Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problems downloading and running programs

Started by pharper , Jun 16 2016 10:01 PM

Page 6 of 9
4
5
6
7
8

Please log in to reply

#76
pharper

Posted 21 June 2016 - 05:12 PM

Member

Topic Starter
Member
78 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/06/2016 6:10:43 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/06/2016 5:52:55 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/06/2016 5:02:09 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/06/2016 3:13:35 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2016 7:13:47 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2016 3:36:27 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2016 2:36:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/06/2016 12:26:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/06/2016 1:41:24 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/06/2016 1:05:05 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/06/2016 5:46:49 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/06/2016 4:45:20 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/06/2016 5:59:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/06/2016 8:12:56 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/06/2016 9:26:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/06/2016 11:26:38 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/05/2016 3:36:23 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/05/2016 9:40:08 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/05/2016 9:08:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/05/2016 11:24:23 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/05/2016 2:27:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/06/2016 10:37:36 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 21/06/2016 10:37:36 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Log: 'System' Date/Time: 21/06/2016 10:35:33 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 21/06/2016 10:34:01 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 21/06/2016 10:29:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 21/06/2016 10:29:52 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Log: 'System' Date/Time: 21/06/2016 10:26:39 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 21/06/2016 9:27:10 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 21/06/2016 9:27:10 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Log: 'System' Date/Time: 21/06/2016 9:24:00 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 21/06/2016 5:55:22 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Log: 'System' Date/Time: 21/06/2016 5:53:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 21/06/2016 5:53:32 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 21/06/2016 5:53:26 PM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

Log: 'System' Date/Time: 21/06/2016 5:53:23 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 21/06/2016 5:53:11 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: avc3 BDVEDISK discache gzflt ignis spldr Wanarpv6

Log: 'System' Date/Time: 21/06/2016 5:38:10 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 21/06/2016 5:33:03 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/06/2016 10:35:33 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

Log: 'System' Date/Time: 21/06/2016 10:34:23 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 10:33:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/06/2016 10:33:52 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 21/06/2016 10:27:51 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

Log: 'System' Date/Time: 21/06/2016 10:27:12 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 10:26:32 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/06/2016 10:26:32 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 21/06/2016 9:25:17 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

Log: 'System' Date/Time: 21/06/2016 9:24:20 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 9:23:54 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/06/2016 5:52:58 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 5:39:02 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

Log: 'System' Date/Time: 21/06/2016 5:38:32 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 5:37:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/06/2016 5:32:24 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 12:50:19 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name r20swj13mr.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/06/2016 10:28:04 PM
Type: Warning Category: 0
Event: 4101 Source: Display
Display driver igfx stopped responding and has successfully recovered.

Log: 'System' Date/Time: 19/06/2016 6:05:47 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/06/2016 3:14:24 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

#77
pharper

Posted 21 June 2016 - 05:18 PM

Member

Topic Starter
Member
78 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/06/2016 6:14:18 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/06/2016 9:25:13 PM
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 21/06/2016 9:25:13 PM
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 21/06/2016 7:00:33 PM
Type: Error Category: 0
Event: 3009 Source: Microsoft-Windows-LoadPerf
Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 21/06/2016 7:00:33 PM
Type: Error Category: 0
Event: 3009 Source: Microsoft-Windows-LoadPerf
Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 21/06/2016 5:55:16 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c).

Log: 'Application' Date/Time: 21/06/2016 5:54:50 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 5:39:32 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 5:34:12 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 5:13:41 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered .

Operation:
Set Snapshot Context

Context:
Execution Context: Requestor

Log: 'Application' Date/Time: 21/06/2016 5:13:41 PM
Type: Error Category: 0
Event: 22 Source: VSS
Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered ].

Operation:
Set Snapshot Context

Context:
Execution Context: Requestor

Log: 'Application' Date/Time: 21/06/2016 5:04:02 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 1:19:12 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\Owner\Downloads\SoftonicDownloader_for_primopdf.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Log: 'Application' Date/Time: 21/06/2016 1:11:44 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program WINWORD.EXE version 14.0.7164.5001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1fe8 Start Time: 01d1cb57789a1906 Termination Time: 16 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE Report Id: 0c642603-374d-11e6-a1ec-642737d5d080

Log: 'Application' Date/Time: 19/06/2016 3:14:22 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 19/06/2016 1:50:41 AM
Type: Error Category: 0
Event: 11704 Source: MsiInstaller
Product: Shopping App by Ask -- Error 1704. An installation for Adobe Refresh Manager is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Log: 'Application' Date/Time: 18/06/2016 9:09:19 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 2028

Log: 'Application' Date/Time: 18/06/2016 9:09:19 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 2028

Log: 'Application' Date/Time: 18/06/2016 9:09:19 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 18/06/2016 9:09:18 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 1014

Log: 'Application' Date/Time: 18/06/2016 9:09:18 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 1014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/06/2016 10:34:49 PM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 21/06/2016 10:27:32 PM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 21/06/2016 9:37:21 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:C:/Program Files (x86)/Microsoft Office/Office14/Visio Content/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The object was not found. (HRESULT : 0x80041201) (0x80041201)

Log: 'Application' Date/Time: 21/06/2016 9:24:53 PM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 21/06/2016 9:23:53 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/06/2016 9:23:52 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/06/2016 7:00:33 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET CLR Networking 4.0.0.0 service. Reinstall the performance counters manually using the LODCTR tool.

Log: 'Application' Date/Time: 21/06/2016 7:00:33 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET Data Provider for Oracle service. Reinstall the performance counters manually using the LODCTR tool.

Log: 'Application' Date/Time: 21/06/2016 6:54:13 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:36 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:32 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:27 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:27 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:24 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

#78
RKinner

Posted 21 June 2016 - 05:22 PM

Malware Expert

Expert
24,625 posts

I'm going to have the admin move this to malware so I can run a FRST scan now that it appears you can download a bit.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#79
Naathim

Posted 21 June 2016 - 05:44 PM

GeekU Minion

Expert
4,568 posts

Moved to Malware Removal forum per Ron's request

#80
pharper

Posted 21 June 2016 - 05:48 PM

Member

Topic Starter
Member
78 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Owner (administrator) on OWNER-PC (21-06-2016 18:45:33)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TotalRecipeSearch AppIntegrator 64-bit] => C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1107672 2016-04-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-18] (Google Inc.)
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: {50323b00-37c4-11e4-9ced-642737d5d080} - F:\SISetup.exe
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: {ad525c50-947d-11e4-ab12-642737d5d080} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\MountPoints2: {41a03fc7-794d-11e2-a46f-806e6f6e6963} - D:\autorun\autorun.exe
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-06-15]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-06-15]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2014-06-11]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2014-06-11]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-13]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-17]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{77E23ABE-1BB2-48A9-BA12-F41B64556458}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8AC013FA-C812-4531-90E6-9EB1CCE989C7}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{D9E8C3FF-8E71-41F2-A82E-2A6BEBCFDE46}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F355C6F0-4857-45BC-BE92-D6C2F8F75698}: [DhcpNameServer] 71.92.29.130 97.81.22.195 68.113.206.10

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.better-search.net/?src=10&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
URLSearchHook: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
SearchScopes: HKLM-x32 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm002^YYA^us&si=CLrphrX90sQCFUkV7Aodl2AAlQ&ptb=5A785AAE-2D0E-49A8-9E53-B3436A7B3060&psa=&ind=2015121016&st=sb&n=781c4e78&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {6C0974F6-1FBF-46DD-BDAB-45D64D1820A9} URL = hxxp://isearch.shopathome.com?user_id={458A9901-D9EB-4901-859E-FE7E3A9CEFD9}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={450FC2CC-16FD-45C0-BB01-D0680A2C5660}&mid=8cfabf364223465b9d085326c40d5531-3c99ef7a0cb711bf815f2b310182d50dffe50bcb&lang=en&ds=pl011&coid=avgtbdispl&cmpid=&pr=sa&d=2013-03-25 22:24:54&v=18.1.6.542&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {A62CED7B-EBAB-4C11-AE8C-28EC7202B190} URL = hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.24.1.53&apn_uid=749EB898-4B1A-4688-89BB-94CA36C47CDD&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17496&doi=2015-02-12&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm002^YYA^us&si=CLrphrX90sQCFUkV7Aodl2AAlQ&ptb=5A785AAE-2D0E-49A8-9E53-B3436A7B3060&psa=&ind=2015121016&st=sb&n=781c4e78&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
BHO-x32: ShopAtHome.com Cash Back Helper -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll [2014-08-25] (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll [2014-08-25] (AVG Secure Search)
Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
DPF: HKLM-x32 {0D859AF0-C75E-11D4-B760-00E0B81077E8} hxxp://nom.mlxchange.com/5.11.05.35382/Control/FileCruiser.cab
DPF: HKLM-x32 {145BB11A-44CA-4162-A572-D430131C352C} hxxps://www.bpofulfillment.com/WebResource.axd?d=irnzSshckJSveKJAiGfl2GHjY_wfo-IqK7dbJATIbCCXZ3MCZcsUDrWprfmLR--q8j2ZUJJfZhf7v2Htv9YV6sGAPWtn4Ipbhg_-xfRzy1k_3Ykw-ER7zzTSCRMsnkZYdfibfoHAuzAJBQAUwQyBq4UHQka0XIS-sWNyC0z52f81&t=634830530040000000
DPF: HKLM-x32 {16FD824B-8E7B-11D2-9855-00802962956C} hxxp://nom.mlxchange.com/5.11.05.35382/Control/Specfile.cab
DPF: HKLM-x32 {6FD482A3-7B57-438B-B040-52CAA30147EE} hxxp://nom.mlxchange.com/5.11.05.35382/Control/MLSClientUtils.cab
DPF: HKLM-x32 {73779860-6F88-4D8C-9DAB-30583B9BAAC3} hxxps://www.sttammanyclerk.org/secure/ImageServer/iView2/FileProInet2.CAB
DPF: HKLM-x32 {78523E50-56EB-11D3-B739-CAA1986A452F} hxxp://nom.mlxchange.com/5.11.05.35382/Control/LiteGrid.cab
DPF: HKLM-x32 {7A7537FC-5988-11D3-8B33-00104B9E5A4A} hxxp://nom.mlxchange.com/5.11.05.35382/Control/IRCWebPrint.cab
DPF: HKLM-x32 {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxps://www.bpofulfillment.com/WebResource.axd?d=PUw2-LyUSejzL3Kx-o8EiGQozXrqAyeTvVM5wHg-487X7lkUQnJmhlRcIkzP2DJ1hxXhrHLUYsKsn8YXd9Koptzcx74T_dDKbFqVxXkIYbyNNx3mi1lgd6JflJGwzSp1xMkkQcDSWm5lQQOMfmGyanXgHHqrwWa1KnhgSw5ItwIeTv1uCQcaWz-2xtaLFxp10&t=635126927011905139
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxps://secure.clearcapital.com/imageUpload/ImageUploader6.cab
DPF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://nom.mlxchange.com/5.9.06.33897/Control/IRCSharc.cab
DPF: HKLM-x32 {B198A72B-B4C3-42B5-B8DA-B364E76429AA} hxxp://nom.mlxchange.com/5.11.05.35382/Control/WebDog.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {F060A272-A18A-11D3-B75B-00E0B81077E8} hxxp://nom.mlxchange.com/5.11.05.35382/Control/AspCustomCtrls.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2012-10-30] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2621123606-1971745821-2970127776-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-28] (Citrix Online)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\MyStart Search.xml [2014-11-05]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\Powered by Bing.xml [2014-11-18]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\sweetim.xml [2014-03-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-25]
FF Extension: Webroot Password Manager - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-06-15]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted [2015-12-18] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-03-08] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.better-search.net/?barid=1523565419430232516&src=10&&st=23&i=998&did=10874
CHR StartupUrls: Default -> "hxxp://www.better-search.net/?barid=1523565419430232516&src=10&&st=23&i=998&did=10874"
CHR DefaultSearchURL: Default -> hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
CHR DefaultSearchKeyword: Default -> www.better-search.net
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (MusixHub Start) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhpmdajdojnnhkfgffkofkjifglkan [2016-02-06]
CHR Extension: (MusixHub) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehfkemccjknagjgcbfccjajkgnbffpj [2016-02-06]
CHR Extension: (Webroot Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2015-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-21] (Just Develop It) [File not signed] <==== ATTENTION
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
S4 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-09] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 18:45 - 2016-06-21 18:45 - 00040216 _____ C:\Users\Owner\Desktop\FRST.txt
2016-06-21 18:45 - 2016-06-21 18:45 - 00000000 ____D C:\FRST
2016-06-21 18:43 - 2016-06-21 18:43 - 02387456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-06-21 18:18 - 2016-06-21 18:18 - 00014260 _____ C:\Users\Owner\Desktop\VEW.txt-application.txt
2016-06-21 18:13 - 2016-06-21 18:13 - 00015630 _____ C:\Users\Owner\Desktop\VEW.txt-1.txt
2016-06-21 18:10 - 2016-06-21 18:14 - 00014260 _____ C:\VEW.txt
2016-06-21 18:06 - 2016-06-21 18:06 - 00061440 _____ ( ) C:\Users\Owner\Desktop\VEW.exe
2016-06-21 18:01 - 2016-06-21 18:01 - 00061440 _____ ( ) C:\Users\Owner\Downloads\VEW.exe
2016-06-21 17:42 - 2016-06-21 17:42 - 00479440 _____ C:\Users\Owner\Desktop\ntbtlog.txt
2016-06-21 16:27 - 2016-06-21 16:27 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-21 12:35 - 2016-06-21 12:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(64-bit).dat
2016-06-21 12:35 - 2016-06-21 12:35 - 00000000 ____D C:\RegBackup
2016-06-21 12:32 - 2016-06-21 12:32 - 00003216 _____ C:\bootsqm.dat
2016-06-21 12:19 - 2016-06-21 12:19 - 00004964 _____ C:\Users\Owner\Desktop\chkdsk_log.txt
2016-06-21 11:50 - 2016-06-21 11:50 - 00002163 _____ C:\Users\Owner\Desktop\Tweaking.com - Windows Repair.lnk
2016-06-21 11:50 - 2016-06-21 11:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-21 11:50 - 2016-06-21 11:50 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-21 11:49 - 2016-06-21 12:03 - 00187466 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-06-21 11:49 - 2016-06-21 11:49 - 21657496 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-06-21 07:20 - 2016-06-21 07:20 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-06-21 07:19 - 2016-06-21 07:19 - 00000996 _____ C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2016-06-20 22:31 - 2016-06-20 22:31 - 00365756 _____ C:\Users\Owner\Desktop\CBS (2).zip
2016-06-20 19:54 - 2016-06-21 08:34 - 09617360 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup_en-khp.exe
2016-06-20 15:19 - 2016-06-20 15:19 - 00198488 _____ C:\Users\Owner\Documents\Sterling multi offer form.pdf
2016-06-20 12:36 - 2016-06-20 12:36 - 02301750 _____ C:\Users\Owner\Desktop\Irvin CMA.pdf
2016-06-19 23:08 - 2016-06-19 23:08 - 00365756 _____ C:\Users\Owner\Desktop\CBS.zip
2016-06-19 08:44 - 2016-06-19 08:44 - 00026961 _____ C:\ProgramData\1466343840.bdinstall.bin
2016-06-19 08:42 - 2016-06-19 08:42 - 00026961 _____ C:\ProgramData\1466343763.bdinstall.bin
2016-06-18 17:20 - 2016-06-18 17:20 - 00000000 ____D C:\80e9e2bab38cc8247d
2016-06-16 21:29 - 2016-06-21 07:20 - 00000099 _____ C:\Windows\Reimage.ini
2016-06-16 21:29 - 2016-06-16 21:30 - 00000000 ____D C:\Program Files\Reimage
2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\rei
2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\ProgramData\Reimage Protector
2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-06-16 20:46 - 2016-06-16 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper
2016-06-16 20:09 - 2016-06-19 16:46 - 00000979 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-16 20:09 - 2016-06-16 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-16 20:09 - 2016-06-16 20:09 - 00000000 ____D C:\Program Files\CCleaner
2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\ProgramData\elsi..tion_d291612c4dce6913_0005.0001_8bf3579dfe869d67
2016-06-15 22:13 - 2016-06-15 22:18 - 00000000 ____D C:\Users\Owner\Documents\Wondershare PDF to Word
2016-06-15 21:48 - 2016-06-15 21:48 - 00026961 _____ C:\ProgramData\1466045325.bdinstall.bin
2016-06-15 21:42 - 2016-06-15 21:42 - 00026961 _____ C:\ProgramData\1466044942.bdinstall.bin
2016-06-15 21:40 - 2016-06-15 21:40 - 00026961 _____ C:\ProgramData\1466044838.bdinstall.bin
2016-06-15 21:07 - 2016-06-15 21:07 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp906725983
2016-06-15 21:07 - 2016-06-15 21:07 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp1074965474
2016-06-15 20:50 - 2016-06-15 20:50 - 00598869 _____ C:\Users\Owner\Desktop\Charles St disclosure.pdf
2016-06-15 20:18 - 2016-06-15 22:10 - 00000034 _____ C:\Windows\system32\STOOLSubmit.ret
2016-06-15 20:09 - 2016-06-15 22:10 - 00000000 ____D C:\ProgramData\Dumps
2016-06-15 13:01 - 2016-06-15 13:02 - 00008241 _____ C:\ProgramData\1466013653.1532.bin
2016-06-15 13:00 - 2016-06-15 19:21 - 00093781 _____ C:\ProgramData\1466013653.3504.bin
2016-06-15 13:00 - 2016-06-15 13:02 - 00002124 _____ C:\ProgramData\1466013653.3208.bin
2016-06-15 13:00 - 2016-06-15 13:01 - 00000930 _____ C:\ProgramData\1466013653.5456.bin
2016-06-15 12:16 - 2016-06-19 16:46 - 00002195 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-15 12:16 - 2016-06-15 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-15 12:15 - 2016-06-15 20:10 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-15 12:15 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-06-15 12:15 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-06-15 12:15 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-06-15 12:15 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-06-15 12:15 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2016-06-15 12:09 - 2016-06-15 12:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bitdefender
2016-06-15 12:09 - 2016-06-15 12:09 - 00002321 _____ C:\ProgramData\1466010261.5560.bin
2016-06-15 12:05 - 2016-06-15 12:50 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-15 12:05 - 2016-06-15 12:44 - 00159876 _____ C:\ProgramData\1466010261.6104.bin
2016-06-15 12:05 - 2016-06-15 12:09 - 00017164 _____ C:\ProgramData\1466010261.4824.bin
2016-06-15 12:05 - 2016-06-15 12:08 - 00001545 _____ C:\ProgramData\1466010261.1248.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00014645 _____ C:\ProgramData\1466010261.3904.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00002342 _____ C:\ProgramData\1466010261.6108.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00001090 _____ C:\ProgramData\1466010261.5604.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00001090 _____ C:\ProgramData\1466010261.4184.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-15 12:05 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-06-15 12:05 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-06-15 12:04 - 2016-06-15 12:16 - 00233409 _____ C:\ProgramData\1466010261.4764.bin
2016-06-15 12:04 - 2016-06-15 12:16 - 00189211 _____ C:\ProgramData\1466010261.1352.bin
2016-06-15 12:04 - 2016-06-15 12:15 - 00015069 _____ C:\ProgramData\1466010261.5776.bin
2016-06-15 12:04 - 2016-06-15 12:05 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-15 12:04 - 2016-06-15 12:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
2016-06-15 11:54 - 2016-06-15 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp861625900
2016-06-15 11:54 - 2016-06-15 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp2128510550
2016-06-15 11:49 - 2016-06-21 18:35 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-15 11:49 - 2016-06-15 11:49 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-06-15 11:04 - 2016-06-15 11:04 - 00000162 _____ C:\Users\Owner\Documents\~$fferson DR. list.csv
2016-06-13 09:50 - 2016-06-13 09:50 - 00349696 _____ C:\Users\Owner\Documents\Pet logo for property page.sig
2016-06-12 19:02 - 2016-06-12 19:02 - 00111354 _____ C:\Users\Owner\Documents\Brickyard w-9.pdf
2016-06-10 14:32 - 2016-06-10 14:33 - 04701481 _____ C:\Users\Owner\Desktop\Chelan flyer.pdf
2016-06-10 09:15 - 2016-06-10 09:15 - 00279692 _____ C:\Users\Owner\Documents\BEST SQUEEZE PAGE-POST A PROP START GUIDE.pdf
2016-06-07 23:07 - 2016-06-07 23:07 - 00073728 _____ C:\Users\Owner\Documents\Pet Stationary.sig
2016-06-06 12:46 - 2016-06-06 12:46 - 00022844 _____ C:\Users\Owner\Documents\Seller utility form.pdf
2016-06-05 19:45 - 2016-06-05 19:45 - 00082073 _____ C:\Users\Owner\Documents\CHELAN DUAL AGENCY.pdf
2016-06-05 19:42 - 2016-06-05 19:42 - 00135270 _____ C:\Users\Owner\Documents\CHELAN PROPERTY DISCLOSURE.pdf
2016-06-05 19:36 - 2016-06-05 19:36 - 00130133 _____ C:\Users\Owner\Documents\CHELAN LISTING AGREEMENT.pdf
2016-06-05 14:27 - 2016-06-05 14:27 - 00265335 _____ C:\Users\Owner\Documents\Chelan comps.pdf
2016-06-04 18:26 - 2016-06-04 18:26 - 00079744 _____ C:\Users\Owner\Documents\Wells fargo june 2016 payment confirmation.pdf
2016-06-04 18:17 - 2016-06-04 18:17 - 00049986 _____ C:\Users\Owner\Documents\Demco june 2016 payment.pdf
2016-06-03 22:59 - 2016-06-03 23:00 - 00003772 _____ C:\Users\Owner\Documents\Forest Ln list.csv
2016-06-03 22:23 - 2016-06-03 22:23 - 00002067 _____ C:\Users\Owner\Documents\Yates list.csv
2016-06-03 22:22 - 2016-06-03 22:22 - 00002067 _____ C:\Users\Owner\Documents\Yates.csv
2016-06-03 22:20 - 2016-06-03 22:20 - 00008270 _____ C:\Users\Owner\Documents\Cuthell list.csv
2016-06-03 22:06 - 2016-06-03 22:06 - 00009461 _____ C:\Users\Owner\Documents\Tricou Blvd list.csv
2016-06-03 22:03 - 2016-06-03 22:03 - 00008393 _____ C:\Users\Owner\Documents\Scott Pl list.csv
2016-06-03 21:57 - 2016-06-03 21:57 - 00012798 _____ C:\Users\Owner\Documents\James Robert list.csv
2016-06-03 21:53 - 2016-06-03 21:54 - 00019664 _____ C:\Users\Owner\Documents\Rene Dr. list.csv
2016-06-03 21:48 - 2016-06-03 21:49 - 00009357 _____ C:\Users\Owner\Documents\Adelle Dr. list.csv
2016-06-03 21:43 - 2016-06-03 21:43 - 00002043 _____ C:\Users\Owner\Documents\Chad Dr. list.csv
2016-06-03 20:02 - 2016-06-03 20:03 - 00705305 _____ C:\Users\Owner\Documents\Pet 2016 license.pdf
2016-06-03 20:02 - 2016-06-03 20:03 - 00705305 _____ C:\Users\Owner\Documents\3611720151229 (1).pdf
2016-06-03 11:27 - 2016-06-03 11:27 - 00988458 _____ C:\Users\Owner\Documents\10_12 Properties Ad Proof inside northside.pdf
2016-06-02 22:30 - 2016-06-02 22:30 - 00067237 _____ C:\Users\Owner\Desktop\Lease app.pdf
2016-06-02 11:37 - 2016-06-02 11:37 - 00709120 _____ C:\Users\Owner\Documents\SEVENTH SOLD.sig
2016-06-02 11:35 - 2016-06-02 11:47 - 00709120 _____ C:\Users\Owner\Documents\RIVERWOOD SOLD.sig
2016-06-02 11:30 - 2016-06-02 11:30 - 00709120 _____ C:\Users\Owner\Documents\JAELYN SOLD SITE.sig
2016-06-02 10:53 - 2016-06-02 10:53 - 00709120 _____ C:\Users\Owner\Documents\CARTER TR SITE.sig
2016-06-01 11:19 - 2016-06-01 11:19 - 00003621 _____ C:\Users\Owner\Documents\Cort mail out.csv
2016-06-01 08:53 - 2016-06-01 08:57 - 00028665 _____ C:\Users\Owner\Documents\State st labels.pdf
2016-06-01 08:52 - 2016-06-01 08:56 - 00031232 _____ C:\Users\Owner\Documents\State st mail out.xls
2016-06-01 08:50 - 2016-06-01 08:50 - 00002930 _____ C:\Users\Owner\Documents\State st list.csv
2016-06-01 08:46 - 2016-06-01 08:46 - 00032347 _____ C:\Users\Owner\Documents\Jefferson labels.pdf
2016-06-01 08:45 - 2016-06-17 15:16 - 00043520 _____ C:\Users\Owner\Documents\Jefferson mail out.xls
2016-06-01 08:43 - 2016-06-01 08:44 - 00007249 _____ C:\Users\Owner\Documents\Jefferson DR. list.csv
2016-06-01 08:21 - 2016-06-01 08:21 - 00022528 _____ C:\Users\Owner\Documents\Rue Chateau.xls
2016-06-01 08:18 - 2016-06-01 08:18 - 00000339 _____ C:\Users\Owner\Documents\Rue Chateau.csv
2016-06-01 08:15 - 2016-06-01 08:15 - 00020039 _____ C:\Users\Owner\Documents\Rue Monet labels.pdf
2016-06-01 08:12 - 2016-06-01 08:12 - 00023040 _____ C:\Users\Owner\Documents\Rue Monet mail out.xls
2016-06-01 08:08 - 2016-06-01 08:08 - 00000478 _____ C:\Users\Owner\Documents\Rue Monet list.csv
2016-06-01 08:00 - 2016-06-01 08:00 - 00031813 _____ C:\Users\Owner\Documents\Rue Chene labels.pdf
2016-06-01 07:54 - 2016-06-01 07:54 - 00034816 _____ C:\Users\Owner\Documents\Rue Chene mail out excel temp.xlt
2016-06-01 07:51 - 2016-06-01 07:51 - 00034816 _____ C:\Users\Owner\Documents\Rue Chene mail out workbook.xls
2016-06-01 07:48 - 2016-06-01 07:49 - 00014380 _____ C:\Users\Owner\Documents\Rue Chene mail out-3.xltx
2016-06-01 07:27 - 2016-06-01 07:27 - 00032996 _____ C:\Users\Owner\Documents\Rue Maison labels.pdf
2016-06-01 07:24 - 2016-06-01 07:24 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list-2.csv
2016-06-01 07:22 - 2016-06-01 07:22 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list.csv
2016-06-01 07:21 - 2016-06-01 07:21 - 00040960 _____ C:\Users\Owner\Documents\Rue Masion mail out.xls
2016-06-01 07:07 - 2016-06-01 07:07 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list csv.csv
2016-06-01 06:50 - 2016-06-01 06:51 - 00039936 _____ C:\Users\Owner\Documents\Rue chene list.xls
2016-06-01 06:48 - 2016-06-01 06:51 - 00006121 _____ C:\Users\Owner\Documents\Rue Chene mail out.csv
2016-05-31 12:25 - 2016-05-31 12:25 - 00142784 _____ C:\Users\Owner\Documents\Client list updated 5-31-16.csv
2016-05-31 11:58 - 2016-06-01 06:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SendBlaster3
2016-05-31 11:58 - 2016-05-31 11:58 - 00000000 ____D C:\Users\Owner\Documents\SendBlaster3
2016-05-23 17:39 - 2016-05-23 17:39 - 00017163 _____ C:\Users\Owner\Documents\MatrixContacts.CSV
2016-05-23 17:38 - 2016-05-23 17:55 - 00017005 _____ C:\Users\Owner\Documents\MLS contact list.csv
2016-05-22 08:51 - 2016-05-22 08:51 - 00077874 _____ C:\Users\Owner\Documents\Smart start drivers ed receipt.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 18:43 - 2015-08-18 14:14 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job
2016-06-21 18:18 - 2013-02-18 15:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-21 18:17 - 2013-02-18 21:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-21 18:12 - 2015-08-18 14:14 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job
2016-06-21 17:43 - 2009-07-13 23:45 - 00029120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-21 17:43 - 2009-07-13 23:45 - 00029120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-21 17:39 - 2009-07-14 00:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-21 17:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-06-21 17:35 - 2014-06-18 13:12 - 00479440 _____ C:\Windows\ntbtlog.txt
2016-06-21 17:34 - 2013-02-18 15:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-21 17:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 17:31 - 2016-01-07 13:04 - 00000000 ____D C:\Windows\pss
2016-06-21 16:26 - 2013-02-17 15:45 - 00129968 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-21 16:24 - 2009-07-13 23:45 - 00458896 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-21 13:55 - 2009-07-13 21:34 - 00000439 _____ C:\Windows\win.ini
2016-06-21 13:51 - 2014-02-27 10:15 - 00782510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-20 19:58 - 2013-04-03 09:20 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-06-20 14:00 - 2013-02-19 23:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PrimoPDF
2016-06-19 17:20 - 2011-05-05 05:14 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-06-19 17:20 - 2010-07-11 20:28 - 00086352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
2016-06-18 14:24 - 2015-12-21 15:21 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 14:24 - 2015-12-21 15:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 19:47 - 2013-06-08 21:39 - 00000085 _____ C:\Windows\ImportClient.INI
2016-06-17 19:47 - 2013-06-08 21:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nitro PDF
2016-06-17 19:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-06-17 07:26 - 2013-02-18 13:53 - 00000000 ____D C:\ProgramData\WRData
2016-06-16 20:49 - 2015-09-22 12:34 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-06-16 20:48 - 2016-02-06 12:13 - 00000000 ____D C:\ProgramData\Freemake
2016-06-16 20:47 - 2016-04-20 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2016-06-16 20:47 - 2016-04-20 06:10 - 00000000 ____D C:\Program Files (x86)\iMobie
2016-06-16 19:48 - 2013-02-27 14:58 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-06-15 22:39 - 2014-08-30 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-06-15 22:39 - 2014-08-30 10:02 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-06-15 21:07 - 2015-12-10 16:18 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp
2016-06-15 20:57 - 2013-02-18 22:30 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\LastPass
2016-06-15 19:19 - 2009-07-13 21:34 - 00000828 _____ C:\Windows\system32\Drivers\etc\hosts_bak_815
2016-06-15 11:23 - 2015-03-31 11:23 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job
2016-06-02 10:58 - 2016-02-04 20:31 - 00709120 _____ C:\Users\Owner\Documents\WHIP ST SITE.sig
2016-06-02 10:54 - 2015-10-09 13:23 - 01459200 _____ C:\Users\Owner\Documents\DURBIN RD SITE.sig
2016-06-02 10:50 - 2015-10-09 13:26 - 02203648 _____ C:\Users\Owner\Documents\SHELLY ST SITE.sig
2016-06-01 09:19 - 2014-05-22 13:26 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-06-01 09:19 - 2014-05-22 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-23 08:47 - 2016-05-03 12:49 - 03495424 _____ C:\Users\Owner\Documents\announcement card.pcr

==================== Files in the root of some directories =======

2016-05-11 12:59 - 2016-05-11 12:59 - 0000000 _____ () C:\Program Files (x86)\GUT3615.tmp
2013-12-05 10:27 - 2013-12-05 10:27 - 49940480 _____ () C:\Program Files (x86)\GUT7A73.tmp
2016-02-01 21:20 - 2016-02-01 21:20 - 6871040 _____ () C:\Program Files (x86)\GUTA6F1.tmp
2013-06-18 10:59 - 2014-06-03 13:59 - 0003738 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-06-11 06:45 - 2016-06-15 20:44 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-09-16 11:12 - 2016-02-06 18:29 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-14 18:44 - 2013-07-14 18:44 - 0001465 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2016-04-12 14:14 - 2016-04-12 14:14 - 0000000 _____ () C:\Users\Owner\AppData\Local\{D0F9E2AA-C4FD-49F7-86F5-E2944F1F0250}
2016-06-15 12:05 - 2016-06-15 12:08 - 0001545 _____ () C:\ProgramData\1466010261.1248.bin
2016-06-15 12:04 - 2016-06-15 12:16 - 0189211 _____ () C:\ProgramData\1466010261.1352.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 0014645 _____ () C:\ProgramData\1466010261.3904.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 0001090 _____ () C:\ProgramData\1466010261.4184.bin
2016-06-15 12:04 - 2016-06-15 12:16 - 0233409 _____ () C:\ProgramData\1466010261.4764.bin
2016-06-15 12:05 - 2016-06-15 12:09 - 0017164 _____ () C:\ProgramData\1466010261.4824.bin
2016-06-15 12:09 - 2016-06-15 12:09 - 0002321 _____ () C:\ProgramData\1466010261.5560.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 0001090 _____ () C:\ProgramData\1466010261.5604.bin
2016-06-15 12:04 - 2016-06-15 12:15 - 0015069 _____ () C:\ProgramData\1466010261.5776.bin
2016-06-15 12:05 - 2016-06-15 12:44 - 0159876 _____ () C:\ProgramData\1466010261.6104.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 0002342 _____ () C:\ProgramData\1466010261.6108.bin
2016-06-15 13:01 - 2016-06-15 13:02 - 0008241 _____ () C:\ProgramData\1466013653.1532.bin
2016-06-15 13:00 - 2016-06-15 13:02 - 0002124 _____ () C:\ProgramData\1466013653.3208.bin
2016-06-15 13:00 - 2016-06-15 19:21 - 0093781 _____ () C:\ProgramData\1466013653.3504.bin
2016-06-15 13:00 - 2016-06-15 13:01 - 0000930 _____ () C:\ProgramData\1466013653.5456.bin
2016-06-15 21:40 - 2016-06-15 21:40 - 0026961 _____ () C:\ProgramData\1466044838.bdinstall.bin
2016-06-15 21:42 - 2016-06-15 21:42 - 0026961 _____ () C:\ProgramData\1466044942.bdinstall.bin
2016-06-15 21:48 - 2016-06-15 21:48 - 0026961 _____ () C:\ProgramData\1466045325.bdinstall.bin
2016-06-19 08:42 - 2016-06-19 08:42 - 0026961 _____ () C:\ProgramData\1466343763.bdinstall.bin
2016-06-19 08:44 - 2016-06-19 08:44 - 0026961 _____ () C:\ProgramData\1466343840.bdinstall.bin

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-17 08:58

==================== End of FRST.txt ============================

#81
pharper

Posted 21 June 2016 - 05:49 PM

Member

Topic Starter
Member
78 posts