Solved laptop very slow since reinstall

Ran by Anya (administrator) on ANYA-PC (01-03-2017 11:57:39)
Running from C:\Users\Anya\Desktop\PC prework
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Toolwiz) C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Toolwiz.com) C:\Program Files (x86)\ToolwizCareFree\ToolwizTools.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\calc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\...\Run: [ToolwizCareFree] => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [5274328 2017-01-08] (Toolwiz)
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4C627B19-BC24-470C-A374-BA04D5043EF9}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp10_adw_hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: dolfqtls.default
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default [2017-03-01]
FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default -> mail.yahoo.com
FF Session Restore: Mozilla\Firefox\Profiles\dolfqtls.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\abs@avira.com.xpi [2017-02-09]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\features\{ce52f54d-0d9c-4224-b2d6-5d5791543a5a}\disableSHA1rollout@mozilla.org.xpi [2017-02-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-04] (SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-03-01] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 11:54 - 2017-03-01 11:57 - 00000000 ___DC C:\FRST
2017-03-01 11:49 - 2017-03-01 11:57 - 00000000 ___DC C:\Users\Anya\Desktop\PC prework
2017-03-01 10:22 - 2017-02-27 15:02 - 00697053 ____C C:\Users\Anya\Documents\stock%20crate%20needs.doc_1.odt
2017-03-01 09:28 - 2017-03-01 11:14 - 00110536 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-01 09:28 - 2017-03-01 11:14 - 00081696 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-01 09:28 - 2017-03-01 11:14 - 00043968 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-01 09:28 - 2017-03-01 11:13 - 00251848 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 09:28 - 2017-03-01 09:28 - 00176584 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\Program Files\Malwarebytes
2017-03-01 09:27 - 2017-01-20 07:47 - 00077416 ____C C:\Windows\system32\Drivers\mbae64.sys
2017-03-01 09:14 - 2017-03-01 09:14 - 00002786 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-01 09:14 - 2017-03-01 09:14 - 00000822 ____C C:\Users\Public\Desktop\CCleaner.lnk
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\Program Files\CCleaner
2017-03-01 09:13 - 2017-03-01 09:14 - 55566792 ____C (Malwarebytes ) C:\Users\Anya\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-03-01 08:53 - 2017-03-01 08:54 - 09261616 ____C (Piriform Ltd) C:\Users\Anya\Downloads\ccsetup527.exe
2017-02-27 10:22 - 2017-02-27 10:22 - 01961016 ____C C:\Users\Anya\Downloads\Ramblings 3 - February 21st 2017.pdf
2017-02-26 22:52 - 2017-02-26 22:52 - 01793086 ____C C:\Users\Anya\Downloads\14475841_975050299290299_6153463609927139328_n.mp4
2017-02-22 19:16 - 2017-02-22 19:16 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100877 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100875 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39.pdf
2017-02-22 18:56 - 2017-02-22 18:56 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017.pdf
2017-02-21 21:46 - 2017-02-24 21:16 - 00047120 ____C C:\Users\Anya\Documents\My Places.kmz
2017-02-20 13:47 - 2017-02-20 13:47 - 00543652 ____C C:\Users\Anya\Downloads\parknotesnourlangie.pdf
2017-02-17 20:15 - 2017-02-17 20:15 - 00000000 ___DC C:\Program Files (x86)\Windows Resource Kits
2017-02-17 20:11 - 2017-02-17 20:11 - 00002130 ____C C:\Users\Anya\Downloads\reset_fp.zip
2017-02-17 20:05 - 2017-02-17 20:05 - 00379392 ____C C:\Users\Anya\Downloads\subinacl.msi
2017-02-16 22:02 - 2017-02-16 22:03 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
2017-02-14 23:35 - 2017-02-14 23:35 - 00000000 ___DC C:\Windows\System32\Tasks\Games
2017-02-14 21:44 - 2017-02-14 21:44 - 00000000 ___DC C:\Program Files (x86)\Driver Detective
2017-02-13 16:48 - 2017-02-13 16:50 - 01325535 ____C C:\Users\Anya\Downloads\Ramblings 1a - February 7th 2017.pdf
2017-02-12 23:43 - 2017-02-12 23:43 - 00248541 ____C C:\Users\Anya\Downloads\FlashBrowserVersion.pdf
2017-02-10 10:01 - 2017-02-10 10:01 - 00327713 ____C C:\Users\Anya\Downloads\109.full.pdf
2017-02-10 10:01 - 2017-02-10 10:01 - 00213450 ____C C:\Users\Anya\Downloads\ARRT_Std_Terms.pdf
2017-02-09 12:09 - 2017-02-09 12:09 - 00562254 ____C C:\Users\Anya\Downloads\pdf2doc.zip
2017-02-09 11:56 - 2017-02-09 11:56 - 00118501 ____C C:\Users\Anya\Downloads\R Oosthuizen Response.pdf
2017-02-08 09:55 - 2017-03-01 11:54 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
2017-02-08 09:43 - 2017-02-08 09:52 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
2017-02-07 21:18 - 2017-02-07 21:18 - 00416082 ____C C:\Users\Anya\Documents\L fore paw AP 06-12-2016_52524.JPEG
2017-02-07 21:18 - 2017-02-07 21:18 - 00346479 ____C C:\Users\Anya\Documents\Tilly Lavender Consultation History Notes.pdf
2017-02-07 15:14 - 2017-02-07 15:14 - 00137063 ____C C:\Users\Anya\Documents\civil-claims-app-11854.pdf
2017-02-07 13:41 - 2017-02-07 13:41 - 00000154 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
2017-02-07 13:36 - 2017-02-07 13:36 - 00000290 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
2017-02-07 02:12 - 2017-02-08 09:45 - 00569645 ____C C:\Users\Anya\Documents\High detail front right paw 28-11-2016_52524.JPEG
2017-02-06 12:16 - 2017-02-06 12:16 - 00000000 ___DC C:\Program Files (x86)\Display
2017-02-06 11:44 - 2017-02-20 22:59 - 00000000 ___DC C:\Program Files (x86)\SpeedItup Free
2017-02-02 12:10 - 2017-02-02 12:10 - 00005606 ____C C:\Windows\system32\.crusader
2017-02-01 19:45 - 2017-02-01 19:45 - 00508320 ____C C:\Users\Anya\Documents\AL606-12-16 Front Extremity_52524.JPEG
2017-02-01 19:44 - 2017-02-01 19:44 - 00459920 ____C C:\Users\Anya\Documents\AL706-12-16 Front Extremity (3)_52524.JPEG
2017-02-01 19:39 - 2017-02-01 19:39 - 00587748 ____C C:\Users\Anya\Documents\High detail front right paw 3 28-11-2016_52524.JPEG
2017-02-01 19:39 - 2017-02-01 19:39 - 00566078 ____C C:\Users\Anya\Documents\High detail front right paw 2 28-11-2016_52524.JPEG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 11:56 - 2017-01-02 17:56 - 00000264 ____C C:\Windows\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134}.job
2017-03-01 11:21 - 2017-01-02 18:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
2017-03-01 11:21 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-01 11:21 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-01 11:14 - 2017-01-03 16:33 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-01 11:14 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\inf
2017-03-01 11:12 - 2009-07-14 16:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-03-01 10:39 - 2017-01-07 23:55 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\ParetoLogic
2017-03-01 09:25 - 2017-01-25 18:16 - 00000000 ___DC C:\Windows\Minidump
2017-03-01 09:25 - 2017-01-03 09:53 - 00000000 ___DC C:\Windows\Panther
2017-02-26 08:59 - 2017-01-07 23:08 - 00000430 ____C C:\Windows\Tasks\TechUtilities.job
2017-02-24 11:39 - 2017-01-19 15:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 12:18 - 2017-01-02 16:56 - 00000000 ___DC C:\Users\Anya\Documents\tio & telstra
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\finance
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\family & health
2017-02-19 21:35 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
2017-02-19 21:34 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\Anya's phone
2017-02-19 21:34 - 2017-01-02 16:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
2017-02-19 21:33 - 2017-01-02 16:53 - 00000000 ___DC C:\Users\Anya\Documents\Anya
2017-02-17 20:09 - 2017-01-03 16:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
2017-02-17 20:08 - 2017-01-03 16:33 - 00802904 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-17 20:08 - 2017-01-03 16:33 - 00144472 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-17 20:08 - 2017-01-03 16:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\system32\Macromed
2017-02-15 10:06 - 2009-07-14 16:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
2017-02-14 13:38 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\LiveKernelReports
2017-02-08 09:52 - 2017-01-19 19:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
2017-02-06 09:26 - 2017-01-02 18:38 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2017-02-02 12:49 - 2017-01-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-02-02 12:01 - 2017-01-02 19:16 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-02 12:01 - 2017-01-02 18:04 - 00000000 ___DC C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2017-01-03 14:58 - 2017-01-03 14:58 - 0000044 ____C () C:\Users\Anya\AppData\Roaming\WB.CFG

Files to move or delete:
====================
C:\Windows\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-03 09:54

==================== End of FRST.txt ============================

Click to expand...

Ran by Anya (01-03-2017 12:00:30)
Running from C:\Users\Anya\Desktop\PC prework
Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
EasyBluePrint (HKLM-x32\...\{598B5BFB-3491-4C9B-9D20-F6477932FFCE}) (Version: 1.00.0000 - Lazycat Labs LLC)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version: - )
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {33037067-24A4-4C51-9BF4-C93967D001CB} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2017-01-08] (Toolwiz)
Task: {4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
Task: {792F89C5-CD6D-420F-B59F-A6FD747F23A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-17] (Adobe Systems Incorporated)
Task: {84DD79D9-08FF-42FE-B5A0-F88E208EA467} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000
Task: {977EEB1A-1D70-420F-8E80-26BACAE87F7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {A8A2EB79-53E4-43C3-8391-143FC1FC3B23} - System32\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134} => C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe <==== ATTENTION
Task: {CF69B18C-0219-4C72-A7C0-B5155F4BFF07} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe -t C:\Program Files\TechUtilities\TechUtilities.exe
Task: C:\Windows\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134}.job => C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-01 09:27 - 2017-01-20 07:47 - 02264352 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-01 09:27 - 2017-01-20 07:47 - 02254800 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-01 09:27 - 2017-01-20 07:47 - 02829776 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-04 14:53 - 2017-01-04 14:53 - 03052032 ____C () C:\Windows\assembly\NativeImages_v4.0.30319_64\PaintDotNetc8826574#\1231046019f02411806acdb82aa3f17a\PaintDotNet.SystemLayer.Native.x64.ni.dll
2016-12-12 17:01 - 2016-12-12 17:01 - 01083088 ____C () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
2015-10-21 15:50 - 2015-10-21 15:50 - 00988160 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00170496 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00136192 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00303616 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2017 11:13:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2017 07:49:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/25/2017 09:22:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/23/2017 12:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googleearth.exe, version: 7.1.8.3036, time stamp: 0x587ddf05
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0002f347
Faulting process id: 0x3d4
Faulting application start time: 0x01d28c9daba8551c
Faulting application path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 620c036c-f8ff-11e6-801a-0024e8dc6112

Error: (02/22/2017 09:16:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2017 10:42:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 02:17:06 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnPowerEvent(Object sender, PowerBroadcastStatusEventArgs e)
at Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs)
at Avira.OE.ServiceHost.WindowsService.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (02/19/2017 02:05:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/17/2017 08:21:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2017 09:12:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/01/2017 07:48:09 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8007bd14e0, 0xfffff88004039cb0, 0x0000000000000000, 0x000000000000000c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030117-29640-01.

Error: (03/01/2017 07:47:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:33 PM on ‎2/‎27/‎2017 was unexpected.

Error: (02/27/2017 09:05:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (02/25/2017 02:04:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (02/24/2017 09:09:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/24/2017 01:55:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HitmanProScheduler service.

Error: (02/22/2017 07:58:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

Error: (02/22/2017 09:15:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:17:55 AM on ‎2/‎22/‎2017 was unexpected.

Error: (02/21/2017 06:19:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.

Error: (02/20/2017 10:41:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 4047.92 MB
Available physical RAM: 828.74 MB
Total Virtual: 8094.04 MB
Available Virtual: 4544.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.46 GB) (Free:21.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)

==================== End of Addition.txt ============================

Click to expand...

Run date: 2017-03-01 12:10:33
-----------------------------
12:10:33.299 OS Version: Windows x64 6.1.7601 Service Pack 1
12:10:33.299 Number of processors: 2 586 0x170A
12:10:33.301 ComputerName: ANYA-PC UserName: Anya
12:10:36.188 Initialize success
12:10:36.870 VM: initialized successfully
12:10:36.873 VM: Intel CPU BiosDisabled
12:17:41.631 AVAST engine defs: 17010903
12:19:02.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:19:02.670 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
12:19:02.896 Disk 0 MBR read successfully
12:19:02.899 Disk 0 MBR scan
12:19:02.906 Disk 0 Windows 7 default MBR code
12:19:02.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:19:02.926 Disk 0 default boot code
12:19:02.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
12:19:02.973 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
12:19:03.034 Disk 0 scanning C:\Windows\system32\drivers
12:19:15.284 Service scanning
12:19:43.094 Modules scanning
12:19:43.106 Disk 0 trace - called modules:
12:19:43.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:19:43.158 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800439d060]
12:19:43.164 3 CLASSPNP.SYS[fffff880011d143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040b5680]
12:19:44.592 AVAST engine scan C:\Windows
12:19:47.579 AVAST engine scan C:\Windows\system32
12:32:25.222 AVAST engine scan C:\Windows\system32\drivers
12:34:02.728 AVAST engine scan C:\Users\Anya
13:20:58.634 AVAST engine scan C:\ProgramData
13:22:09.962 Disk 0 statistics 4191535/0/0 @ 0.96 MB/s
13:22:10.019 Scan finished successfully
13:37:13.672 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\PC prework\MBR.dat"
13:37:13.722 The log file has been saved successfully to "C:\Users\Anya\Desktop\PC prework\aswMBR.txt"

Click to expand...

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Anya [Administrator]
Started from : C:\Users\Anya\Desktop\PCHF programs\RogueKillerX64.exe
Mode : Scan -- Date : 03/01/2017 19:04:48 (Duration : 00:17:45)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx : [x] -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138 -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134}.job -- C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe (/Check) -> Found
[Suspicious.Path] \{3414E28B-7B30-5D60-A18E-73890419B134} -- C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe (/Check) -> Found

¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Anya\AppData\Roaming\ParetoLogic -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Driver Detective -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\SpeedItup Free -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] dolfqtls.default : user_pref("browser.startup.homepage", "mail.yahoo.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-75ZCT2 ATA Device +++++
--- User ---
[MBR] 47c5e781ab77453373e0941962d72004
[BSP] ec87961bac3f884dc2a63fa0e35af3c1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152019 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 311543808 | Size: 504 MB
User = LL1 ... OK
User = LL2 ... OK

Click to expand...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Professional x64
Ran by Anya (Administrator) on Wed 03/01/2017 at 19:52:37.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Invalidprefs.js (File)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWTV4YGS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWTV4YGS (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/01/2017 at 19:54:14.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Click to expand...

# AdwCleaner v6.043 - Logfile created 01/03/2017 at 19:57:50
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-28.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Anya - ANYA-PC
# Running from : C:\Users\Anya\Desktop\PCHF programs\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\ReviverSoft
Key Found: HKLM\SOFTWARE\ReviverSoft
Key Found: HKLM\SOFTWARE\Auslogics


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6380 Bytes] - [21/09/2016 22:23:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [5907 Bytes] - [21/09/2016 20:41:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1245 Bytes] - [01/03/2017 19:57:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1318 Bytes] ##########

Click to expand...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by Anya (administrator) on ANYA-PC (01-03-2017 20:20:32)
Running from C:\Users\Anya\Desktop\PC prework
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4C627B19-BC24-470C-A374-BA04D5043EF9}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp10_adw_hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: dolfqtls.default
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default [2017-03-01]
FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default -> hxxps://mg.mail.yahoo.com/neo/launch?.rand=4329iole1n0eg#6349
FF Extension: (Avira Browser Safety) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\abs@avira.com.xpi [2017-02-09]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\features\{ce52f54d-0d9c-4224-b2d6-5d5791543a5a}\disableSHA1rollout@mozilla.org.xpi [2017-02-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-04] (SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-01] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-03-01] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 19:04 - 2017-03-01 19:04 - 00028272 ____C C:\Windows\system32\Drivers\TrueSight.sys
2017-03-01 18:44 - 2017-03-01 18:44 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Avira
2017-03-01 18:41 - 2017-03-01 19:03 - 00000000 ___DC C:\ProgramData\RogueKiller
2017-03-01 13:10 - 2017-03-01 13:11 - 03071606 ____C C:\Users\Anya\Downloads\Ramblings 4 - February 28th 2017.pdf
2017-03-01 13:03 - 2017-03-01 13:04 - 06029906 ____C C:\Users\Anya\Downloads\27th February 2017.pdf
2017-03-01 11:54 - 2017-03-01 20:20 - 00000000 ___DC C:\FRST
2017-03-01 11:49 - 2017-03-01 20:15 - 00000000 ___DC C:\Users\Anya\Desktop\PC prework
2017-03-01 10:22 - 2017-02-27 15:02 - 00697053 ____C C:\Users\Anya\Documents\stock%20crate%20needs.doc_1.odt
2017-03-01 09:28 - 2017-03-01 20:13 - 00176584 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-01 09:28 - 2017-03-01 20:12 - 00110536 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-01 09:28 - 2017-03-01 20:12 - 00081696 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-01 09:28 - 2017-03-01 20:12 - 00043968 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-01 09:28 - 2017-03-01 20:11 - 00251848 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\Program Files\Malwarebytes
2017-03-01 09:27 - 2017-01-20 07:47 - 00077416 ____C C:\Windows\system32\Drivers\mbae64.sys
2017-03-01 09:14 - 2017-03-01 17:03 - 00002788 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\Program Files\CCleaner
2017-02-27 10:22 - 2017-02-27 10:22 - 01961016 ____C C:\Users\Anya\Downloads\Ramblings 3 - February 21st 2017.pdf
2017-02-26 22:52 - 2017-02-26 22:52 - 01793086 ____C C:\Users\Anya\Downloads\14475841_975050299290299_6153463609927139328_n.mp4
2017-02-22 19:16 - 2017-02-22 19:16 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100877 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100875 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39.pdf
2017-02-22 18:56 - 2017-02-22 18:56 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017.pdf
2017-02-21 21:46 - 2017-02-24 21:16 - 00047120 ____C C:\Users\Anya\Documents\My Places.kmz
2017-02-20 13:47 - 2017-02-20 13:47 - 00543652 ____C C:\Users\Anya\Downloads\parknotesnourlangie.pdf
2017-02-17 20:15 - 2017-02-17 20:15 - 00000000 ___DC C:\Program Files (x86)\Windows Resource Kits
2017-02-17 20:11 - 2017-02-17 20:11 - 00002130 ____C C:\Users\Anya\Downloads\reset_fp.zip
2017-02-17 20:05 - 2017-02-17 20:05 - 00379392 ____C C:\Users\Anya\Downloads\subinacl.msi
2017-02-16 22:02 - 2017-02-16 22:03 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
2017-02-14 23:35 - 2017-02-14 23:35 - 00000000 ___DC C:\Windows\System32\Tasks\Games
2017-02-13 16:48 - 2017-02-13 16:50 - 01325535 ____C C:\Users\Anya\Downloads\Ramblings 1a - February 7th 2017.pdf
2017-02-12 23:43 - 2017-02-12 23:43 - 00248541 ____C C:\Users\Anya\Downloads\FlashBrowserVersion.pdf
2017-02-10 10:01 - 2017-02-10 10:01 - 00327713 ____C C:\Users\Anya\Downloads\109.full.pdf
2017-02-10 10:01 - 2017-02-10 10:01 - 00213450 ____C C:\Users\Anya\Downloads\ARRT_Std_Terms.pdf
2017-02-09 12:09 - 2017-02-09 12:09 - 00562254 ____C C:\Users\Anya\Downloads\pdf2doc.zip
2017-02-09 11:56 - 2017-02-09 11:56 - 00118501 ____C C:\Users\Anya\Downloads\R Oosthuizen Response.pdf
2017-02-08 09:55 - 2017-03-01 16:42 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
2017-02-08 09:43 - 2017-02-08 09:52 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
2017-02-07 21:18 - 2017-02-07 21:18 - 00416082 ____C C:\Users\Anya\Documents\L fore paw AP 06-12-2016_52524.JPEG
2017-02-07 21:18 - 2017-02-07 21:18 - 00346479 ____C C:\Users\Anya\Documents\Tilly Lavender Consultation History Notes.pdf
2017-02-07 15:14 - 2017-02-07 15:14 - 00137063 ____C C:\Users\Anya\Documents\civil-claims-app-11854.pdf
2017-02-07 13:41 - 2017-02-07 13:41 - 00000154 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
2017-02-07 13:36 - 2017-02-07 13:36 - 00000290 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
2017-02-07 02:12 - 2017-02-08 09:45 - 00569645 ____C C:\Users\Anya\Documents\High detail front right paw 28-11-2016_52524.JPEG
2017-02-06 12:16 - 2017-02-06 12:16 - 00000000 ___DC C:\Program Files (x86)\Display
2017-02-02 12:10 - 2017-02-02 12:10 - 00005606 ____C C:\Windows\system32\.crusader
2017-02-01 19:45 - 2017-02-01 19:45 - 00508320 ____C C:\Users\Anya\Documents\AL606-12-16 Front Extremity_52524.JPEG
2017-02-01 19:44 - 2017-02-01 19:44 - 00459920 ____C C:\Users\Anya\Documents\AL706-12-16 Front Extremity (3)_52524.JPEG
2017-02-01 19:39 - 2017-02-01 19:39 - 00587748 ____C C:\Users\Anya\Documents\High detail front right paw 3 28-11-2016_52524.JPEG
2017-02-01 19:39 - 2017-02-01 19:39 - 00566078 ____C C:\Users\Anya\Documents\High detail front right paw 2 28-11-2016_52524.JPEG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 20:19 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-01 20:19 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-01 20:16 - 2017-01-02 18:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
2017-03-01 20:14 - 2016-09-21 20:40 - 00000000 ___DC C:\AdwCleaner
2017-03-01 20:12 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\inf
2017-03-01 20:10 - 2009-07-14 16:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-03-01 17:06 - 2017-01-07 23:08 - 00000332 ____C C:\Windows\Tasks\TechUtilities.job
2017-03-01 17:06 - 2017-01-03 16:33 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-01 17:03 - 2017-01-19 15:48 - 00004478 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-01 17:03 - 2017-01-12 00:02 - 00003642 ____C C:\Windows\System32\Tasks\SDMsgUpdate (Local)
2017-03-01 17:03 - 2017-01-12 00:02 - 00003634 ____C C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2017-03-01 17:03 - 2017-01-09 13:33 - 00003332 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-01 17:03 - 2017-01-09 13:33 - 00003204 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-01 17:03 - 2017-01-08 12:01 - 00003324 _____ C:\Windows\System32\Tasks\ToolwizCareFree
2017-03-01 17:03 - 2017-01-07 23:08 - 00003162 _____ C:\Windows\System32\Tasks\TechUtilities
2017-03-01 17:03 - 2017-01-03 16:33 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-01 09:25 - 2017-01-25 18:16 - 00000000 ___DC C:\Windows\Minidump
2017-03-01 09:25 - 2017-01-03 09:53 - 00000000 ___DC C:\Windows\Panther
2017-02-24 11:39 - 2017-01-19 15:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 12:18 - 2017-01-02 16:56 - 00000000 ___DC C:\Users\Anya\Documents\tio & telstra
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\finance
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\family & health
2017-02-19 21:35 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
2017-02-19 21:34 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\Anya's phone
2017-02-19 21:34 - 2017-01-02 16:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
2017-02-19 21:33 - 2017-01-02 16:53 - 00000000 ___DC C:\Users\Anya\Documents\Anya
2017-02-17 20:09 - 2017-01-03 16:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
2017-02-17 20:08 - 2017-01-03 16:33 - 00802904 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-17 20:08 - 2017-01-03 16:33 - 00144472 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\system32\Macromed
2017-02-15 10:06 - 2009-07-14 16:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
2017-02-14 13:38 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\LiveKernelReports
2017-02-08 09:52 - 2017-01-19 19:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
2017-02-06 09:26 - 2017-01-02 18:38 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2017-02-02 12:49 - 2017-01-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-02-02 12:01 - 2017-01-02 19:16 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-02 12:01 - 2017-01-02 18:04 - 00000000 ___DC C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2017-01-03 14:58 - 2017-01-03 14:58 - 0000044 ____C () C:\Users\Anya\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
2017-03-01 18:41 - 2010-11-21 14:23 - 1731936 ____C (Microsoft Corporation) C:\Users\Anya\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-03 09:54

==================== End of FRST.txt ============================

Click to expand...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Anya (01-03-2017 20:24:21)
Running from C:\Users\Anya\Desktop\PC prework
Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
EasyBluePrint (HKLM-x32\...\{598B5BFB-3491-4C9B-9D20-F6477932FFCE}) (Version: 1.00.0000 - Lazycat Labs LLC)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version: - )
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {33037067-24A4-4C51-9BF4-C93967D001CB} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2017-01-08] (Toolwiz)
Task: {4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
Task: {792F89C5-CD6D-420F-B59F-A6FD747F23A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-17] (Adobe Systems Incorporated)
Task: {84DD79D9-08FF-42FE-B5A0-F88E208EA467} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000
Task: {977EEB1A-1D70-420F-8E80-26BACAE87F7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {CF69B18C-0219-4C72-A7C0-B5155F4BFF07} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-01 09:27 - 2017-01-20 07:47 - 02264352 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-01 09:27 - 2017-01-20 07:47 - 02254800 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-01 09:27 - 2017-01-20 07:47 - 02829776 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

01-03-2017 19:52:38 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2017 08:12:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2017 05:08:25 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:25 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:25 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:25 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/01/2017 05:08:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:18 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/01/2017 05:08:17 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:17 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 05:08:17 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))


System errors:
=============
Error: (03/01/2017 08:08:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/01/2017 08:08:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/01/2017 08:08:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/01/2017 08:08:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/01/2017 08:08:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/01/2017 08:08:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HitmanPro Scheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (03/01/2017 08:08:56 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The handle is invalid. If this error persists, your smart card or reader may not be functioning correctly.

Command Header: XX XX XX XX

Error: (03/01/2017 07:46:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (03/01/2017 06:19:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (03/01/2017 05:08:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 81%
Total physical RAM: 4047.92 MB
Available physical RAM: 755.61 MB
Total Virtual: 8094.04 MB
Available Virtual: 4802.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.46 GB) (Free:21.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)

==================== End of Addition.txt ============================

Click to expand...

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Anya (02-03-2017 21:19:55) Run:1
Running from C:\Users\Anya\Desktop\PC prework
Loaded Profiles: Anya (Available Profiles: Anya)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4C627B19-BC24-470C-A374-BA04D5043EF9}: [DhcpNameServer] 192.168.42.129
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp10_adw_hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
2017-02-14 23:35 - 2017-02-14 23:35 - 00000000 ___DC C:\Windows\System32\Tasks\Games
2017-03-01 17:06 - 2017-01-07 23:08 - 00000332 ____C C:\Windows\Tasks\TechUtilities.job
2017-03-01 17:06 - 2017-01-03 16:33 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-01 17:03 - 2017-01-19 15:48 - 00004478 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-01 17:03 - 2017-01-12 00:02 - 00003642 ____C C:\Windows\System32\Tasks\SDMsgUpdate (Local)
2017-03-01 17:03 - 2017-01-12 00:02 - 00003634 ____C C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2017-03-01 17:03 - 2017-01-09 13:33 - 00003332 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-01 17:03 - 2017-01-09 13:33 - 00003204 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-01 17:03 - 2017-01-08 12:01 - 00003324 _____ C:\Windows\System32\Tasks\ToolwizCareFree
2017-03-01 17:03 - 2017-01-07 23:08 - 00003162 _____ C:\Windows\System32\Tasks\TechUtilities
2017-03-01 17:03 - 2017-01-03 16:33 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-03 14:58 - 2017-01-03 14:58 - 0000044 ____C () C:\Users\Anya\AppData\Roaming\WB.CFG
Task: {0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {33037067-24A4-4C51-9BF4-C93967D001CB} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2017-01-08] (Toolwiz)
Task: {4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
Task: {792F89C5-CD6D-420F-B59F-A6FD747F23A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-17] (Adobe Systems Incorporated)
Task: {84DD79D9-08FF-42FE-B5A0-F88E208EA467} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000
Task: {977EEB1A-1D70-420F-8E80-26BACAE87F7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {CF69B18C-0219-4C72-A7C0-B5155F4BFF07} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe
C:\Windows\Tasks\TechUtilities.job
C:\SmartDraw 2016
C:\Program Files\TechUtilities
C:\Windows\system32\Drivers\etc\hosts
Hosts:
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
C:\Program Files (x86)\SpeedItup Free
C:\Program Files (x86)\Driver Detective
C:\Users\Anya\AppData\Roaming\ParetoLogic
C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe
DeleteKey: HKLM\SOFTWARE\ReviverSoft
DeleteKey: HKLM\SOFTWARE\Auslogics
CMD: gpupdate /force
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
RemoveProxy:
CMD: ipconfig /flushdns
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C627B19-BC24-470C-A374-BA04D5043EF9}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} => key removed successfully
HKCR\CLSID\{76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} => key not found.
HKCR\PROTOCOLS\Filter\deflate => key not found.
HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\deflate => key not found.
HKCR\Wow6432Node\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
HKCR\PROTOCOLS\Filter\gzip => key not found.
HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\gzip => key not found.
HKCR\Wow6432Node\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKLM\System\CurrentControlSet\Services\WinDefend => key removed successfully
WinDefend => service removed successfully
C:\Windows\System32\Tasks\Games => moved successfully
C:\Windows\Tasks\TechUtilities.job => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
C:\Windows\System32\Tasks\SDMsgUpdate (Local) => moved successfully
C:\Windows\System32\Tasks\SDMsgUpdate (TE) => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"C:\Windows\System32\Tasks\ToolwizCareFree" => not found.
C:\Windows\System32\Tasks\TechUtilities => moved successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
C:\Users\Anya\AppData\Roaming\WB.CFG => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} => key removed successfully
C:\Windows\System32\Tasks\TechUtilities => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TechUtilities => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33037067-24A4-4C51-9BF4-C93967D001CB} => key not found.
C:\Windows\System32\Tasks\ToolwizCareFree => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ToolwizCareFree => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} => key removed successfully
C:\Windows\System32\Tasks\SDMsgUpdate (Local) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SDMsgUpdate (Local) => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{792F89C5-CD6D-420F-B59F-A6FD747F23A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{792F89C5-CD6D-420F-B59F-A6FD747F23A3} => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84DD79D9-08FF-42FE-B5A0-F88E208EA467} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84DD79D9-08FF-42FE-B5A0-F88E208EA467} => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{977EEB1A-1D70-420F-8E80-26BACAE87F7F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{977EEB1A-1D70-420F-8E80-26BACAE87F7F} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF69B18C-0219-4C72-A7C0-B5155F4BFF07} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF69B18C-0219-4C72-A7C0-B5155F4BFF07} => key removed successfully
C:\Windows\System32\Tasks\SDMsgUpdate (TE) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SDMsgUpdate (TE) => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => not found.
C:\Windows\Tasks\TechUtilities.job => not found.
"C:\Windows\Tasks\TechUtilities.job" => not found.
C:\SmartDraw 2016 => moved successfully
"C:\Program Files\TechUtilities" => not found.
Could not move "C:\Windows\system32\Drivers\etc\hosts" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP => value removed successfully
"C:\Program Files (x86)\SpeedItup Free" => not found.
"C:\Program Files (x86)\Driver Detective" => not found.
"C:\Users\Anya\AppData\Roaming\ParetoLogic" => not found.
"C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe" => not found.
HKLM\SOFTWARE\ReviverSoft => key not found.
HKLM\SOFTWARE\Auslogics => key not found.

========= gpupdate /force =========

Updating Policy...



User Policy update has completed successfully.

Computer Policy update has completed successfully.




========= End of CMD: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP-NoScope => value removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 111560330 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 607 B
Edge => 0 B
Chrome => 0 B
Firefox => 182882028 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 65960 B
LocalService => 66228 B
NetworkService => 66228 B
Anya => 193970661 B

RecycleBin => 9851621732 B
EmptyTemp: => 9.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-03-2017 21:26:46)

"C:\Windows\system32\Drivers\etc\hosts" => Could not move
Could not restore Hosts.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move
Could not restore Hosts.

==== End of Fixlog 21:26:46 ====

Click to expand...

ClearLNK by Alex Dragokas ver. 2.9.0.11

OS: x64 Windows 7 Pro, 6.1.7601, Service Pack: 1
Time: 02.03.2017 - 21:35
Language: OS: EN (0x409). Display: EN (0x409). Non-Unicode: EN (0x409)
Elevated: Yes
User: Anya (group: Administrator)

_____________________________ Begin of Log ______________________________
.
[ OK ] 2 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk" -> [ "C:\Windows\ehome\ehshell.exe" ] (icon has been recovered)
[ OK ] 5 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk" -> [ "C:\Windows\system32\WindowsAnytimeUpgradeUI.exe" ] (icon has been recovered)
[ OK ] 6 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk" -> [ "C:\Program Files\DVD Maker\DVDMaker.exe" ] (icon has been recovered)
[ OK ] 7 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk" -> [ "C:\Windows\system32\WFS.exe" ] (icon has been recovered)
[ OK ] 8 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk" -> [ "C:\Windows\System32\xpsrchvw.exe" ] (icon has been recovered)
[ OK ] 31 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk" -> [ "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" ] (icon has been recovered)
[ OK ] 32 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk" -> [ "C:\Windows\system32\recdisc.exe" ] (icon has been recovered)
[ OK ] 33 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk" -> [ "C:\Windows\System32\msra.exe" ] (icon has been recovered)
[ OK ] 43 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk" -> [ "C:\Windows\System32\comexp.msc" ] (icon has been recovered)
[ OK ] 44 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk" -> [ "C:\Windows\System32\odbcad32.exe" ] (icon has been recovered)
[ OK ] 45 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk" -> [ "C:\Windows\System32\iscsicpl.exe" ] (icon has been recovered)
[ OK ] 46 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk" -> [ "C:\Windows\system32\MdSched.exe" ] (icon has been recovered)
[ OK ] 47 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk" -> [ "C:\Windows\System32\printmanagement.msc" ] (icon has been recovered)
[ OK ] 48 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk" -> [ "C:\Windows\System32\services.msc" ] (icon has been recovered)
[ OK ] 49 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk" -> [ "C:\Windows\system32\msconfig.exe" ] (icon has been recovered)
[ OK ] 50 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk" -> [ "C:\Windows\System32\WF.msc" ] (icon has been recovered)
[ OK ] 51 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk" -> [ "C:\Windows\System32\calc.exe" ] (icon has been recovered)
[ OK ] 52 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk" -> [ "C:\Windows\System32\displayswitch.exe" ] (icon has been recovered)
[ OK ] 53 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk" -> [ "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mip.exe" ] (icon has been recovered)
[ OK ] 54 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk" -> [ "C:\Windows\system32\NetProj.exe" ] (icon has been recovered)
[ OK ] 55 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" -> [ "C:\Windows\System32\mspaint.exe" ] (icon has been recovered)
[ OK ] 56 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk" -> [ "C:\Windows\System32\mstsc.exe" ] (icon has been recovered)
[ OK ] 57 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk" -> [ "C:\Windows\system32\SnippingTool.exe" ] (icon has been recovered)
[ OK ] 58 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk" -> [ "C:\Windows\system32\SoundRecorder.exe" ] (icon has been recovered)
[ OK ] 59 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk" -> [ "C:\Windows\system32\StikyNot.exe" ] (icon has been recovered)
[ OK ] 60 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk" -> [ "C:\Windows\System32\mobsync.exe" ] (icon has been recovered)
[ OK ] 61 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk" -> [ "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" ] (icon has been recovered)
[ OK ] 62 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk" -> [ "C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 63 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk" -> [ "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe" ] (icon has been recovered)
[ OK ] 64 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" ] (icon has been recovered)
[ OK ] 65 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 66 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk" -> [ "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe" ] (icon has been recovered)
[ OK ] 67 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk" -> [ "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe" ] (icon has been recovered)
[ OK ] 68 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk" -> [ "C:\Program Files\Windows Journal\Journal.exe" ] (icon has been recovered)
[ OK ] 69 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk" -> [ "C:\Windows\System32\charmap.exe" ] (icon has been recovered)
[ OK ] 70 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk" -> [ "C:\Windows\System32\dfrgui.exe" ] (icon has been recovered)
[ OK ] 71 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk" -> [ "C:\Windows\System32\cleanmgr.exe" ] (icon has been recovered)
[ OK ] 72 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk" -> [ "C:\Windows\System32\msinfo32.exe" ] (icon has been recovered)
[ OK ] 73 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk" -> [ "C:\Windows\system32\rstrui.exe" ] (icon has been recovered)
[ OK ] 74 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk" -> [ "C:\Windows\System32\migwiz\PostMig.exe" ] (icon has been recovered)
[ OK ] 75 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk" -> [ "C:\Windows\System32\migwiz\migwiz.exe" ] (icon has been recovered)
[ OK ] 85 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk" -> [ "C:\Program Files\Internet Explorer\iexplore.exe" ] (Method RN-S) (OK)
[ OK ] 89 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" -> [ "C:\Windows\System32\notepad.exe" ] (icon has been recovered)
[ OK ] 91 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk" -> [ "C:\Windows\explorer.exe" ] (icon has been recovered)
[ OK ] 94 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk" -> [ "C:\Windows\System32\eudcedit.exe" ] (icon has been recovered)
[ OK ] 95 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk" -> [ "C:\Windows\System32\Magnify.exe" ] (icon has been recovered)
[ OK ] 96 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk" -> [ "C:\Windows\system32\narrator.exe" ] (icon has been recovered)
[ OK ] 97 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk" -> [ "C:\Windows\System32\osk.exe" ] (icon has been recovered)
[ OK ] 110 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk" -> [ "C:\Windows\explorer.exe" ] (icon has been recovered)
[ OK ] 115 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" -> [ "C:\Windows\System32\notepad.exe" ] (icon has been recovered)
[ OK ] 117 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk" -> [ "C:\Windows\explorer.exe" ] (icon has been recovered)
[ OK ] 120 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk" -> [ "C:\Windows\System32\eudcedit.exe" ] (icon has been recovered)
[ OK ] 121 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk" -> [ "C:\Windows\System32\Magnify.exe" ] (icon has been recovered)
[ OK ] 122 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk" -> [ "C:\Windows\system32\narrator.exe" ] (icon has been recovered)
[ OK ] 123 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk" -> [ "C:\Windows\System32\osk.exe" ] (icon has been recovered)
[ OK ] 126 "C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 127 "C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk" -> [ "C:\Windows\System32\wuapp.exe" ] (Method RN-S) (OK)
[ OK ] 128 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk" -> [ "C:\Program Files (x86)\Windows Sidebar\sidebar.exe" ] (Method RN-S) (OK)
[ OK ] 129 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk" -> [ "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" ] (Method RN-S) (OK)
[ OK ] 130 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk" -> [ "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" ] (Method RN-S) (OK)
[ OK ] 131 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk" -> [ "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" ] (Method RN-S) (OK)
[ OK ] 133 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\Uninstall Quicken CashBook - Version 8.lnk" -> [ "C:\Windows\uninst.exe" ] (Method RN-S) (OK)
[ OK ] 134 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 135 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk" -> [ "C:\Program Files\HitmanPro\HitmanPro.exe" ] (Method RN-S) (OK)
[ OK ] 136 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk" -> [ "C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe" ] (Method RN-S) (OK)
[ OK ] 137 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk" -> [ "C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe" ] (Method RN-S) (OK)
[ OK ] 138 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk" -> [ "C:\Windows\System32\msiexec.exe" ] (Method RN-S) (OK)
[ OK ] 139 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Blue Print\Uninstall\Uninstall.lnk" -> [ "C:\Windows\SysWOW64\msiexec.exe" ] (Method RN-S) (OK)
[ OK ] 140 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Connect.lnk" -> [ "C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" ] (Method RN-S) (OK)
[ OK ] 141 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk" -> [ "C:\Windows\System32\compmgmt.msc" ] (Method RN-S) (OK)
[ OK ] 142 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk" -> [ "C:\Windows\System32\eventvwr.msc" ] (Method RN-S) (OK)
[ OK ] 143 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk" -> [ "C:\Windows\System32\perfmon.msc" ] (Method RN-S) (OK)
[ OK ] 144 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk" -> [ "C:\Windows\system32\secpol.msc" ] (Method RN-S) (OK)
[ OK ] 145 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk" -> [ "C:\Windows\System32\taskschd.msc" ] (Method RN-S) (OK)
[ OK ] 146 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ] (Method RN-S) (OK)
[ OK ] 147 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk" -> [ "C:\Windows\system32\mblctr.exe" ] (Method RN-S) (OK)
[ OK ] 148 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 149 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk" -> [ "C:\Windows\System32\perfmon.exe" ] (Method RN-S) (OK)
[ OK ] 150 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk" -> [ "C:\Windows\System32\taskschd.msc" ] (Method RN-S) (OK)
[ OK ] 151 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk" -> [ "C:\Windows\Speech\Common\sapisvr.exe" ] (Method RN-S) (OK)
[ OK ] 153 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 154 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk" -> [ "C:\Windows\system32\WFS.exe" ] (Method RN-S) (OK)
[ OK ] 155 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 156 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk" -> [ "C:\Windows\system32\WFS.exe" ] (Method RN-S) (OK)
.
[DEL ] 15 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016\SmartDraw 2016.lnk" (target was not recovered)
[DEL ] 16 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016\Uninstall SmartDraw 2016.lnk" (target was not recovered)
[DEL ] 37 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk" (target was not recovered)
[DEL ] 77 "C:\Users\Anya\Pictures\our animals\our horses\Shortcut to DSCF3378.lnk" (target was not recovered)
[DEL ] 78 "C:\Users\Anya\Pictures\Family & friends\spur 001.jpg.lnk" (target was not recovered)
[DEL ] 79 "C:\Users\Anya\Pictures\Family & friends\spur 002.jpg.lnk" (target was not recovered)
[DEL ] 80 "C:\Users\Anya\Pictures\Family & friends\milwright family\Picture 023.jpg.lnk" (target was not recovered)
[DEL ] 83 "C:\Users\Anya\Links\RecentPlaces.lnk" (target was not recovered)
[DEL ] 87 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk" (target was not recovered)
[DEL ] 88 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk" (target was not recovered)
[DEL ] 90 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk" (target was not recovered)
[DEL ] 92 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk" (target was not recovered)
[DEL ] 93 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk" (target was not recovered)
[DEL ] 99 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" (target was not recovered)
[DEL ] 101 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" (target was not recovered)
[DEL ] 109 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Toolwiz Care.lnk" (target was not recovered)
[DEL ] 113 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk" (target was not recovered)
[DEL ] 114 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk" (target was not recovered)
[DEL ] 116 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk" (target was not recovered)
[DEL ] 118 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk" (target was not recovered)
[DEL ] 119 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk" (target was not recovered)
[DEL ] 124 "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" (target was not recovered)
[DEL ] 125 "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" (target was not recovered)
[DEL ] 157 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url"
[DEL ] 158 "C:\Users\Anya\Favorites\Windows Live\Get Windows Live.url"
[DEL ] 159 "C:\Users\Anya\Favorites\Windows Live\Windows Live Gallery.url"
[DEL ] 160 "C:\Users\Anya\Favorites\Windows Live\Windows Live Mail.url"
[DEL ] 161 "C:\Users\Anya\Favorites\Windows Live\Windows Live Spaces.url"
[DEL ] 162 "C:\Users\Anya\Favorites\MSN Websites\MSN Autos.url"
[DEL ] 163 "C:\Users\Anya\Favorites\MSN Websites\MSN Entertainment.url"
[DEL ] 164 "C:\Users\Anya\Favorites\MSN Websites\MSN Money.url"
[DEL ] 165 "C:\Users\Anya\Favorites\MSN Websites\MSN Sports.url"
[DEL ] 166 "C:\Users\Anya\Favorites\MSN Websites\MSN.url"
[DEL ] 167 "C:\Users\Anya\Favorites\MSN Websites\MSNBC News.url"
[DEL ] 168 "C:\Users\Anya\Favorites\Microsoft Websites\IE Add-on site.url"
[DEL ] 169 "C:\Users\Anya\Favorites\Microsoft Websites\IE site on Microsoft.com.url"
[DEL ] 170 "C:\Users\Anya\Favorites\Microsoft Websites\Microsoft At Home.url"
[DEL ] 171 "C:\Users\Anya\Favorites\Microsoft Websites\Microsoft At Work.url"
[DEL ] 172 "C:\Users\Anya\Favorites\Microsoft Websites\Microsoft Store.url"
[DEL ] 173 "C:\Users\Anya\Favorites\Links for United States\GobiernoUSA.gov.url"
[DEL ] 174 "C:\Users\Anya\Favorites\Links for United States\USA.gov.url"
[DEL ] 175 "C:\Users\Anya\Favorites\Links\Suggested Sites.url"
[DEL ] 176 "C:\Users\Anya\Favorites\Links\Web Slice Gallery.url"
.
[SKIP] 1 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico" (shortcut was not found)
[SKIP] 10 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url" (shortcut was not found)
[SKIP] 11 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt" (shortcut was not found)
[SKIP] 12 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url" (shortcut was not found)
[SKIP] 14 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree\Toolwiz Care.lnk" (shortcut was not found)
[SKIP] 41 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira on the Internet.lnk -> C:\Program Files (x86)\Avira\Antivirus\weblink.url" (shortcut was not found)
[SKIP] 84 "C:\Users\Anya\Desktop\PC prework\PCHF further programs\CCleaner.lnk" (shortcut was not found)
[SKIP] 132 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree\Uninstall.lnk" (shortcut was not found)
.
[WARN] 3 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk" -> [ "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" ] (already cured)
[WARN] 4 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk" -> [ "C:\Program Files\paint.net\PaintDotNet.exe" ] (already cured)
[WARN] 9 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 2.1.5\Wings 3D 2.1.5.lnk" -> [ "C:\Program Files\wings3d_2.1.5\Wings3D.exe" ] (already cured)
[WARN] 13 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk" -> [ "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" ] (already cured)
[WARN] 17 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome\situhome.lnk" -> [ "C:\Program Files (x86)\situhome\situhomeLauncher.exe" ] (already cured)
[WARN] 18 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\Financial Address Book.lnk" -> [ "C:\Program Files (x86)\QUICKENW\addrbook.exe" ] (already cured)
[WARN] 19 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\Quicken CashBook - Version 8.lnk" -> [ "C:\Program Files (x86)\QUICKENW\QW.EXE" ] (already cured)
[WARN] 20 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\Quicken Home Inventory.lnk" -> [ "C:\Program Files (x86)\QUICKENW\QHI.exe" ] (already cured)
[WARN] 21 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\ReadMe.lnk" -> [ "C:\Program Files (x86)\QUICKENW\readme.wri" ] (already cured)
[WARN] 22 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8\What's New in Quicken CashBook - Version 8.lnk" -> [ "C:\Program Files (x86)\QUICKENW\whatsnew.WRI" ] (already cured)
[WARN] 23 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Base.lnk" -> [ "C:\Program Files (x86)\OpenOffice 4\program\sbase.exe" ] (already cured)
[WARN] 24 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Calc.lnk" -> [ "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe" ] (already cured)
[WARN] 25 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Draw.lnk" -> [ "C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe" ] (already cured)
[WARN] 26 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Impress.lnk" -> [ "C:\Program Files (x86)\OpenOffice 4\program\simpress.exe" ] (already cured)
[WARN] 27 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Math.lnk" -> [ "C:\Program Files (x86)\OpenOffice 4\program\smath.exe" ] (already cured)
[WARN] 28 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Writer.lnk" -> [ "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" ] (already cured)
[WARN] 29 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice.lnk" -> [ "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe" ] (already cured)
[WARN] 30 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk" -> [ "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe" ] (already cured)
[WARN] 34 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor\Image Composite Editor.lnk" -> [ "C:\Program Files\Microsoft Research\Image Composite Editor\ICE.exe" ] (already cured)
[WARN] 35 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk" -> [ "C:\Program Files\HitmanPro\HitmanPro.exe" ] (already cured)
[WARN] 36 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth.lnk" -> [ "C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe" ] (already cured)
[WARN] 38 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Blue Print\Easy Blue Print.lnk" -> [ "C:\Program Files (x86)\Easy Blue Print\Easy Blue Print\bp.exe" ] (already cured)
[WARN] 39 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk" -> [ "C:\Program Files\CCleaner\CCleaner64.exe" ] (already cured)
[WARN] 40 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira Antivirus Help.lnk" -> [ "C:\Program Files (x86)\Avira\Antivirus\208\avwin.chm" ] (already cured)
[WARN] 42 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Start Avira Antivirus.lnk" -> [ "C:\Program Files (x86)\Avira\Antivirus\avcenter.exe" ] (already cured)
[WARN] 76 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia\Wave Editor\Wave Editor.lnk" -> [ "C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe" ] (already cured)
[WARN] 81 "C:\Users\Anya\Links\Desktop.lnk" -> [ "C:\Users\Anya\Desktop" ] (already cured)
[WARN] 82 "C:\Users\Anya\Links\Downloads.lnk" -> [ "C:\Users\Anya\Downloads" ] (already cured)
[WARN] 86 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk" -> [ "C:\Program Files (x86)\Internet Explorer\iexplore.exe" ] (already cured)
[WARN] 98 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk" -> [ "C:\Program Files (x86)\Internet Explorer\iexplore.exe" ] (already cured)
[WARN] 100 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wave Editor.lnk" -> [ "C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe" ] (already cured)
[WARN] 102 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wings 3D (x64) 2.1.5.lnk" -> [ "C:\Program Files\wings3d_2.1.5\Wings3D.exe" ] (already cured)
[WARN] 103 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Image Composite Editor.lnk" -> [ "C:\Program Files\Microsoft Research\Image Composite Editor\ICE.exe" ] (already cured)
[WARN] 104 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk" -> [ "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" ] (already cured)
[WARN] 105 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice 4.1.2.lnk" -> [ "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe" ] (already cured)
[WARN] 106 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\paint.net.lnk" -> [ "C:\Program Files\paint.net\PaintDotNet.exe" ] (already cured)
[WARN] 107 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Quicken CashBook - Version 8.lnk" -> [ "C:\Program Files (x86)\QUICKENW\QW.EXE" ] (already cured)
[WARN] 108 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Google Earth.lnk" -> [ "C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe" ] (already cured)
[WARN] 111 "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk" -> [ "C:\Windows\System32\control.exe" ] (already cured)
[WARN] 112 "C:\Users\Anya\AppData\Local\ToolwizCareFree\Disabled Load for ALL\Billminder.lnk" -> [ "C:\Program Files (x86)\QUICKENW\billmind.exe" ] (already cured)
[WARN] 152 "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk" -> [ "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff ] (already cured)
.
____________________________ Icons location _____________________________
.
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk" -> [ ".", index=1 ] (Method: 6)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Anya\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk" -> [ ".", index=1 ] (Method: 3)
[ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk" -> [ ".", index=1 ] (Method: 3)
.
______________________________ Statistics _______________________________
Cure ran per today: 1 times.

Total processed: 176

Cured: 84
Deleted: 43
Omitted: 8
Warnings: 41
______________________________ End of Log _______________________________CRC32: 75C95525

Click to expand...

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 3/2/2017 9:55:17 PM >------
Category: 0
Computer Name: Anya-PC
Event Code: 26214
Record Number: 1635
Source Name: Chkdsk
Time Written: 02-07-2017 @ 22:37:02
Event Type: Information
User:
Message: Chkdsk was executed in read/write mode.

Checking file system on E:
Volume label is Anya Lavender.

CHKDSK is verifying files (stage 1 of 3)...
96000 file records processed.

File verification completed.
1724 large file records processed.

0 bad file records processed.

0 EA records processed.

0 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
100322 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.

Recovering orphaned file JESSSC~1.DOC (8589) into directory file 5.

CHKDSK is verifying security descriptors (stage 3 of 3)...
96000 file SDs/SIDs processed.

Cleaning up 119 unused index entries from index $SII of file 0x9.
Cleaning up 119 unused index entries from index $SDH of file 0x9.
Cleaning up 119 unused security descriptors.
Security descriptor verification completed.
2162 data files processed.

CHKDSK is verifying Usn Journal...
9390392 USN bytes processed.

Usn Journal verification completed.
Windows has made corrections to the file system.

195358719 KB total disk space.
75504112 KB in 57669 files.
24656 KB in 2163 indexes.
177339 KB in use by the system.
65536 KB occupied by the log file.
119652612 KB available on disk.

4096 bytes in each allocation unit.
48839679 total allocation units on disk.
29913153 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: Anya-PC
Event Code: 1001
Record Number: 611
Source Name: Microsoft-Windows-Wininit
Time Written: 01-04-2017 @ 04:00:22
Event Type: Information
User:
Message:

Checking file system on \\?\Volume{581436b1-d13e-11e6-a4d3-806e6f6e6963}
The type of the file system is NTFS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
256 file records processed.

File verification completed.
0 large file records processed.

0 bad file records processed.

0 EA records processed.

0 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
280 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
256 file SDs/SIDs processed.

Cleaning up 6 unused index entries from index $SII of file 0x9.
Cleaning up 6 unused index entries from index $SDH of file 0x9.
Cleaning up 6 unused security descriptors.
Security descriptor verification completed.
12 data files processed.

Windows has checked the file system and found no problems.

516095 KB total disk space.
7508 KB in 6 files.
12 KB in 14 indexes.
0 KB in bad sectors.
4923 KB in use by the system.
4240 KB occupied by the log file.
503652 KB available on disk.

4096 bytes in each allocation unit.
129023 total allocation units on disk.
125913 allocation units available on disk.

Internal Info:
00 01 00 00 1f 00 00 00 1b 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

-----------------------------------------------------------------------
Category: 0
Computer Name: Anya-PC
Event Code: 1001
Record Number: 610
Source Name: Microsoft-Windows-Wininit
Time Written: 01-04-2017 @ 04:00:22
Event Type: Information
User:
Message:

Checking file system on \\?\Volume{581436af-d13e-11e6-a4d3-806e6f6e6963}
The type of the file system is NTFS.
Volume label is System Reserved.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
256 file records processed.

File verification completed.
0 large file records processed.

0 bad file records processed.

0 EA records processed.

0 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
336 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
256 file SDs/SIDs processed.

Cleaning up 29 unused index entries from index $SII of file 0x9.
Cleaning up 29 unused index entries from index $SDH of file 0x9.
Cleaning up 29 unused security descriptors.
Security descriptor verification completed.
40 data files processed.

Windows has checked the file system and found no problems.

102399 KB total disk space.
25620 KB in 52 files.
28 KB in 42 indexes.
0 KB in bad sectors.
2727 KB in use by the system.
2048 KB occupied by the log file.
74024 KB available on disk.

4096 bytes in each allocation unit.
25599 total allocation units on disk.
18506 allocation units available on disk.

Internal Info:
00 01 00 00 69 00 00 00 89 00 00 00 00 00 00 00 ....i...........
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

-----------------------------------------------------------------------

Click to expand...

Zoek.exe v5.0.0.1 Updated 27-09-2015

Tool run by Anya on Mon 03/06/2017 at 1:04:08.76.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\Anya\Desktop\PCHF progs & prework\zoek.exe [Scan all users] [Script inserted]



===== Runcheck 1:04:54.08 =====



--- Create Environment Variables 1:04:58.10

--- Create System Restore Point 1:05:14.48

--- Checking Input 23:05:52.05

--- AU AppData Check 23:06:28.85

--- Remove From Windows Installer 23:06:34.17

--- Empty Folders Check 23:10:52.50

--- Registry HKLM Software Check 23:10:52.52

--- Quick Launch Shortcut Check 23:11:37.81

--- IE Startpage Check 23:11:59.77

--- Program Files DB Check 23:13:19.77

--- C:\Users\Anya\AppData\Roaming DB Check 23:15:13.49

--- C:\Users\Default\AppData\Roaming DB Check 23:15:13.49

--- C:\Users\Default User\AppData\Roaming DB Check 23:15:13.49

--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 23:15:13.49

--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 23:15:13.49

--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 23:15:13.49

--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 23:15:13.49

--- C:\Users\Anya DB Check 23:20:42.31

--- C:\PROGRA~3 DB Check 23:21:23.79

--- C:\Users\Anya\AppData\Local DB Check 23:21:32.82

--- C:\Users\Default\AppData\Local DB Check 23:21:32.82

--- C:\Users\Default User\AppData\Local DB Check 23:21:32.82

--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 23:21:32.82

--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 23:21:32.82

--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 23:21:32.82

--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 23:21:32.82

--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 23:25:20.91

--- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 23:25:45.09

--- Tasks DB Check 23:26:00.58

--- Downloads DB Check 23:26:10.21

--- C:\Users\Anya\AppData\LocalLow DB Check 23:26:20.49

--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 23:26:20.49

--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 23:26:20.49

--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 23:26:20.49

--- Tasks2 DB Check 23:27:58.69

--- Documents DB Check 23:29:13.94

--- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default DB Check 23:29:32.27

--- C:\Users\Public\Desktop DB Check 23:29:37.92

--- C:\Users\Anya\Desktop DB Check 23:29:49.14

--- Services DB Check 23:30:18.06

--- FF prefs.js DB Check 23:31:27.00

--- Emptyclsid 23:33:20.35

--- Del by CLSID 23:33:27.02

--- Delete Services 23:34:36.74

--- Firefox Fix 23:34:45.59

--- Registry Fix 23:34:52.17

--- Batch Commands 23:34:52.20

--- Delete files\folders 23:34:52.92

--- Create Backups 23:34:53.54

--- Firefox Extensions 23:35:28.16

Click to expand...