-S) (OK)
                  [ OK ] 143 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk” → [ “C:\Windows\System32\perfmon.msc” ] (Method RN-S) (OK)
                  [ OK ] 144 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk” → [ “C:\Windows\system32\secpol.msc” ] (Method RN-S) (OK)
                  [ OK ] 145 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk” → [ “C:\Windows\System32\taskschd.msc” ] (Method RN-S) (OK)
                  [ OK ] 146 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk” → [ “C:\Windows\System32\WindowsPowerShell\v1.0\powers hell.exe” ] (Method RN-S) (OK)
                  [ OK ] 147 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk” → [ “C:\Windows\system32\mblctr.exe” ] (Method RN-S) (OK)
                  [ OK ] 148 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk” → [ “C:\Windows\System32\rundll32.exe” ] (Method RN-S) (OK)
                  [ OK ] 149 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk” → [ “C:\Windows\System32\perfmon.exe” ] (Method RN-S) (OK)
                  [ OK ] 150 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk” → [ “C:\Windows\System32\taskschd.msc” ] (Method RN-S) (OK)
                  [ OK ] 151 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk” → [ “C:\Windows\Speech\Common\sapisvr.exe” ] (Method RN-S) (OK)
                  [ OK ] 153 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Accessibility\Ease of Access.lnk” → [ “C:\Windows\System32\control.exe” ] (Method RN-S) (OK)
                  [ OK ] 154 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S endTo\Fax Recipient.lnk” → [ “C:\Windows\system32\WFS.exe” ] (Method RN-S) (OK)
                  [ OK ] 155 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk” → [ “C:\Windows\System32\control.exe” ] (Method RN-S) (OK)
                  [ OK ] 156 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\SendTo\Fax Recipient.lnk” → [ “C:\Windows\system32\WFS.exe” ] (Method RN-S) (OK)
                  .
                  [DEL ] 15 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016\SmartDraw 2016.lnk” (target was not recovered)
                  [DEL ] 16 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016\Uninstall SmartDraw 2016.lnk” (target was not recovered)
                  [DEL ] 37 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk” (target was not recovered)
                  [DEL ] 77 “C:\Users\Anya\Pictures\our animals\our horses\Shortcut to DSCF3378.lnk” (target was not recovered)
                  [DEL ] 78 “C:\Users\Anya\Pictures\Family & friends\spur 001.jpg.lnk” (target was not recovered)
                  [DEL ] 79 “C:\Users\Anya\Pictures\Family & friends\spur 002.jpg.lnk” (target was not recovered)
                  [DEL ] 80 “C:\Users\Anya\Pictures\Family & friends\milwright family\Picture 023.jpg.lnk” (target was not recovered)
                  [DEL ] 83 “C:\Users\Anya\Links\RecentPlaces.lnk” (target was not recovered)
                  [DEL ] 87 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Maintenance\Help.lnk” (target was not recovered)
                  [DEL ] 88 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Command Prompt.lnk” (target was not recovered)
                  [DEL ] 90 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Run.lnk” (target was not recovered)
                  [DEL ] 92 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\System Tools\computer.lnk” (target was not recovered)
                  [DEL ] 93 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\System Tools\Control Panel.lnk” (target was not recovered)
                  [DEL ] 99 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk” (target was not recovered)
                  [DEL ] 101 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk” (target was not recovered)
                  [DEL ] 109 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Toolwiz Care.lnk” (target was not recovered)
                  [DEL ] 113 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Maintenance\Help.lnk” (target was not recovered)
                  [DEL ] 114 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Command Prompt.lnk” (target was not recovered)
                  [DEL ] 116 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Run.lnk” (target was not recovered)
                  [DEL ] 118 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\System Tools\computer.lnk” (target was not recovered)
                  [DEL ] 119 “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk” (target was not recovered)
                  [DEL ] 124 “C:\Users\Default\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\Shows Desktop.lnk” (target was not recovered)
                  [DEL ] 125 “C:\Users\Default\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\Window Switcher.lnk” (target was not recovered)
                  [DEL ] 157 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url”
                  [DEL ] 158 “C:\Users\Anya\Favorites\Windows Live\Get Windows Live.url”
                  [DEL ] 159 “C:\Users\Anya\Favorites\Windows Live\Windows Live Gallery.url”
                  [DEL ] 160 “C:\Users\Anya\Favorites\Windows Live\Windows Live Mail.url”
                  [DEL ] 161 “C:\Users\Anya\Favorites\Windows Live\Windows Live Spaces.url”
                  [DEL ] 162 “C:\Users\Anya\Favorites\MSN Websites\MSN Autos.url”
                  [DEL ] 163 “C:\Users\Anya\Favorites\MSN Websites\MSN Entertainment.url”
                  [DEL ] 164 “C:\Users\Anya\Favorites\MSN Websites\MSN Money.url”
                  [DEL ] 165 “C:\Users\Anya\Favorites\MSN Websites\MSN Sports.url”
                  [DEL ] 166 “C:\Users\Anya\Favorites\MSN Websites\MSN.url”
                  [DEL ] 167 “C:\Users\Anya\Favorites\MSN Websites\MSNBC News.url”
                  [DEL ] 168 “C:\Users\Anya\Favorites\Microsoft Websites\IE Add-on site.url”
                  [DEL ] 169 “C:\Users\Anya\Favorites\Microsoft Websites\IE site on Microsoft.com.url”
                  [DEL ] 170 “C:\Users\Anya\Favorites\Microsoft Websites\Microsoft At Home.url”
                  [DEL ] 171 “C:\Users\Anya\Favorites\Microsoft Websites\Microsoft At Work.url”
                  [DEL ] 172 “C:\Users\Anya\Favorites\Microsoft Websites\Microsoft Store.url”
                  [DEL ] 173 “C:\Users\Anya\Favorites\Links for United States\GobiernoUSA.gov.url”
                  [DEL ] 174 “C:\Users\Anya\Favorites\Links for United States\USA.gov.url”
                  [DEL ] 175 “C:\Users\Anya\Favorites\Links\Suggested Sites.url”
                  [DEL ] 176 “C:\Users\Anya\Favorites\Links\Web Slice Gallery.url”
                  .
                  [SKIP] 1 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk → C:\Windows\Installer{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico” (shortcut was not found)
                  [SKIP] 10 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk → C:\Program Files (x86)\VideoLAN\VLC\Documentation.url” (shortcut was not found)
                  [SKIP] 11 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk → C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt” (shortcut was not found)
                  [SKIP] 12 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk → C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url” (shortcut was not found)
                  [SKIP] 14 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree\Toolwiz Care.lnk” (shortcut was not found)
                  [SKIP] 41 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira on the Internet.lnk → C:\Program Files (x86)\Avira\Antivirus\weblink.url” (shortcut was not found)
                  [SKIP] 84 “C:\Users\Anya\Desktop\PC prework\PCHF further programs\CCleaner.lnk” (shortcut was not found)
                  [SKIP] 132 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree\Uninstall.lnk” (shortcut was not found)
                  .
                  [WARN] 3 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk” → [ “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” ] (already cured)
                  [WARN] 4 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk” → [ “C:\Program Files\paint.net\PaintDotNet.exe” ] (already cured)
                  [WARN] 9 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 2.1.5\Wings 3D 2.1.5.lnk” → [ “C:\Program Files\wings3d_2.1.5\Wings3D.exe” ] (already cured)
                  [WARN] 13 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk” → [ “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” ] (already cured)
                  [WARN] 17 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome\situhome.lnk” → [ “C:\Program Files (x86)\situhome\situhomeLauncher.exe” ] (already cured)
                  [WARN] 18 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\Financial Address Book.lnk” → [ “C:\Program Files (x86)\QUICKENW\addrbook.exe” ] (already cured)
                  [WARN] 19 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\Quicken CashBook - Version 8.lnk” → [ “C:\Program Files (x86)\QUICKENW\QW.EXE” ] (already cured)
                  [WARN] 20 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\Quicken Home Inventory.lnk” → [ “C:\Program Files (x86)\QUICKENW\QHI.exe” ] (already cured)
                  [WARN] 21 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\ReadMe.lnk” → [ “C:\Program Files (x86)\QUICKENW\readme.wri” ] (already cured)
                  [WARN] 22 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\What’s New in Quicken CashBook - Version 8.lnk” → [ “C:\Program Files (x86)\QUICKENW\whatsnew.WRI” ] (already cured)
                  [WARN] 23 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Base.lnk” → [ “C:\Program Files (x86)\OpenOffice 4\program\sbase.exe” ] (already cured)
                  [WARN] 24 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Calc.lnk” → [ “C:\Program Files (x86)\OpenOffice 4\program\scalc.exe” ] (already cured)
                  [WARN] 25 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Draw.lnk” → [ “C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe” ] (already cured)
                  [WARN] 26 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Impress.lnk” → [ “C:\Program Files (x86)\OpenOffice 4\program\simpress.exe” ] (already cured)
                  [WARN] 27 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Math.lnk” → [ “C:\Program Files (x86)\OpenOffice 4\program\smath.exe” ] (already cured)
                  [WARN] 28 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Writer.lnk” → [ “C:\Program Files (x86)\OpenOffice 4\program\swriter.exe” ] (already cured)
                  [WARN] 29 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice.lnk” → [ “C:\Program Files (x86)\OpenOffice 4\program\soffice.exe” ] (already cured)
                  [WARN] 30 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk” → [ “C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe” ] (already cured)
                  [WARN] 34 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor\Image Composite Editor.lnk” → [ “C:\Program Files\Microsoft Research\Image Composite Editor\ICE.exe” ] (already cured)
                  [WARN] 35 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk” → [ “C:\Program Files\HitmanPro\HitmanPro.exe” ] (already cured)
                  [WARN] 36 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth.lnk” → [ “C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe” ] (already cured)
                  [WARN] 38 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Blue Print\Easy Blue Print.lnk” → [ “C:\Program Files (x86)\Easy Blue Print\Easy Blue Print\bp.exe” ] (already cured)
                  [WARN] 39 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk” → [ “C:\Program Files\CCleaner\CCleaner64.exe” ] (already cured)
                  [WARN] 40 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira Antivirus Help.lnk” → [ “C:\Program Files (x86)\Avira\Antivirus\208\avwin.chm” ] (already cured)
                  [WARN] 42 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Start Avira Antivirus.lnk” → [ “C:\Program Files (x86)\Avira\Antivirus\avcenter.exe” ] (already cured)
                  [WARN] 76 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia\Wave Editor\Wave Editor.lnk” → [ “C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe” ] (already cured)
                  [WARN] 81 “C:\Users\Anya\Links\Desktop.lnk” → [ “C:\Users\Anya\Desktop” ] (already cured)
                  [WARN] 82 “C:\Users\Anya\Links\Downloads.lnk” → [ “C:\Users\Anya\Downloads” ] (already cured)
                  [WARN] 86 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Internet Explorer.lnk” → [ “C:\Program Files (x86)\Internet Explorer\iexplore.exe” ] (already cured)
                  [WARN] 98 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk” → [ “C:\Program Files (x86)\Internet Explorer\iexplore.exe” ] (already cured)
                  [WARN] 100 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wave Editor.lnk” → [ “C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe” ] (already cured)
                  [WARN] 102 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wings 3D (x64) 2.1.5.lnk” → [ “C:\Program Files\wings3d_2.1.5\Wings3D.exe” ] (already cured)
                  [WARN] 103 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Image Composite Editor.lnk” → [ “C:\Program Files\Microsoft Research\Image Composite Editor\ICE.exe” ] (already cured)
                  [WARN] 104 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk” → [ “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” ] (already cured)
                  [WARN] 105 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice 4.1.2.lnk” → [ “C:\Program Files (x86)\OpenOffice 4\program\soffice.exe” ] (already cured)
                  [WARN] 106 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\paint.net.lnk” → [ “C:\Program Files\paint.net\PaintDotNet.exe” ] (already cured)
                  [WARN] 107 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Quicken CashBook - Version 8.lnk” → [ “C:\Program Files (x86)\QUICKENW\QW.EXE” ] (already cured)
                  [WARN] 108 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Google Earth.lnk” → [ “C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe” ] (already cured)
                  [WARN] 111 “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinne d.lnk” → [ “C:\Windows\System32\control.exe” ] (already cured)
                  [WARN] 112 “C:\Users\Anya\AppData\Local\ToolwizCareFree\Disab led Load for ALL\Billminder.lnk” → [ “C:\Program Files (x86)\QUICKENW\billmind.exe” ] (already cured)
                  [WARN] 152 “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk” → [ “C:\Program Files (x86)\Internet Explorer\iexplore.exe” -extoff ] (already cured)
                  .
                  ____________________________ Icons location _____________________________
                  .
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk” → [ “.”, index=1 ] (Method: 6)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Notepad.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Windows Explorer.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\System Tools\Private Character Editor.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Accessibility\Magnify.ln k” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Accessibility\Narrator.l nk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Notepad.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Windows Explorer.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Accessibility\Magnify.ln k” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Accessibility\Narrator.l nk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories\Accessibility\Ease of Access.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Anya\AppData\Roaming\Microsoft\Windows\S endTo\Fax Recipient.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk” → [ “.”, index=1 ] (Method: 3)
                  [ OK ] “C:\Users\Default\AppData\Roaming\Microsoft\Window s\SendTo\Fax Recipient.lnk” → [ “.”, index=1 ] (Method: 3)
                  .
                  ______________________________ Statistics _______________________________
                  Cure ran per today: 1 times.

                  Total processed: 176
                  Code:
                       Cured:     84
     Deleted:   43
     Omitted:   8
     Warnings:  41
                  ______________________________ End of Log _______________________________CRC32: 75C95525

                  ListCHKDSK;
                  ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
                  ------< Log generate on 3/2/2017 9:55:17 PM >------
                  Category: 0
                  Computer Name: Anya-PC
                  Event Code: 26214
                  Record Number: 1635
                  Source Name: Chkdsk
                  Time Written: 02-07-2017 @ 22:37:02
                  Event Type: Information
                  User:
                  Message: Chkdsk was executed in read/write mode.

                  Checking file system on E:
                  Volume label is Anya Lavender.

                  CHKDSK is verifying files (stage 1 of 3)…
                  96000 file records processed.

                  File verification completed.
                  1724 large file records processed.

                  0 bad file records processed.

                  0 EA records processed.

                  0 reparse records processed.

                  CHKDSK is verifying indexes (stage 2 of 3)…
                  100322 index entries processed.

                  Index verification completed.
                  CHKDSK is scanning unindexed files for reconnect to their original directory.

                  Recovering orphaned file JESSSC~1.DOC (8589) into directory file 5.

                  CHKDSK is verifying security descriptors (stage 3 of 3)…
                  96000 file SDs/SIDs processed.

                  Cleaning up 119 unused index entries from index $SII of file 0x9.
                  Cleaning up 119 unused index entries from index $SDH of file 0x9.
                  Cleaning up 119 unused security descriptors.
                  Security descriptor verification completed.
                  2162 data files processed.

                  CHKDSK is verifying Usn Journal…
                  9390392 USN bytes processed.

                  Usn Journal verification completed.
                  Windows has made corrections to the file system.

                  195358719 KB total disk space.
                  75504112 KB in 57669 files.
                  24656 KB in 2163 indexes.
                  177339 KB in use by the system.
                  65536 KB occupied by the log file.
                  119652612 KB available on disk.
                  Code:
                    4096 bytes in each allocation unit.
                  48839679 total allocation units on disk.
                  29913153 allocation units available on disk.

                  Category: 0
                  Computer Name: Anya-PC
                  Event Code: 1001
                  Record Number: 611
                  Source Name: Microsoft-Windows-Wininit
                  Time Written: 01-04-2017 @ 04:00:22
                  Event Type: Information
                  User:
                  Message:

                  Checking file system on \?\Volume{581436b1-d13e-11e6-a4d3-806e6f6e6963}
                  The type of the file system is NTFS.

                  One of your disks needs to be checked for consistency. You
                  may cancel the disk check, but it is strongly recommended
                  that you continue.
                  Windows will now check the disk.

                  CHKDSK is verifying files (stage 1 of 3)…
                  256 file records processed.

                  File verification completed.
                  0 large file records processed.

                  0 bad file records processed.

                  0 EA records processed.

                  0 reparse records processed.

                  CHKDSK is verifying indexes (stage 2 of 3)…
                  280 index entries processed.

                  Index verification completed.
                  0 unindexed files scanned.

                  0 unindexed files recovered.

                  CHKDSK is verifying security descriptors (stage 3 of 3)…
                  256 file SDs/SIDs processed.

                  Cleaning up 6 unused index entries from index $SII of file 0x9.
                  Cleaning up 6 unused index entries from index $SDH of file 0x9.
                  Cleaning up 6 unused security descriptors.
                  Security descriptor verification completed.
                  12 data files processed.

                  Windows has checked the file system and found no problems.
                  Code:
                  516095 KB total disk space.
  7508 KB in 6 files.
    12 KB in 14 indexes.
     0 KB in bad sectors.
  4923 KB in use by the system.
  4240 KB occupied by the log file.
503652 KB available on disk.

  4096 bytes in each allocation unit.
129023 total allocation units on disk.
125913 allocation units available on disk.
                  Internal Info:
                  00 01 00 00 1f 00 00 00 1b 00 00 00 00 00 00 00 …
                  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …
                  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …

                  Category: 0
                  Computer Name: Anya-PC
                  Event Code: 1001
                  Record Number: 610
                  Source Name: Microsoft-Windows-Wininit
                  Time Written: 01-04-2017 @ 04:00:22
                  Event Type: Information
                  User:
                  Message:

                  Checking file system on \?\Volume{581436af-d13e-11e6-a4d3-806e6f6e6963}
                  The type of the file system is NTFS.
                  Volume label is System Reserved.

                  One of your disks needs to be checked for consistency. You
                  may cancel the disk check, but it is strongly recommended
                  that you continue.
                  Windows will now check the disk.

                  CHKDSK is verifying files (stage 1 of 3)…
                  256 file records processed.

                  File verification completed.
                  0 large file records processed.

                  0 bad file records processed.

                  0 EA records processed.

                  0 reparse records processed.

                  CHKDSK is verifying indexes (stage 2 of 3)…
                  336 index entries processed.

                  Index verification completed.
                  0 unindexed files scanned.

                  0 unindexed files recovered.

                  CHKDSK is verifying security descriptors (stage 3 of 3)…
                  256 file SDs/SIDs processed.

                  Cleaning up 29 unused index entries from index $SII of file 0x9.
                  Cleaning up 29 unused index entries from index $SDH of file 0x9.
                  Cleaning up 29 unused security descriptors.
                  Security descriptor verification completed.
                  40 data files processed.

                  Windows has checked the file system and found no problems.
                  Code:
                  102399 KB total disk space.
 25620 KB in 52 files.
    28 KB in 42 indexes.
     0 KB in bad sectors.
  2727 KB in use by the system.
  2048 KB occupied by the log file.
 74024 KB available on disk.

  4096 bytes in each allocation unit.
 25599 total allocation units on disk.
 18506 allocation units available on disk.
                  Internal Info:
                  00 01 00 00 69 00 00 00 89 00 00 00 00 00 00 00 …i…
                  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …
                  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …

                  And the link for Speccy; http://speccy.piriform.com/results/Z...rIpv4hhzyphQ0z

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7041
                      #6
                      How is your machine running now?

                      Step 1: Reset Host File

                      [ul]
                      [li]Click here to download RstHosts v2.0[/li][li]Save the file to your desktop.[/li][li]Right Click and Run as Administrator.[/li][li]Click on Restaurer, then click OK at the prompt.[/li][li]This will restore the default host file.[/li][li]Next Click on Creer Un Rapport.[/li][li]This will open a logfile, post that in your next reply.[/li][/ul]


                      Autologger Scan.


                      [ul]
                      [li]Disable your Antivirus & Anti spyware applications!![/li][li]Download Autologger to your desktop.[/li][li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as admin. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][li]https://i.imgur.com/KA81Q57.png[/li][/ul]

                      Alright, now clean the machine with Privazer, then defrag with ToolWhiz Defrag.

                      Temps are a bit high, what sort of surface do you use your laptop on? Keep in mind that the fans that vent a laptop have openings on the bottom…

                      I suggest to elevate the machine by placing two books under it, one on either side so the airflow is increased… Or use a laptop cooling pad.

                      You should clean out the dust from the machine.

                      [MEDIA=youtube]Ln8GhxMG_PA[/MEDIA]

                      Use this video if you do not have the means to get a can of compressed air…

                      [MEDIA=youtube]74agkgZdzkI[/MEDIA]

                        Comment

                        • Loosie
                          PCHF Member
                          • Feb 2017
                          • 97
                          #7
                          Hiya, thank you SO much for your help so far. Unfortunately, my computer is still slow to boot up & still gets ‘stuck’(program not responding), perhaps especially in Firefox. I don’t use it for games or anything like that BTW. It may be better than it was tho…

                          I forgot to mention other day, Avira popped up with ‘host file blocked’ when I was following one of your instructs, and I just did the RstHosts instruc above & it did this again. About to follow the rest of the above. Below is the RstHost report… Oh & I usually have my laptop on my lap.

                          RstHost;
                          -|x| RstHosts v2.0 - Rapport créé le 03/03/2017 à 10:14:32
                          -|x| Système d’exploitation : Windows 7 Professional Service Pack 1 (64 bits)
                          -|x| Nom d’utilisateur : Anya - ANYA-PC (Administrateur)

                          -|x|- Informations -|x|-

                          Emplacement : C:\Windows\System32\drivers\etc\hosts
                          Attribut(s) : RASH
                          Propriétaire : Administrators - BUILTIN
                          Taille : 824 bytes
                          Date de création : 14/07/2009 - 13:34:48
                          Date de modification : 11/06/2009 - 08:00:26
                          Date de dernier accès : 14/07/2009 - 13:34:48

                          -|x|- Contenu du fichier -|x|-
                          [HEADING=1]Copyright (c) 1993-2009 Microsoft Corp.[/HEADING]
                          [HEADING=1]This is a sample HOSTS file used by Microsoft TCP/IP for Windows.[/HEADING]
                          [HEADING=1]This file contains the mappings of IP addresses to host names. Each[/HEADING]
                          [HEADING=1]entry should be kept on an individual line. The IP address should[/HEADING]
                          [HEADING=1]be placed in the first column followed by the corresponding host name.[/HEADING]
                          [HEADING=1]The IP address and the host name should be separated by at least one[/HEADING]
                          [HEADING=1]space.[/HEADING]
                          [HEADING=1]Additionally, comments (such as these) may be inserted on individual[/HEADING]
                          [HEADING=1]lines or following the machine name denoted by a ‘#’ symbol.[/HEADING]
                          [HEADING=1]For example:[/HEADING]
                          [HEADING=1]102.54.94.97 rhino.acme.com # source server[/HEADING]
                          [HEADING=1]38.25.63.10 x.acme.com # x client host[/HEADING]
                          [HEADING=1]localhost name resolution is handled within DNS itself.[/HEADING]
                          [HEADING=1]127.0.0.1 localhost[/HEADING]
                          [HEADING=1]::1 localhost[/HEADING]
                          -|x|- E.O.F - C:\RstHosts.txt - 1356 bytes -|x|-

                            Comment

                            • Malnutrition
                              PCHF Moderator
                              • Jul 2016
                              • 7041
                              #8
                              Alright, Avira may be the issue here. Just as a test please uninstall it and then replace it with the lighter SecureAplus.

                              Uninstall Avira with Geek Uninstaller
                              Then reboot your machine.
                              Run the Avira removal tool.
                              Reboot once more and then install SecureAplus.

                                Comment

                                • Loosie
                                  PCHF Member
                                  • Feb 2017
                                  • 97
                                  #9
                                  Oh & I forgot, until they both came up when I rebooted… I also have HitmanPro and Lukefilewalker installed. The latter was installed when I got the machine & just happens periodically for no apparent reason. Will any of these programs be conflicting with any other & if so, which should I remove?

                                    Comment

                                    • Malnutrition
                                      PCHF Moderator
                                      • Jul 2016
                                      • 7041
                                      #10
                                      Remove Avira LukeFirewalker is a part of Avira.
                                      HitmanPro is fine, it will not conflict with anything, so far all tools you have run for me only run when you tell them to run, so there is no chance of conflict.
                                      Avira is known to slow some machines, so lets remove it for now.
                                      Then get me the Autlogger file.

                                        Comment

                                        • Loosie
                                          PCHF Member
                                          • Feb 2017
                                          • 97
                                          #11
                                          Righto, feel a bit silly, cos I got as far as uninstalling Avira & replacing with SecureAPlus, but haven’t yet done the Autologger scan, because I can’t work out how to disable SecureA…??

                                            Comment

                                            • Loosie
                                              PCHF Member
                                              • Feb 2017
                                              • 97
                                              #12
                                              …And I just left SecureA running it’s initial scan after installing… it says ‘app white listing driver not running!’ and it’s been going for well over half an hour & is still @ 7%, which it was up to before I left home half an hour ago??

                                                Comment

                                                • Loosie
                                                  PCHF Member
                                                  • Feb 2017
                                                  • 97
                                                  #13
                                                  That program was still stuck. I stopped it & restarted & it still only went to 7%. So I’ve uninstalled it & installed Avast instead now. Hope that’s OK. I know this one at least! It is running in ‘passive mode’ though, because I have malwarebytes(btw, HitmanPro was a trial that had ended). Will Avast conflict with MBAM if I have them both running together?

                                                    Comment

                                                    • Loosie
                                                      PCHF Member
                                                      • Feb 2017
                                                      • 97
                                                      #14
                                                      Boy! That one took ages! Attached is the Autologger files. Attached the zip, since there are quite a few.

                                                        Comment

                                                        • Malnutrition
                                                          PCHF Moderator
                                                          • Jul 2016
                                                          • 7041
                                                          #15
                                                          Zoek Scan

                                                          Disable your antivirus prior to this scan.
                                                          Download Zoek
                                                          Save the file to your desktop.
                                                          Right click Zoek.exe and run as administrator. (Xp Users double click)
                                                          Copy the items in red below, and paste them into Zoek.

                                                          createsrpoint;
                                                          C:\Windows\system32\tasks\Microsoft\Windows\Window s Media Sharing;f
                                                          C:\Windows\system32\tasks\Microsoft\Windows\Remote Assistance;f
                                                          C:\Windows\system32\tasks\Microsoft\Windows\Applic ation Experience;f
                                                          C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\extensions\abs@avira.com.xpi;f
                                                          bepbmhgboaologfdajaanbcjmnhjmhfn;chr
                                                          gfdkimpbcpahaombhbimeihdjnejgicl;chr
                                                          {26080cad-4adc-49ac-8c63-eda16e595cbd};c
                                                          [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{26080cad-4adc-49ac-8c63-eda16e595cbd}];r
                                                          {0633EE93-D776-472f-A0FF-E1416B8B2E3A};c
                                                          [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\ Internet Explorer\SearchScopes{26080cad-4adc-49ac-8c63-eda16e595cbd}];r
                                                          [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolwizCareFree];r
                                                          C:\Windows\system32\drivers\TrueSight.sys;fs
                                                          C:\0a8ec230a9bc40a012aaed;fs
                                                          C:\ProgramData\Avg;f
                                                          C:\ProgramData\TechUtilities64;f
                                                          C:\Windows.old;f
                                                          C:\Program Files (x86)\Avira;f
                                                          C:\Windows10Upgrade;f
                                                          C:\ESD;f
                                                          C:$Windows.~WS;f
                                                          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe;fs
                                                          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe;fs
                                                          C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exef;fs
                                                          C:\Program Files\SecureAge\Everything\EverythingServer.exe;fs
                                                          C:\Program Files (x86)\Windows Defender;fs
                                                          C:\Users\Anya\AppData\Local\Temp~DF629C3D595DC43EF 8.TMP;f
                                                          C:\Users\Anya\AppData\Local\Temp~DF8CFA1C7CC0D40AA 9.TMP;f
                                                          emptyfolderscheck;delete
                                                          emptyclsid;
                                                          emptyalltemp;
                                                          ipconfig /flushdns;b
                                                          autoclean;

                                                          Now hit the run script button.
                                                          The log will appear after a reboot, also you can find it on the C: drive.
                                                          Post the log in your next reply.

                                                            Comment

                                                            Previous 1 2 3 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree