Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems downloading and running programs


  • Please log in to reply

#76
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/06/2016 6:10:43 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/06/2016 5:52:55 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/06/2016 5:02:09 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/06/2016 3:13:35 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2016 7:13:47 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2016 3:36:27 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2016 2:36:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/06/2016 12:26:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/06/2016 1:41:24 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/06/2016 1:05:05 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/06/2016 5:46:49 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/06/2016 4:45:20 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/06/2016 5:59:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/06/2016 8:12:56 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/06/2016 9:26:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/06/2016 11:26:38 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/05/2016 3:36:23 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/05/2016 9:40:08 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/05/2016 9:08:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/05/2016 11:24:23 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/05/2016 2:27:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/06/2016 10:37:36 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 21/06/2016 10:37:36 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Log: 'System' Date/Time: 21/06/2016 10:35:33 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 21/06/2016 10:34:01 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 21/06/2016 10:29:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 21/06/2016 10:29:52 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Log: 'System' Date/Time: 21/06/2016 10:26:39 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 21/06/2016 9:27:10 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 21/06/2016 9:27:10 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Log: 'System' Date/Time: 21/06/2016 9:24:00 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 21/06/2016 5:55:22 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Log: 'System' Date/Time: 21/06/2016 5:53:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 21/06/2016 5:53:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 21/06/2016 5:53:32 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 21/06/2016 5:53:26 PM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

Log: 'System' Date/Time: 21/06/2016 5:53:23 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 21/06/2016 5:53:11 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  avc3 BDVEDISK discache gzflt ignis spldr Wanarpv6

Log: 'System' Date/Time: 21/06/2016 5:38:10 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 21/06/2016 5:33:03 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 21/06/2016 5:33:03 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/06/2016 10:35:33 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

Log: 'System' Date/Time: 21/06/2016 10:34:23 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 10:33:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/06/2016 10:33:52 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 21/06/2016 10:27:51 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

Log: 'System' Date/Time: 21/06/2016 10:27:12 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 10:26:32 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/06/2016 10:26:32 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 21/06/2016 9:25:17 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

Log: 'System' Date/Time: 21/06/2016 9:24:20 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 9:23:54 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/06/2016 5:52:58 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 5:39:02 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.

Log: 'System' Date/Time: 21/06/2016 5:38:32 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 5:37:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/06/2016 5:32:24 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/06/2016 12:50:19 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name r20swj13mr.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/06/2016 10:28:04 PM
Type: Warning Category: 0
Event: 4101 Source: Display
Display driver igfx stopped responding and has successfully recovered.

Log: 'System' Date/Time: 19/06/2016 6:05:47 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/06/2016 3:14:24 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#00000#.


  • 0

Advertisements


#77
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/06/2016 6:14:18 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/06/2016 9:25:13 PM
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 21/06/2016 9:25:13 PM
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 21/06/2016 7:00:33 PM
Type: Error Category: 0
Event: 3009 Source: Microsoft-Windows-LoadPerf
Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 21/06/2016 7:00:33 PM
Type: Error Category: 0
Event: 3009 Source: Microsoft-Windows-LoadPerf
Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 21/06/2016 5:55:16 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c).

Log: 'Application' Date/Time: 21/06/2016 5:54:50 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 5:39:32 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 5:34:12 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 5:13:41 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered .

Operation:
   Set Snapshot Context

Context:
   Execution Context: Requestor

Log: 'Application' Date/Time: 21/06/2016 5:13:41 PM
Type: Error Category: 0
Event: 22 Source: VSS
Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered ].

Operation:
   Set Snapshot Context

Context:
   Execution Context: Requestor

Log: 'Application' Date/Time: 21/06/2016 5:04:02 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 1:19:12 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\Owner\Downloads\SoftonicDownloader_for_primopdf.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Log: 'Application' Date/Time: 21/06/2016 1:11:44 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program WINWORD.EXE version 14.0.7164.5001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: 1fe8  Start Time: 01d1cb57789a1906  Termination Time: 16  Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE  Report Id: 0c642603-374d-11e6-a1ec-642737d5d080

Log: 'Application' Date/Time: 19/06/2016 3:14:22 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 19/06/2016 1:50:41 AM
Type: Error Category: 0
Event: 11704 Source: MsiInstaller
Product: Shopping App by Ask -- Error 1704. An installation for Adobe Refresh Manager is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Log: 'Application' Date/Time: 18/06/2016 9:09:19 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 2028

Log: 'Application' Date/Time: 18/06/2016 9:09:19 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 2028

Log: 'Application' Date/Time: 18/06/2016 9:09:19 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 18/06/2016 9:09:18 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 1014

Log: 'Application' Date/Time: 18/06/2016 9:09:18 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 1014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/06/2016 10:34:49 PM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 21/06/2016 10:27:32 PM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 21/06/2016 9:37:21 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:C:/Program Files (x86)/Microsoft Office/Office14/Visio Content/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
The object was not found.  (HRESULT : 0x80041201) (0x80041201)

Log: 'Application' Date/Time: 21/06/2016 9:24:53 PM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 21/06/2016 9:23:53 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/06/2016 9:23:52 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/06/2016 7:00:33 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET CLR Networking 4.0.0.0 service. Reinstall the performance counters manually using the LODCTR tool.

Log: 'Application' Date/Time: 21/06/2016 7:00:33 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET Data Provider for Oracle service. Reinstall the performance counters manually using the LODCTR tool.

Log: 'Application' Date/Time: 21/06/2016 6:54:13 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:54:13 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:36 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:36 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:32 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:32 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:27 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:27 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:27 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:27 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:24 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/06/2016 6:53:24 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.


  • 0

#78
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

I'm going to have the admin move this to malware so I can run a FRST scan now that it appears you can download a bit.

 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #79
    Naathim

    Naathim

      GeekU Minion

    • Expert
    • 4,568 posts
    Moved to Malware Removal forum per Ron's request
    • 0

    #80
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
    Ran by Owner (administrator) on OWNER-PC (21-06-2016 18:45:33)
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    (HP) C:\Windows\System32\HPSIsvc.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
    HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TotalRecipeSearch AppIntegrator 64-bit] => C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1107672 2016-04-22] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-18] (Google Inc.)
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: {50323b00-37c4-11e4-9ced-642737d5d080} - F:\SISetup.exe
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: {ad525c50-947d-11e4-ab12-642737d5d080} - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-18\...\MountPoints2: {41a03fc7-794d-11e2-a46f-806e6f6e6963} - D:\autorun\autorun.exe
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-06-15]
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-06-15]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2014-06-11]
    ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2014-06-11]
    ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-13]
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-17]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
    Tcpip\..\Interfaces\{77E23ABE-1BB2-48A9-BA12-F41B64556458}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{8AC013FA-C812-4531-90E6-9EB1CCE989C7}: [DhcpNameServer] 71.10.216.1 71.10.216.2
    Tcpip\..\Interfaces\{D9E8C3FF-8E71-41F2-A82E-2A6BEBCFDE46}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{F355C6F0-4857-45BC-BE92-D6C2F8F75698}: [DhcpNameServer] 71.92.29.130 97.81.22.195 68.113.206.10

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.better-search.net/?src=10&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    URLSearchHook: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
    SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    SearchScopes: HKLM-x32 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm002^YYA^us&si=CLrphrX90sQCFUkV7Aodl2AAlQ&ptb=5A785AAE-2D0E-49A8-9E53-B3436A7B3060&psa=&ind=2015121016&st=sb&n=781c4e78&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {6C0974F6-1FBF-46DD-BDAB-45D64D1820A9} URL = hxxp://isearch.shopathome.com?user_id={458A9901-D9EB-4901-859E-FE7E3A9CEFD9}&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={450FC2CC-16FD-45C0-BB01-D0680A2C5660}&mid=8cfabf364223465b9d085326c40d5531-3c99ef7a0cb711bf815f2b310182d50dffe50bcb&lang=en&ds=pl011&coid=avgtbdispl&cmpid=&pr=sa&d=2013-03-25 22:24:54&v=18.1.6.542&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {A62CED7B-EBAB-4C11-AE8C-28EC7202B190} URL = hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.24.1.53&apn_uid=749EB898-4B1A-4688-89BB-94CA36C47CDD&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17496&doi=2015-02-12&trgb=IE&q={searchTerms}&psv=&pt=tb
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm002^YYA^us&si=CLrphrX90sQCFUkV7Aodl2AAlQ&ptb=5A785AAE-2D0E-49A8-9E53-B3436A7B3060&psa=&ind=2015121016&st=sb&n=781c4e78&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
    BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
    BHO-x32: ShopAtHome.com Cash Back Helper -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll => No File
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll [2014-08-25] (AVG Secure Search)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
    Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll [2014-08-25] (AVG Secure Search)
    Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll No File
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} -  No File
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
    DPF: HKLM-x32 {0D859AF0-C75E-11D4-B760-00E0B81077E8} hxxp://nom.mlxchange.com/5.11.05.35382/Control/FileCruiser.cab
    DPF: HKLM-x32 {145BB11A-44CA-4162-A572-D430131C352C} hxxps://www.bpofulfillment.com/WebResource.axd?d=irnzSshckJSveKJAiGfl2GHjY_wfo-IqK7dbJATIbCCXZ3MCZcsUDrWprfmLR--q8j2ZUJJfZhf7v2Htv9YV6sGAPWtn4Ipbhg_-xfRzy1k_3Ykw-ER7zzTSCRMsnkZYdfibfoHAuzAJBQAUwQyBq4UHQka0XIS-sWNyC0z52f81&t=634830530040000000
    DPF: HKLM-x32 {16FD824B-8E7B-11D2-9855-00802962956C} hxxp://nom.mlxchange.com/5.11.05.35382/Control/Specfile.cab
    DPF: HKLM-x32 {6FD482A3-7B57-438B-B040-52CAA30147EE} hxxp://nom.mlxchange.com/5.11.05.35382/Control/MLSClientUtils.cab
    DPF: HKLM-x32 {73779860-6F88-4D8C-9DAB-30583B9BAAC3} hxxps://www.sttammanyclerk.org/secure/ImageServer/iView2/FileProInet2.CAB
    DPF: HKLM-x32 {78523E50-56EB-11D3-B739-CAA1986A452F} hxxp://nom.mlxchange.com/5.11.05.35382/Control/LiteGrid.cab
    DPF: HKLM-x32 {7A7537FC-5988-11D3-8B33-00104B9E5A4A} hxxp://nom.mlxchange.com/5.11.05.35382/Control/IRCWebPrint.cab
    DPF: HKLM-x32 {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxps://www.bpofulfillment.com/WebResource.axd?d=PUw2-LyUSejzL3Kx-o8EiGQozXrqAyeTvVM5wHg-487X7lkUQnJmhlRcIkzP2DJ1hxXhrHLUYsKsn8YXd9Koptzcx74T_dDKbFqVxXkIYbyNNx3mi1lgd6JflJGwzSp1xMkkQcDSWm5lQQOMfmGyanXgHHqrwWa1KnhgSw5ItwIeTv1uCQcaWz-2xtaLFxp10&t=635126927011905139
    DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxps://secure.clearcapital.com/imageUpload/ImageUploader6.cab
    DPF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://nom.mlxchange.com/5.9.06.33897/Control/IRCSharc.cab
    DPF: HKLM-x32 {B198A72B-B4C3-42B5-B8DA-B364E76429AA} hxxp://nom.mlxchange.com/5.11.05.35382/Control/WebDog.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    DPF: HKLM-x32 {F060A272-A18A-11D3-B75B-00E0B81077E8} hxxp://nom.mlxchange.com/5.11.05.35382/Control/AspCustomCtrls.cab
    Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
    FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2012-10-30] (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2621123606-1971745821-2970127776-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-28] (Citrix Online)
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\MyStart Search.xml [2014-11-05]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\Powered by Bing.xml [2014-11-18]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\sweetim.xml [2014-03-14]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-25]
    FF Extension: Webroot Password Manager - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-06-15]
    FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted [2015-12-18] [not signed]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
    FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-25] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-03-08] <==== ATTENTION

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.better-search.net/?barid=1523565419430232516&src=10&&st=23&i=998&did=10874
    CHR StartupUrls: Default -> "hxxp://www.better-search.net/?barid=1523565419430232516&src=10&&st=23&i=998&did=10874"
    CHR DefaultSearchURL: Default -> hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    CHR DefaultSearchKeyword: Default -> www.better-search.net
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-06-15]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
    CHR Extension: (MusixHub Start) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhpmdajdojnnhkfgffkofkjifglkan [2016-02-06]
    CHR Extension: (MusixHub) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehfkemccjknagjgcbfccjajkgnbffpj [2016-02-06]
    CHR Extension: (Webroot Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2015-12-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
    CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found>

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-21] (Just Develop It) [File not signed] <==== ATTENTION
    R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
    R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]
    R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
    R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
    S4 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
    R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
    S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-09] (BitDefender LLC)
    R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
    S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
    R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
    S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
    R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    U0 SR; no ImagePath
    U2 srservice; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-21 18:45 - 2016-06-21 18:45 - 00040216 _____ C:\Users\Owner\Desktop\FRST.txt
    2016-06-21 18:45 - 2016-06-21 18:45 - 00000000 ____D C:\FRST
    2016-06-21 18:43 - 2016-06-21 18:43 - 02387456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2016-06-21 18:18 - 2016-06-21 18:18 - 00014260 _____ C:\Users\Owner\Desktop\VEW.txt-application.txt
    2016-06-21 18:13 - 2016-06-21 18:13 - 00015630 _____ C:\Users\Owner\Desktop\VEW.txt-1.txt
    2016-06-21 18:10 - 2016-06-21 18:14 - 00014260 _____ C:\VEW.txt
    2016-06-21 18:06 - 2016-06-21 18:06 - 00061440 _____ ( ) C:\Users\Owner\Desktop\VEW.exe
    2016-06-21 18:01 - 2016-06-21 18:01 - 00061440 _____ ( ) C:\Users\Owner\Downloads\VEW.exe
    2016-06-21 17:42 - 2016-06-21 17:42 - 00479440 _____ C:\Users\Owner\Desktop\ntbtlog.txt
    2016-06-21 16:27 - 2016-06-21 16:27 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2016-06-21 12:35 - 2016-06-21 12:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(64-bit).dat
    2016-06-21 12:35 - 2016-06-21 12:35 - 00000000 ____D C:\RegBackup
    2016-06-21 12:32 - 2016-06-21 12:32 - 00003216 _____ C:\bootsqm.dat
    2016-06-21 12:19 - 2016-06-21 12:19 - 00004964 _____ C:\Users\Owner\Desktop\chkdsk_log.txt
    2016-06-21 11:50 - 2016-06-21 11:50 - 00002163 _____ C:\Users\Owner\Desktop\Tweaking.com - Windows Repair.lnk
    2016-06-21 11:50 - 2016-06-21 11:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-06-21 11:50 - 2016-06-21 11:50 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-06-21 11:49 - 2016-06-21 12:03 - 00187466 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
    2016-06-21 11:49 - 2016-06-21 11:49 - 21657496 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2016-06-21 07:20 - 2016-06-21 07:20 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    2016-06-21 07:19 - 2016-06-21 07:19 - 00000996 _____ C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
    2016-06-20 22:31 - 2016-06-20 22:31 - 00365756 _____ C:\Users\Owner\Desktop\CBS (2).zip
    2016-06-20 19:54 - 2016-06-21 08:34 - 09617360 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup_en-khp.exe
    2016-06-20 15:19 - 2016-06-20 15:19 - 00198488 _____ C:\Users\Owner\Documents\Sterling multi offer form.pdf
    2016-06-20 12:36 - 2016-06-20 12:36 - 02301750 _____ C:\Users\Owner\Desktop\Irvin CMA.pdf
    2016-06-19 23:08 - 2016-06-19 23:08 - 00365756 _____ C:\Users\Owner\Desktop\CBS.zip
    2016-06-19 08:44 - 2016-06-19 08:44 - 00026961 _____ C:\ProgramData\1466343840.bdinstall.bin
    2016-06-19 08:42 - 2016-06-19 08:42 - 00026961 _____ C:\ProgramData\1466343763.bdinstall.bin
    2016-06-18 17:20 - 2016-06-18 17:20 - 00000000 ____D C:\80e9e2bab38cc8247d
    2016-06-16 21:29 - 2016-06-21 07:20 - 00000099 _____ C:\Windows\Reimage.ini
    2016-06-16 21:29 - 2016-06-16 21:30 - 00000000 ____D C:\Program Files\Reimage
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\rei
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\ProgramData\Reimage Protector
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2016-06-16 20:46 - 2016-06-16 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper
    2016-06-16 20:09 - 2016-06-19 16:46 - 00000979 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-06-16 20:09 - 2016-06-16 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-06-16 20:09 - 2016-06-16 20:09 - 00000000 ____D C:\Program Files\CCleaner
    2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
    2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
    2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\ProgramData\elsi..tion_d291612c4dce6913_0005.0001_8bf3579dfe869d67
    2016-06-15 22:13 - 2016-06-15 22:18 - 00000000 ____D C:\Users\Owner\Documents\Wondershare PDF to Word
    2016-06-15 21:48 - 2016-06-15 21:48 - 00026961 _____ C:\ProgramData\1466045325.bdinstall.bin
    2016-06-15 21:42 - 2016-06-15 21:42 - 00026961 _____ C:\ProgramData\1466044942.bdinstall.bin
    2016-06-15 21:40 - 2016-06-15 21:40 - 00026961 _____ C:\ProgramData\1466044838.bdinstall.bin
    2016-06-15 21:07 - 2016-06-15 21:07 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp906725983
    2016-06-15 21:07 - 2016-06-15 21:07 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp1074965474
    2016-06-15 20:50 - 2016-06-15 20:50 - 00598869 _____ C:\Users\Owner\Desktop\Charles St disclosure.pdf
    2016-06-15 20:18 - 2016-06-15 22:10 - 00000034 _____ C:\Windows\system32\STOOLSubmit.ret
    2016-06-15 20:09 - 2016-06-15 22:10 - 00000000 ____D C:\ProgramData\Dumps
    2016-06-15 13:01 - 2016-06-15 13:02 - 00008241 _____ C:\ProgramData\1466013653.1532.bin
    2016-06-15 13:00 - 2016-06-15 19:21 - 00093781 _____ C:\ProgramData\1466013653.3504.bin
    2016-06-15 13:00 - 2016-06-15 13:02 - 00002124 _____ C:\ProgramData\1466013653.3208.bin
    2016-06-15 13:00 - 2016-06-15 13:01 - 00000930 _____ C:\ProgramData\1466013653.5456.bin
    2016-06-15 12:16 - 2016-06-19 16:46 - 00002195 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
    2016-06-15 12:16 - 2016-06-15 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
    2016-06-15 12:15 - 2016-06-15 20:10 - 00000000 ____D C:\ProgramData\BDLogging
    2016-06-15 12:15 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
    2016-06-15 12:15 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
    2016-06-15 12:15 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
    2016-06-15 12:15 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
    2016-06-15 12:15 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
    2016-06-15 12:09 - 2016-06-15 12:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bitdefender
    2016-06-15 12:09 - 2016-06-15 12:09 - 00002321 _____ C:\ProgramData\1466010261.5560.bin
    2016-06-15 12:05 - 2016-06-15 12:50 - 00000000 ____D C:\ProgramData\Bitdefender
    2016-06-15 12:05 - 2016-06-15 12:44 - 00159876 _____ C:\ProgramData\1466010261.6104.bin
    2016-06-15 12:05 - 2016-06-15 12:09 - 00017164 _____ C:\ProgramData\1466010261.4824.bin
    2016-06-15 12:05 - 2016-06-15 12:08 - 00001545 _____ C:\ProgramData\1466010261.1248.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00014645 _____ C:\ProgramData\1466010261.3904.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00002342 _____ C:\ProgramData\1466010261.6108.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00001090 _____ C:\ProgramData\1466010261.5604.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00001090 _____ C:\ProgramData\1466010261.4184.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00000000 ____D C:\Program Files\Bitdefender
    2016-06-15 12:05 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2016-06-15 12:05 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
    2016-06-15 12:04 - 2016-06-15 12:16 - 00233409 _____ C:\ProgramData\1466010261.4764.bin
    2016-06-15 12:04 - 2016-06-15 12:16 - 00189211 _____ C:\ProgramData\1466010261.1352.bin
    2016-06-15 12:04 - 2016-06-15 12:15 - 00015069 _____ C:\ProgramData\1466010261.5776.bin
    2016-06-15 12:04 - 2016-06-15 12:05 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2016-06-15 12:04 - 2016-06-15 12:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
    2016-06-15 11:54 - 2016-06-15 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp861625900
    2016-06-15 11:54 - 2016-06-15 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp2128510550
    2016-06-15 11:49 - 2016-06-21 18:35 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2016-06-15 11:49 - 2016-06-15 11:49 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2016-06-15 11:04 - 2016-06-15 11:04 - 00000162 _____ C:\Users\Owner\Documents\~$fferson DR. list.csv
    2016-06-13 09:50 - 2016-06-13 09:50 - 00349696 _____ C:\Users\Owner\Documents\Pet logo for property page.sig
    2016-06-12 19:02 - 2016-06-12 19:02 - 00111354 _____ C:\Users\Owner\Documents\Brickyard w-9.pdf
    2016-06-10 14:32 - 2016-06-10 14:33 - 04701481 _____ C:\Users\Owner\Desktop\Chelan flyer.pdf
    2016-06-10 09:15 - 2016-06-10 09:15 - 00279692 _____ C:\Users\Owner\Documents\BEST SQUEEZE PAGE-POST A PROP START GUIDE.pdf
    2016-06-07 23:07 - 2016-06-07 23:07 - 00073728 _____ C:\Users\Owner\Documents\Pet Stationary.sig
    2016-06-06 12:46 - 2016-06-06 12:46 - 00022844 _____ C:\Users\Owner\Documents\Seller utility form.pdf
    2016-06-05 19:45 - 2016-06-05 19:45 - 00082073 _____ C:\Users\Owner\Documents\CHELAN DUAL AGENCY.pdf
    2016-06-05 19:42 - 2016-06-05 19:42 - 00135270 _____ C:\Users\Owner\Documents\CHELAN PROPERTY DISCLOSURE.pdf
    2016-06-05 19:36 - 2016-06-05 19:36 - 00130133 _____ C:\Users\Owner\Documents\CHELAN LISTING AGREEMENT.pdf
    2016-06-05 14:27 - 2016-06-05 14:27 - 00265335 _____ C:\Users\Owner\Documents\Chelan comps.pdf
    2016-06-04 18:26 - 2016-06-04 18:26 - 00079744 _____ C:\Users\Owner\Documents\Wells fargo june 2016 payment confirmation.pdf
    2016-06-04 18:17 - 2016-06-04 18:17 - 00049986 _____ C:\Users\Owner\Documents\Demco june 2016 payment.pdf
    2016-06-03 22:59 - 2016-06-03 23:00 - 00003772 _____ C:\Users\Owner\Documents\Forest Ln list.csv
    2016-06-03 22:23 - 2016-06-03 22:23 - 00002067 _____ C:\Users\Owner\Documents\Yates list.csv
    2016-06-03 22:22 - 2016-06-03 22:22 - 00002067 _____ C:\Users\Owner\Documents\Yates.csv
    2016-06-03 22:20 - 2016-06-03 22:20 - 00008270 _____ C:\Users\Owner\Documents\Cuthell list.csv
    2016-06-03 22:06 - 2016-06-03 22:06 - 00009461 _____ C:\Users\Owner\Documents\Tricou Blvd list.csv
    2016-06-03 22:03 - 2016-06-03 22:03 - 00008393 _____ C:\Users\Owner\Documents\Scott Pl list.csv
    2016-06-03 21:57 - 2016-06-03 21:57 - 00012798 _____ C:\Users\Owner\Documents\James Robert list.csv
    2016-06-03 21:53 - 2016-06-03 21:54 - 00019664 _____ C:\Users\Owner\Documents\Rene Dr. list.csv
    2016-06-03 21:48 - 2016-06-03 21:49 - 00009357 _____ C:\Users\Owner\Documents\Adelle Dr. list.csv
    2016-06-03 21:43 - 2016-06-03 21:43 - 00002043 _____ C:\Users\Owner\Documents\Chad Dr. list.csv
    2016-06-03 20:02 - 2016-06-03 20:03 - 00705305 _____ C:\Users\Owner\Documents\Pet 2016 license.pdf
    2016-06-03 20:02 - 2016-06-03 20:03 - 00705305 _____ C:\Users\Owner\Documents\3611720151229 (1).pdf
    2016-06-03 11:27 - 2016-06-03 11:27 - 00988458 _____ C:\Users\Owner\Documents\10_12 Properties Ad Proof  inside northside.pdf
    2016-06-02 22:30 - 2016-06-02 22:30 - 00067237 _____ C:\Users\Owner\Desktop\Lease app.pdf
    2016-06-02 11:37 - 2016-06-02 11:37 - 00709120 _____ C:\Users\Owner\Documents\SEVENTH SOLD.sig
    2016-06-02 11:35 - 2016-06-02 11:47 - 00709120 _____ C:\Users\Owner\Documents\RIVERWOOD SOLD.sig
    2016-06-02 11:30 - 2016-06-02 11:30 - 00709120 _____ C:\Users\Owner\Documents\JAELYN SOLD SITE.sig
    2016-06-02 10:53 - 2016-06-02 10:53 - 00709120 _____ C:\Users\Owner\Documents\CARTER TR SITE.sig
    2016-06-01 11:19 - 2016-06-01 11:19 - 00003621 _____ C:\Users\Owner\Documents\Cort mail out.csv
    2016-06-01 08:53 - 2016-06-01 08:57 - 00028665 _____ C:\Users\Owner\Documents\State st labels.pdf
    2016-06-01 08:52 - 2016-06-01 08:56 - 00031232 _____ C:\Users\Owner\Documents\State st mail out.xls
    2016-06-01 08:50 - 2016-06-01 08:50 - 00002930 _____ C:\Users\Owner\Documents\State st list.csv
    2016-06-01 08:46 - 2016-06-01 08:46 - 00032347 _____ C:\Users\Owner\Documents\Jefferson labels.pdf
    2016-06-01 08:45 - 2016-06-17 15:16 - 00043520 _____ C:\Users\Owner\Documents\Jefferson mail out.xls
    2016-06-01 08:43 - 2016-06-01 08:44 - 00007249 _____ C:\Users\Owner\Documents\Jefferson DR. list.csv
    2016-06-01 08:21 - 2016-06-01 08:21 - 00022528 _____ C:\Users\Owner\Documents\Rue Chateau.xls
    2016-06-01 08:18 - 2016-06-01 08:18 - 00000339 _____ C:\Users\Owner\Documents\Rue Chateau.csv
    2016-06-01 08:15 - 2016-06-01 08:15 - 00020039 _____ C:\Users\Owner\Documents\Rue Monet labels.pdf
    2016-06-01 08:12 - 2016-06-01 08:12 - 00023040 _____ C:\Users\Owner\Documents\Rue Monet mail out.xls
    2016-06-01 08:08 - 2016-06-01 08:08 - 00000478 _____ C:\Users\Owner\Documents\Rue Monet list.csv
    2016-06-01 08:00 - 2016-06-01 08:00 - 00031813 _____ C:\Users\Owner\Documents\Rue Chene labels.pdf
    2016-06-01 07:54 - 2016-06-01 07:54 - 00034816 _____ C:\Users\Owner\Documents\Rue Chene mail out excel temp.xlt
    2016-06-01 07:51 - 2016-06-01 07:51 - 00034816 _____ C:\Users\Owner\Documents\Rue Chene mail out workbook.xls
    2016-06-01 07:48 - 2016-06-01 07:49 - 00014380 _____ C:\Users\Owner\Documents\Rue Chene mail out-3.xltx
    2016-06-01 07:27 - 2016-06-01 07:27 - 00032996 _____ C:\Users\Owner\Documents\Rue Maison labels.pdf
    2016-06-01 07:24 - 2016-06-01 07:24 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list-2.csv
    2016-06-01 07:22 - 2016-06-01 07:22 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list.csv
    2016-06-01 07:21 - 2016-06-01 07:21 - 00040960 _____ C:\Users\Owner\Documents\Rue Masion mail out.xls
    2016-06-01 07:07 - 2016-06-01 07:07 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list csv.csv
    2016-06-01 06:50 - 2016-06-01 06:51 - 00039936 _____ C:\Users\Owner\Documents\Rue chene list.xls
    2016-06-01 06:48 - 2016-06-01 06:51 - 00006121 _____ C:\Users\Owner\Documents\Rue Chene mail out.csv
    2016-05-31 12:25 - 2016-05-31 12:25 - 00142784 _____ C:\Users\Owner\Documents\Client list updated 5-31-16.csv
    2016-05-31 11:58 - 2016-06-01 06:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SendBlaster3
    2016-05-31 11:58 - 2016-05-31 11:58 - 00000000 ____D C:\Users\Owner\Documents\SendBlaster3
    2016-05-23 17:39 - 2016-05-23 17:39 - 00017163 _____ C:\Users\Owner\Documents\MatrixContacts.CSV
    2016-05-23 17:38 - 2016-05-23 17:55 - 00017005 _____ C:\Users\Owner\Documents\MLS contact list.csv
    2016-05-22 08:51 - 2016-05-22 08:51 - 00077874 _____ C:\Users\Owner\Documents\Smart start drivers ed receipt.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-21 18:43 - 2015-08-18 14:14 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job
    2016-06-21 18:18 - 2013-02-18 15:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-21 18:17 - 2013-02-18 21:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-06-21 18:12 - 2015-08-18 14:14 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job
    2016-06-21 17:43 - 2009-07-13 23:45 - 00029120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-21 17:43 - 2009-07-13 23:45 - 00029120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-21 17:39 - 2009-07-14 00:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-06-21 17:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2016-06-21 17:35 - 2014-06-18 13:12 - 00479440 _____ C:\Windows\ntbtlog.txt
    2016-06-21 17:34 - 2013-02-18 15:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-21 17:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-21 17:31 - 2016-01-07 13:04 - 00000000 ____D C:\Windows\pss
    2016-06-21 16:26 - 2013-02-17 15:45 - 00129968 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-06-21 16:24 - 2009-07-13 23:45 - 00458896 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-06-21 13:55 - 2009-07-13 21:34 - 00000439 _____ C:\Windows\win.ini
    2016-06-21 13:51 - 2014-02-27 10:15 - 00782510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-06-20 19:58 - 2013-04-03 09:20 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2016-06-20 14:00 - 2013-02-19 23:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PrimoPDF
    2016-06-19 17:20 - 2011-05-05 05:14 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2016-06-19 17:20 - 2010-07-11 20:28 - 00086352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
    2016-06-18 14:24 - 2015-12-21 15:21 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-18 14:24 - 2015-12-21 15:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-06-17 19:47 - 2013-06-08 21:39 - 00000085 _____ C:\Windows\ImportClient.INI
    2016-06-17 19:47 - 2013-06-08 21:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nitro PDF
    2016-06-17 19:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
    2016-06-17 07:26 - 2013-02-18 13:53 - 00000000 ____D C:\ProgramData\WRData
    2016-06-16 20:49 - 2015-09-22 12:34 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2016-06-16 20:48 - 2016-02-06 12:13 - 00000000 ____D C:\ProgramData\Freemake
    2016-06-16 20:47 - 2016-04-20 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
    2016-06-16 20:47 - 2016-04-20 06:10 - 00000000 ____D C:\Program Files (x86)\iMobie
    2016-06-16 19:48 - 2013-02-27 14:58 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2016-06-15 22:39 - 2014-08-30 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2016-06-15 22:39 - 2014-08-30 10:02 - 00000000 ____D C:\Program Files (x86)\Wondershare
    2016-06-15 21:07 - 2015-12-10 16:18 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp
    2016-06-15 20:57 - 2013-02-18 22:30 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\LastPass
    2016-06-15 19:19 - 2009-07-13 21:34 - 00000828 _____ C:\Windows\system32\Drivers\etc\hosts_bak_815
    2016-06-15 11:23 - 2015-03-31 11:23 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job
    2016-06-02 10:58 - 2016-02-04 20:31 - 00709120 _____ C:\Users\Owner\Documents\WHIP ST SITE.sig
    2016-06-02 10:54 - 2015-10-09 13:23 - 01459200 _____ C:\Users\Owner\Documents\DURBIN RD SITE.sig
    2016-06-02 10:50 - 2015-10-09 13:26 - 02203648 _____ C:\Users\Owner\Documents\SHELLY ST SITE.sig
    2016-06-01 09:19 - 2014-05-22 13:26 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2016-06-01 09:19 - 2014-05-22 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-05-23 08:47 - 2016-05-03 12:49 - 03495424 _____ C:\Users\Owner\Documents\announcement card.pcr

    ==================== Files in the root of some directories =======

    2016-05-11 12:59 - 2016-05-11 12:59 - 0000000 _____ () C:\Program Files (x86)\GUT3615.tmp
    2013-12-05 10:27 - 2013-12-05 10:27 - 49940480 _____ () C:\Program Files (x86)\GUT7A73.tmp
    2016-02-01 21:20 - 2016-02-01 21:20 - 6871040 _____ () C:\Program Files (x86)\GUTA6F1.tmp
    2013-06-18 10:59 - 2014-06-03 13:59 - 0003738 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    2014-06-11 06:45 - 2016-06-15 20:44 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2015-09-16 11:12 - 2016-02-06 18:29 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-07-14 18:44 - 2013-07-14 18:44 - 0001465 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
    2016-04-12 14:14 - 2016-04-12 14:14 - 0000000 _____ () C:\Users\Owner\AppData\Local\{D0F9E2AA-C4FD-49F7-86F5-E2944F1F0250}
    2016-06-15 12:05 - 2016-06-15 12:08 - 0001545 _____ () C:\ProgramData\1466010261.1248.bin
    2016-06-15 12:04 - 2016-06-15 12:16 - 0189211 _____ () C:\ProgramData\1466010261.1352.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 0014645 _____ () C:\ProgramData\1466010261.3904.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 0001090 _____ () C:\ProgramData\1466010261.4184.bin
    2016-06-15 12:04 - 2016-06-15 12:16 - 0233409 _____ () C:\ProgramData\1466010261.4764.bin
    2016-06-15 12:05 - 2016-06-15 12:09 - 0017164 _____ () C:\ProgramData\1466010261.4824.bin
    2016-06-15 12:09 - 2016-06-15 12:09 - 0002321 _____ () C:\ProgramData\1466010261.5560.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 0001090 _____ () C:\ProgramData\1466010261.5604.bin
    2016-06-15 12:04 - 2016-06-15 12:15 - 0015069 _____ () C:\ProgramData\1466010261.5776.bin
    2016-06-15 12:05 - 2016-06-15 12:44 - 0159876 _____ () C:\ProgramData\1466010261.6104.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 0002342 _____ () C:\ProgramData\1466010261.6108.bin
    2016-06-15 13:01 - 2016-06-15 13:02 - 0008241 _____ () C:\ProgramData\1466013653.1532.bin
    2016-06-15 13:00 - 2016-06-15 13:02 - 0002124 _____ () C:\ProgramData\1466013653.3208.bin
    2016-06-15 13:00 - 2016-06-15 19:21 - 0093781 _____ () C:\ProgramData\1466013653.3504.bin
    2016-06-15 13:00 - 2016-06-15 13:01 - 0000930 _____ () C:\ProgramData\1466013653.5456.bin
    2016-06-15 21:40 - 2016-06-15 21:40 - 0026961 _____ () C:\ProgramData\1466044838.bdinstall.bin
    2016-06-15 21:42 - 2016-06-15 21:42 - 0026961 _____ () C:\ProgramData\1466044942.bdinstall.bin
    2016-06-15 21:48 - 2016-06-15 21:48 - 0026961 _____ () C:\ProgramData\1466045325.bdinstall.bin
    2016-06-19 08:42 - 2016-06-19 08:42 - 0026961 _____ () C:\ProgramData\1466343763.bdinstall.bin
    2016-06-19 08:44 - 2016-06-19 08:44 - 0026961 _____ () C:\ProgramData\1466343840.bdinstall.bin

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-06-17 08:58

    ==================== End of FRST.txt ============================


    • 0

    #81
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
    Ran by Owner (administrator) on OWNER-PC (21-06-2016 18:45:33)
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    (HP) C:\Windows\System32\HPSIsvc.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
    HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TotalRecipeSearch AppIntegrator 64-bit] => C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1107672 2016-04-22] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-18] (Google Inc.)
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: {50323b00-37c4-11e4-9ced-642737d5d080} - F:\SISetup.exe
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: {ad525c50-947d-11e4-ab12-642737d5d080} - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-18\...\MountPoints2: {41a03fc7-794d-11e2-a46f-806e6f6e6963} - D:\autorun\autorun.exe
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-06-15]
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-06-15]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2014-06-11]
    ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2014-06-11]
    ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-13]
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-17]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
    Tcpip\..\Interfaces\{77E23ABE-1BB2-48A9-BA12-F41B64556458}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{8AC013FA-C812-4531-90E6-9EB1CCE989C7}: [DhcpNameServer] 71.10.216.1 71.10.216.2
    Tcpip\..\Interfaces\{D9E8C3FF-8E71-41F2-A82E-2A6BEBCFDE46}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{F355C6F0-4857-45BC-BE92-D6C2F8F75698}: [DhcpNameServer] 71.92.29.130 97.81.22.195 68.113.206.10

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.better-search.net/?src=10&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    URLSearchHook: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
    SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    SearchScopes: HKLM-x32 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm002^YYA^us&si=CLrphrX90sQCFUkV7Aodl2AAlQ&ptb=5A785AAE-2D0E-49A8-9E53-B3436A7B3060&psa=&ind=2015121016&st=sb&n=781c4e78&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {6C0974F6-1FBF-46DD-BDAB-45D64D1820A9} URL = hxxp://isearch.shopathome.com?user_id={458A9901-D9EB-4901-859E-FE7E3A9CEFD9}&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={450FC2CC-16FD-45C0-BB01-D0680A2C5660}&mid=8cfabf364223465b9d085326c40d5531-3c99ef7a0cb711bf815f2b310182d50dffe50bcb&lang=en&ds=pl011&coid=avgtbdispl&cmpid=&pr=sa&d=2013-03-25 22:24:54&v=18.1.6.542&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {A62CED7B-EBAB-4C11-AE8C-28EC7202B190} URL = hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.24.1.53&apn_uid=749EB898-4B1A-4688-89BB-94CA36C47CDD&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17496&doi=2015-02-12&trgb=IE&q={searchTerms}&psv=&pt=tb
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm002^YYA^us&si=CLrphrX90sQCFUkV7Aodl2AAlQ&ptb=5A785AAE-2D0E-49A8-9E53-B3436A7B3060&psa=&ind=2015121016&st=sb&n=781c4e78&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
    BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
    BHO-x32: ShopAtHome.com Cash Back Helper -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll => No File
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll [2014-08-25] (AVG Secure Search)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
    Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll [2014-08-25] (AVG Secure Search)
    Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll No File
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} -  No File
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
    DPF: HKLM-x32 {0D859AF0-C75E-11D4-B760-00E0B81077E8} hxxp://nom.mlxchange.com/5.11.05.35382/Control/FileCruiser.cab
    DPF: HKLM-x32 {145BB11A-44CA-4162-A572-D430131C352C} hxxps://www.bpofulfillment.com/WebResource.axd?d=irnzSshckJSveKJAiGfl2GHjY_wfo-IqK7dbJATIbCCXZ3MCZcsUDrWprfmLR--q8j2ZUJJfZhf7v2Htv9YV6sGAPWtn4Ipbhg_-xfRzy1k_3Ykw-ER7zzTSCRMsnkZYdfibfoHAuzAJBQAUwQyBq4UHQka0XIS-sWNyC0z52f81&t=634830530040000000
    DPF: HKLM-x32 {16FD824B-8E7B-11D2-9855-00802962956C} hxxp://nom.mlxchange.com/5.11.05.35382/Control/Specfile.cab
    DPF: HKLM-x32 {6FD482A3-7B57-438B-B040-52CAA30147EE} hxxp://nom.mlxchange.com/5.11.05.35382/Control/MLSClientUtils.cab
    DPF: HKLM-x32 {73779860-6F88-4D8C-9DAB-30583B9BAAC3} hxxps://www.sttammanyclerk.org/secure/ImageServer/iView2/FileProInet2.CAB
    DPF: HKLM-x32 {78523E50-56EB-11D3-B739-CAA1986A452F} hxxp://nom.mlxchange.com/5.11.05.35382/Control/LiteGrid.cab
    DPF: HKLM-x32 {7A7537FC-5988-11D3-8B33-00104B9E5A4A} hxxp://nom.mlxchange.com/5.11.05.35382/Control/IRCWebPrint.cab
    DPF: HKLM-x32 {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxps://www.bpofulfillment.com/WebResource.axd?d=PUw2-LyUSejzL3Kx-o8EiGQozXrqAyeTvVM5wHg-487X7lkUQnJmhlRcIkzP2DJ1hxXhrHLUYsKsn8YXd9Koptzcx74T_dDKbFqVxXkIYbyNNx3mi1lgd6JflJGwzSp1xMkkQcDSWm5lQQOMfmGyanXgHHqrwWa1KnhgSw5ItwIeTv1uCQcaWz-2xtaLFxp10&t=635126927011905139
    DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxps://secure.clearcapital.com/imageUpload/ImageUploader6.cab
    DPF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://nom.mlxchange.com/5.9.06.33897/Control/IRCSharc.cab
    DPF: HKLM-x32 {B198A72B-B4C3-42B5-B8DA-B364E76429AA} hxxp://nom.mlxchange.com/5.11.05.35382/Control/WebDog.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    DPF: HKLM-x32 {F060A272-A18A-11D3-B75B-00E0B81077E8} hxxp://nom.mlxchange.com/5.11.05.35382/Control/AspCustomCtrls.cab
    Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
    FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2012-10-30] (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2621123606-1971745821-2970127776-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-28] (Citrix Online)
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\MyStart Search.xml [2014-11-05]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\Powered by Bing.xml [2014-11-18]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\sweetim.xml [2014-03-14]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-25]
    FF Extension: Webroot Password Manager - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-06-15]
    FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted [2015-12-18] [not signed]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
    FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-25] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-03-08] <==== ATTENTION

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.better-search.net/?barid=1523565419430232516&src=10&&st=23&i=998&did=10874
    CHR StartupUrls: Default -> "hxxp://www.better-search.net/?barid=1523565419430232516&src=10&&st=23&i=998&did=10874"
    CHR DefaultSearchURL: Default -> hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    CHR DefaultSearchKeyword: Default -> www.better-search.net
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-06-15]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
    CHR Extension: (MusixHub Start) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhpmdajdojnnhkfgffkofkjifglkan [2016-02-06]
    CHR Extension: (MusixHub) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehfkemccjknagjgcbfccjajkgnbffpj [2016-02-06]
    CHR Extension: (Webroot Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2015-12-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
    CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found>

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-21] (Just Develop It) [File not signed] <==== ATTENTION
    R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
    R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]
    R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
    R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
    S4 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
    R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
    S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-09] (BitDefender LLC)
    R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
    S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
    R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
    S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
    R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    U0 SR; no ImagePath
    U2 srservice; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-21 18:45 - 2016-06-21 18:45 - 00040216 _____ C:\Users\Owner\Desktop\FRST.txt
    2016-06-21 18:45 - 2016-06-21 18:45 - 00000000 ____D C:\FRST
    2016-06-21 18:43 - 2016-06-21 18:43 - 02387456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2016-06-21 18:18 - 2016-06-21 18:18 - 00014260 _____ C:\Users\Owner\Desktop\VEW.txt-application.txt
    2016-06-21 18:13 - 2016-06-21 18:13 - 00015630 _____ C:\Users\Owner\Desktop\VEW.txt-1.txt
    2016-06-21 18:10 - 2016-06-21 18:14 - 00014260 _____ C:\VEW.txt
    2016-06-21 18:06 - 2016-06-21 18:06 - 00061440 _____ ( ) C:\Users\Owner\Desktop\VEW.exe
    2016-06-21 18:01 - 2016-06-21 18:01 - 00061440 _____ ( ) C:\Users\Owner\Downloads\VEW.exe
    2016-06-21 17:42 - 2016-06-21 17:42 - 00479440 _____ C:\Users\Owner\Desktop\ntbtlog.txt
    2016-06-21 16:27 - 2016-06-21 16:27 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2016-06-21 12:35 - 2016-06-21 12:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(64-bit).dat
    2016-06-21 12:35 - 2016-06-21 12:35 - 00000000 ____D C:\RegBackup
    2016-06-21 12:32 - 2016-06-21 12:32 - 00003216 _____ C:\bootsqm.dat
    2016-06-21 12:19 - 2016-06-21 12:19 - 00004964 _____ C:\Users\Owner\Desktop\chkdsk_log.txt
    2016-06-21 11:50 - 2016-06-21 11:50 - 00002163 _____ C:\Users\Owner\Desktop\Tweaking.com - Windows Repair.lnk
    2016-06-21 11:50 - 2016-06-21 11:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-06-21 11:50 - 2016-06-21 11:50 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-06-21 11:49 - 2016-06-21 12:03 - 00187466 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
    2016-06-21 11:49 - 2016-06-21 11:49 - 21657496 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2016-06-21 07:20 - 2016-06-21 07:20 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    2016-06-21 07:19 - 2016-06-21 07:19 - 00000996 _____ C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
    2016-06-20 22:31 - 2016-06-20 22:31 - 00365756 _____ C:\Users\Owner\Desktop\CBS (2).zip
    2016-06-20 19:54 - 2016-06-21 08:34 - 09617360 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup_en-khp.exe
    2016-06-20 15:19 - 2016-06-20 15:19 - 00198488 _____ C:\Users\Owner\Documents\Sterling multi offer form.pdf
    2016-06-20 12:36 - 2016-06-20 12:36 - 02301750 _____ C:\Users\Owner\Desktop\Irvin CMA.pdf
    2016-06-19 23:08 - 2016-06-19 23:08 - 00365756 _____ C:\Users\Owner\Desktop\CBS.zip
    2016-06-19 08:44 - 2016-06-19 08:44 - 00026961 _____ C:\ProgramData\1466343840.bdinstall.bin
    2016-06-19 08:42 - 2016-06-19 08:42 - 00026961 _____ C:\ProgramData\1466343763.bdinstall.bin
    2016-06-18 17:20 - 2016-06-18 17:20 - 00000000 ____D C:\80e9e2bab38cc8247d
    2016-06-16 21:29 - 2016-06-21 07:20 - 00000099 _____ C:\Windows\Reimage.ini
    2016-06-16 21:29 - 2016-06-16 21:30 - 00000000 ____D C:\Program Files\Reimage
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\rei
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\ProgramData\Reimage Protector
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2016-06-16 20:46 - 2016-06-16 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper
    2016-06-16 20:09 - 2016-06-19 16:46 - 00000979 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-06-16 20:09 - 2016-06-16 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-06-16 20:09 - 2016-06-16 20:09 - 00000000 ____D C:\Program Files\CCleaner
    2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
    2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
    2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\ProgramData\elsi..tion_d291612c4dce6913_0005.0001_8bf3579dfe869d67
    2016-06-15 22:13 - 2016-06-15 22:18 - 00000000 ____D C:\Users\Owner\Documents\Wondershare PDF to Word
    2016-06-15 21:48 - 2016-06-15 21:48 - 00026961 _____ C:\ProgramData\1466045325.bdinstall.bin
    2016-06-15 21:42 - 2016-06-15 21:42 - 00026961 _____ C:\ProgramData\1466044942.bdinstall.bin
    2016-06-15 21:40 - 2016-06-15 21:40 - 00026961 _____ C:\ProgramData\1466044838.bdinstall.bin
    2016-06-15 21:07 - 2016-06-15 21:07 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp906725983
    2016-06-15 21:07 - 2016-06-15 21:07 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp1074965474
    2016-06-15 20:50 - 2016-06-15 20:50 - 00598869 _____ C:\Users\Owner\Desktop\Charles St disclosure.pdf
    2016-06-15 20:18 - 2016-06-15 22:10 - 00000034 _____ C:\Windows\system32\STOOLSubmit.ret
    2016-06-15 20:09 - 2016-06-15 22:10 - 00000000 ____D C:\ProgramData\Dumps
    2016-06-15 13:01 - 2016-06-15 13:02 - 00008241 _____ C:\ProgramData\1466013653.1532.bin
    2016-06-15 13:00 - 2016-06-15 19:21 - 00093781 _____ C:\ProgramData\1466013653.3504.bin
    2016-06-15 13:00 - 2016-06-15 13:02 - 00002124 _____ C:\ProgramData\1466013653.3208.bin
    2016-06-15 13:00 - 2016-06-15 13:01 - 00000930 _____ C:\ProgramData\1466013653.5456.bin
    2016-06-15 12:16 - 2016-06-19 16:46 - 00002195 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
    2016-06-15 12:16 - 2016-06-15 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
    2016-06-15 12:15 - 2016-06-15 20:10 - 00000000 ____D C:\ProgramData\BDLogging
    2016-06-15 12:15 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
    2016-06-15 12:15 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
    2016-06-15 12:15 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
    2016-06-15 12:15 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
    2016-06-15 12:15 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
    2016-06-15 12:09 - 2016-06-15 12:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bitdefender
    2016-06-15 12:09 - 2016-06-15 12:09 - 00002321 _____ C:\ProgramData\1466010261.5560.bin
    2016-06-15 12:05 - 2016-06-15 12:50 - 00000000 ____D C:\ProgramData\Bitdefender
    2016-06-15 12:05 - 2016-06-15 12:44 - 00159876 _____ C:\ProgramData\1466010261.6104.bin
    2016-06-15 12:05 - 2016-06-15 12:09 - 00017164 _____ C:\ProgramData\1466010261.4824.bin
    2016-06-15 12:05 - 2016-06-15 12:08 - 00001545 _____ C:\ProgramData\1466010261.1248.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00014645 _____ C:\ProgramData\1466010261.3904.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00002342 _____ C:\ProgramData\1466010261.6108.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00001090 _____ C:\ProgramData\1466010261.5604.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00001090 _____ C:\ProgramData\1466010261.4184.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 00000000 ____D C:\Program Files\Bitdefender
    2016-06-15 12:05 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2016-06-15 12:05 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
    2016-06-15 12:04 - 2016-06-15 12:16 - 00233409 _____ C:\ProgramData\1466010261.4764.bin
    2016-06-15 12:04 - 2016-06-15 12:16 - 00189211 _____ C:\ProgramData\1466010261.1352.bin
    2016-06-15 12:04 - 2016-06-15 12:15 - 00015069 _____ C:\ProgramData\1466010261.5776.bin
    2016-06-15 12:04 - 2016-06-15 12:05 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2016-06-15 12:04 - 2016-06-15 12:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
    2016-06-15 11:54 - 2016-06-15 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp861625900
    2016-06-15 11:54 - 2016-06-15 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp2128510550
    2016-06-15 11:49 - 2016-06-21 18:35 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2016-06-15 11:49 - 2016-06-15 11:49 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2016-06-15 11:04 - 2016-06-15 11:04 - 00000162 _____ C:\Users\Owner\Documents\~$fferson DR. list.csv
    2016-06-13 09:50 - 2016-06-13 09:50 - 00349696 _____ C:\Users\Owner\Documents\Pet logo for property page.sig
    2016-06-12 19:02 - 2016-06-12 19:02 - 00111354 _____ C:\Users\Owner\Documents\Brickyard w-9.pdf
    2016-06-10 14:32 - 2016-06-10 14:33 - 04701481 _____ C:\Users\Owner\Desktop\Chelan flyer.pdf
    2016-06-10 09:15 - 2016-06-10 09:15 - 00279692 _____ C:\Users\Owner\Documents\BEST SQUEEZE PAGE-POST A PROP START GUIDE.pdf
    2016-06-07 23:07 - 2016-06-07 23:07 - 00073728 _____ C:\Users\Owner\Documents\Pet Stationary.sig
    2016-06-06 12:46 - 2016-06-06 12:46 - 00022844 _____ C:\Users\Owner\Documents\Seller utility form.pdf
    2016-06-05 19:45 - 2016-06-05 19:45 - 00082073 _____ C:\Users\Owner\Documents\CHELAN DUAL AGENCY.pdf
    2016-06-05 19:42 - 2016-06-05 19:42 - 00135270 _____ C:\Users\Owner\Documents\CHELAN PROPERTY DISCLOSURE.pdf
    2016-06-05 19:36 - 2016-06-05 19:36 - 00130133 _____ C:\Users\Owner\Documents\CHELAN LISTING AGREEMENT.pdf
    2016-06-05 14:27 - 2016-06-05 14:27 - 00265335 _____ C:\Users\Owner\Documents\Chelan comps.pdf
    2016-06-04 18:26 - 2016-06-04 18:26 - 00079744 _____ C:\Users\Owner\Documents\Wells fargo june 2016 payment confirmation.pdf
    2016-06-04 18:17 - 2016-06-04 18:17 - 00049986 _____ C:\Users\Owner\Documents\Demco june 2016 payment.pdf
    2016-06-03 22:59 - 2016-06-03 23:00 - 00003772 _____ C:\Users\Owner\Documents\Forest Ln list.csv
    2016-06-03 22:23 - 2016-06-03 22:23 - 00002067 _____ C:\Users\Owner\Documents\Yates list.csv
    2016-06-03 22:22 - 2016-06-03 22:22 - 00002067 _____ C:\Users\Owner\Documents\Yates.csv
    2016-06-03 22:20 - 2016-06-03 22:20 - 00008270 _____ C:\Users\Owner\Documents\Cuthell list.csv
    2016-06-03 22:06 - 2016-06-03 22:06 - 00009461 _____ C:\Users\Owner\Documents\Tricou Blvd list.csv
    2016-06-03 22:03 - 2016-06-03 22:03 - 00008393 _____ C:\Users\Owner\Documents\Scott Pl list.csv
    2016-06-03 21:57 - 2016-06-03 21:57 - 00012798 _____ C:\Users\Owner\Documents\James Robert list.csv
    2016-06-03 21:53 - 2016-06-03 21:54 - 00019664 _____ C:\Users\Owner\Documents\Rene Dr. list.csv
    2016-06-03 21:48 - 2016-06-03 21:49 - 00009357 _____ C:\Users\Owner\Documents\Adelle Dr. list.csv
    2016-06-03 21:43 - 2016-06-03 21:43 - 00002043 _____ C:\Users\Owner\Documents\Chad Dr. list.csv
    2016-06-03 20:02 - 2016-06-03 20:03 - 00705305 _____ C:\Users\Owner\Documents\Pet 2016 license.pdf
    2016-06-03 20:02 - 2016-06-03 20:03 - 00705305 _____ C:\Users\Owner\Documents\3611720151229 (1).pdf
    2016-06-03 11:27 - 2016-06-03 11:27 - 00988458 _____ C:\Users\Owner\Documents\10_12 Properties Ad Proof  inside northside.pdf
    2016-06-02 22:30 - 2016-06-02 22:30 - 00067237 _____ C:\Users\Owner\Desktop\Lease app.pdf
    2016-06-02 11:37 - 2016-06-02 11:37 - 00709120 _____ C:\Users\Owner\Documents\SEVENTH SOLD.sig
    2016-06-02 11:35 - 2016-06-02 11:47 - 00709120 _____ C:\Users\Owner\Documents\RIVERWOOD SOLD.sig
    2016-06-02 11:30 - 2016-06-02 11:30 - 00709120 _____ C:\Users\Owner\Documents\JAELYN SOLD SITE.sig
    2016-06-02 10:53 - 2016-06-02 10:53 - 00709120 _____ C:\Users\Owner\Documents\CARTER TR SITE.sig
    2016-06-01 11:19 - 2016-06-01 11:19 - 00003621 _____ C:\Users\Owner\Documents\Cort mail out.csv
    2016-06-01 08:53 - 2016-06-01 08:57 - 00028665 _____ C:\Users\Owner\Documents\State st labels.pdf
    2016-06-01 08:52 - 2016-06-01 08:56 - 00031232 _____ C:\Users\Owner\Documents\State st mail out.xls
    2016-06-01 08:50 - 2016-06-01 08:50 - 00002930 _____ C:\Users\Owner\Documents\State st list.csv
    2016-06-01 08:46 - 2016-06-01 08:46 - 00032347 _____ C:\Users\Owner\Documents\Jefferson labels.pdf
    2016-06-01 08:45 - 2016-06-17 15:16 - 00043520 _____ C:\Users\Owner\Documents\Jefferson mail out.xls
    2016-06-01 08:43 - 2016-06-01 08:44 - 00007249 _____ C:\Users\Owner\Documents\Jefferson DR. list.csv
    2016-06-01 08:21 - 2016-06-01 08:21 - 00022528 _____ C:\Users\Owner\Documents\Rue Chateau.xls
    2016-06-01 08:18 - 2016-06-01 08:18 - 00000339 _____ C:\Users\Owner\Documents\Rue Chateau.csv
    2016-06-01 08:15 - 2016-06-01 08:15 - 00020039 _____ C:\Users\Owner\Documents\Rue Monet labels.pdf
    2016-06-01 08:12 - 2016-06-01 08:12 - 00023040 _____ C:\Users\Owner\Documents\Rue Monet mail out.xls
    2016-06-01 08:08 - 2016-06-01 08:08 - 00000478 _____ C:\Users\Owner\Documents\Rue Monet list.csv
    2016-06-01 08:00 - 2016-06-01 08:00 - 00031813 _____ C:\Users\Owner\Documents\Rue Chene labels.pdf
    2016-06-01 07:54 - 2016-06-01 07:54 - 00034816 _____ C:\Users\Owner\Documents\Rue Chene mail out excel temp.xlt
    2016-06-01 07:51 - 2016-06-01 07:51 - 00034816 _____ C:\Users\Owner\Documents\Rue Chene mail out workbook.xls
    2016-06-01 07:48 - 2016-06-01 07:49 - 00014380 _____ C:\Users\Owner\Documents\Rue Chene mail out-3.xltx
    2016-06-01 07:27 - 2016-06-01 07:27 - 00032996 _____ C:\Users\Owner\Documents\Rue Maison labels.pdf
    2016-06-01 07:24 - 2016-06-01 07:24 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list-2.csv
    2016-06-01 07:22 - 2016-06-01 07:22 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list.csv
    2016-06-01 07:21 - 2016-06-01 07:21 - 00040960 _____ C:\Users\Owner\Documents\Rue Masion mail out.xls
    2016-06-01 07:07 - 2016-06-01 07:07 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list csv.csv
    2016-06-01 06:50 - 2016-06-01 06:51 - 00039936 _____ C:\Users\Owner\Documents\Rue chene list.xls
    2016-06-01 06:48 - 2016-06-01 06:51 - 00006121 _____ C:\Users\Owner\Documents\Rue Chene mail out.csv
    2016-05-31 12:25 - 2016-05-31 12:25 - 00142784 _____ C:\Users\Owner\Documents\Client list updated 5-31-16.csv
    2016-05-31 11:58 - 2016-06-01 06:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SendBlaster3
    2016-05-31 11:58 - 2016-05-31 11:58 - 00000000 ____D C:\Users\Owner\Documents\SendBlaster3
    2016-05-23 17:39 - 2016-05-23 17:39 - 00017163 _____ C:\Users\Owner\Documents\MatrixContacts.CSV
    2016-05-23 17:38 - 2016-05-23 17:55 - 00017005 _____ C:\Users\Owner\Documents\MLS contact list.csv
    2016-05-22 08:51 - 2016-05-22 08:51 - 00077874 _____ C:\Users\Owner\Documents\Smart start drivers ed receipt.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-21 18:43 - 2015-08-18 14:14 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job
    2016-06-21 18:18 - 2013-02-18 15:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-21 18:17 - 2013-02-18 21:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-06-21 18:12 - 2015-08-18 14:14 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job
    2016-06-21 17:43 - 2009-07-13 23:45 - 00029120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-21 17:43 - 2009-07-13 23:45 - 00029120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-21 17:39 - 2009-07-14 00:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-06-21 17:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2016-06-21 17:35 - 2014-06-18 13:12 - 00479440 _____ C:\Windows\ntbtlog.txt
    2016-06-21 17:34 - 2013-02-18 15:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-21 17:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-21 17:31 - 2016-01-07 13:04 - 00000000 ____D C:\Windows\pss
    2016-06-21 16:26 - 2013-02-17 15:45 - 00129968 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-06-21 16:24 - 2009-07-13 23:45 - 00458896 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-06-21 13:55 - 2009-07-13 21:34 - 00000439 _____ C:\Windows\win.ini
    2016-06-21 13:51 - 2014-02-27 10:15 - 00782510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-06-20 19:58 - 2013-04-03 09:20 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2016-06-20 14:00 - 2013-02-19 23:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PrimoPDF
    2016-06-19 17:20 - 2011-05-05 05:14 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2016-06-19 17:20 - 2010-07-11 20:28 - 00086352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
    2016-06-18 14:24 - 2015-12-21 15:21 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-18 14:24 - 2015-12-21 15:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-06-17 19:47 - 2013-06-08 21:39 - 00000085 _____ C:\Windows\ImportClient.INI
    2016-06-17 19:47 - 2013-06-08 21:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nitro PDF
    2016-06-17 19:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
    2016-06-17 07:26 - 2013-02-18 13:53 - 00000000 ____D C:\ProgramData\WRData
    2016-06-16 20:49 - 2015-09-22 12:34 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2016-06-16 20:48 - 2016-02-06 12:13 - 00000000 ____D C:\ProgramData\Freemake
    2016-06-16 20:47 - 2016-04-20 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
    2016-06-16 20:47 - 2016-04-20 06:10 - 00000000 ____D C:\Program Files (x86)\iMobie
    2016-06-16 19:48 - 2013-02-27 14:58 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2016-06-15 22:39 - 2014-08-30 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2016-06-15 22:39 - 2014-08-30 10:02 - 00000000 ____D C:\Program Files (x86)\Wondershare
    2016-06-15 21:07 - 2015-12-10 16:18 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp
    2016-06-15 20:57 - 2013-02-18 22:30 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\LastPass
    2016-06-15 19:19 - 2009-07-13 21:34 - 00000828 _____ C:\Windows\system32\Drivers\etc\hosts_bak_815
    2016-06-15 11:23 - 2015-03-31 11:23 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job
    2016-06-02 10:58 - 2016-02-04 20:31 - 00709120 _____ C:\Users\Owner\Documents\WHIP ST SITE.sig
    2016-06-02 10:54 - 2015-10-09 13:23 - 01459200 _____ C:\Users\Owner\Documents\DURBIN RD SITE.sig
    2016-06-02 10:50 - 2015-10-09 13:26 - 02203648 _____ C:\Users\Owner\Documents\SHELLY ST SITE.sig
    2016-06-01 09:19 - 2014-05-22 13:26 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2016-06-01 09:19 - 2014-05-22 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-05-23 08:47 - 2016-05-03 12:49 - 03495424 _____ C:\Users\Owner\Documents\announcement card.pcr

    ==================== Files in the root of some directories =======

    2016-05-11 12:59 - 2016-05-11 12:59 - 0000000 _____ () C:\Program Files (x86)\GUT3615.tmp
    2013-12-05 10:27 - 2013-12-05 10:27 - 49940480 _____ () C:\Program Files (x86)\GUT7A73.tmp
    2016-02-01 21:20 - 2016-02-01 21:20 - 6871040 _____ () C:\Program Files (x86)\GUTA6F1.tmp
    2013-06-18 10:59 - 2014-06-03 13:59 - 0003738 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    2014-06-11 06:45 - 2016-06-15 20:44 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2015-09-16 11:12 - 2016-02-06 18:29 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-07-14 18:44 - 2013-07-14 18:44 - 0001465 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
    2016-04-12 14:14 - 2016-04-12 14:14 - 0000000 _____ () C:\Users\Owner\AppData\Local\{D0F9E2AA-C4FD-49F7-86F5-E2944F1F0250}
    2016-06-15 12:05 - 2016-06-15 12:08 - 0001545 _____ () C:\ProgramData\1466010261.1248.bin
    2016-06-15 12:04 - 2016-06-15 12:16 - 0189211 _____ () C:\ProgramData\1466010261.1352.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 0014645 _____ () C:\ProgramData\1466010261.3904.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 0001090 _____ () C:\ProgramData\1466010261.4184.bin
    2016-06-15 12:04 - 2016-06-15 12:16 - 0233409 _____ () C:\ProgramData\1466010261.4764.bin
    2016-06-15 12:05 - 2016-06-15 12:09 - 0017164 _____ () C:\ProgramData\1466010261.4824.bin
    2016-06-15 12:09 - 2016-06-15 12:09 - 0002321 _____ () C:\ProgramData\1466010261.5560.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 0001090 _____ () C:\ProgramData\1466010261.5604.bin
    2016-06-15 12:04 - 2016-06-15 12:15 - 0015069 _____ () C:\ProgramData\1466010261.5776.bin
    2016-06-15 12:05 - 2016-06-15 12:44 - 0159876 _____ () C:\ProgramData\1466010261.6104.bin
    2016-06-15 12:05 - 2016-06-15 12:05 - 0002342 _____ () C:\ProgramData\1466010261.6108.bin
    2016-06-15 13:01 - 2016-06-15 13:02 - 0008241 _____ () C:\ProgramData\1466013653.1532.bin
    2016-06-15 13:00 - 2016-06-15 13:02 - 0002124 _____ () C:\ProgramData\1466013653.3208.bin
    2016-06-15 13:00 - 2016-06-15 19:21 - 0093781 _____ () C:\ProgramData\1466013653.3504.bin
    2016-06-15 13:00 - 2016-06-15 13:01 - 0000930 _____ () C:\ProgramData\1466013653.5456.bin
    2016-06-15 21:40 - 2016-06-15 21:40 - 0026961 _____ () C:\ProgramData\1466044838.bdinstall.bin
    2016-06-15 21:42 - 2016-06-15 21:42 - 0026961 _____ () C:\ProgramData\1466044942.bdinstall.bin
    2016-06-15 21:48 - 2016-06-15 21:48 - 0026961 _____ () C:\ProgramData\1466045325.bdinstall.bin
    2016-06-19 08:42 - 2016-06-19 08:42 - 0026961 _____ () C:\ProgramData\1466343763.bdinstall.bin
    2016-06-19 08:44 - 2016-06-19 08:44 - 0026961 _____ () C:\ProgramData\1466343840.bdinstall.bin

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-06-17 08:58

    ==================== End of FRST.txt ============================


    • 0

    #82
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    I don't see in Malware where we are???


    • 0

    #83
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
    Ran by Owner (2016-06-21 18:46:27)
    Running from C:\Users\Owner\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2013-02-17 20:05:51)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2621123606-1971745821-2970127776-500 - Administrator - Disabled)
    Guest (S-1-5-21-2621123606-1971745821-2970127776-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2621123606-1971745821-2970127776-1002 - Limited - Enabled)
    Owner (S-1-5-21-2621123606-1971745821-2970127776-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ACI Forms Client (HKLM-x32\...\{0C989B91-B900-4CC1-BBF6-3A3E7614487C}) (Version: 2.08.024 - ACI)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
    AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Better-Search Updater Service (HKLM-x32\...\WNLT) (Version: 5.1.4.1 - ) <==== ATTENTION
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
    Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
    CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    EaseUS MobiSaver 5.0 (HKLM-x32\...\EaseUS MobiSaver 5.0_is1) (Version:  - EaseUS)
    Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    GoToMeeting 7.9.1.4340 (HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\GoToMeeting) (Version: 7.9.1.4340 - CitrixOnline)
    HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
    HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E94AE378-725A-41FF-BA24-397469D27FC8}) (Version: 1.3.0 - HP)
    Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
    LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog) Hidden
    LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
    Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
    Microsoft Office XP Media Content Deluxe (HKLM-x32\...\{90350409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
    Microsoft Publisher 2002 (HKLM-x32\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
    Nitro Pro 9 (HKLM-x32\...\{5d48b872-0053-4f83-b74c-577d3ffe2f2f}) (Version: 9.0.4.5 - Nitro)
    Nitro Pro 9 (Version: 9.0.4.5 - Nitro) Hidden
    Nitro Reader 3 (HKLM\...\{3C1F302A-CC25-488D-9C24-A76B95BC916F}) (Version: 3.0.6.3 - Nitro)
    PCActivator (HKLM\...\PCActivator) (Version: 1.0 - AB eCommerce)
    PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
    PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
    PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
    Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
    Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
    ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.19 - ShopAtHome.com) <==== ATTENTION
    Smilebox (HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 Version: 1.0.0.26929 - Smilebox, Inc.) Hidden
    Smilebox Bundle (HKLM-x32\...\Smilebox Bundle) (Version: 2.0.0.3 - Perion Network Ltd.)
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    The Print Shop 12 (HKLM-x32\...\{3DD1FE66-5536-41E3-B786-70068887B3F4}) (Version:  - )
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.3 - Tweaking.com)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{D31032BD-B70C-4E1E-8BE3-0B870A910983}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.31 - NCH Software)
    WebEx Training Manager for Internet Explorer (HKLM-x32\...\{D69DD1C9-A051-4526-B774-31FB69401167}) (Version: 29.2.0.23 - Cisco WebEx LLC)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version:  - windows-movie-maker.org)
    Wondershare Dr.Fone for Android(Build 4.8.2.142) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.2.142 - Wondershare Software Co.,Ltd.)
    Wondershare Dr.Fone for iOS(Build 4.8.0.7) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.8.0.7 - Wondershare Software Co.,Ltd.)
    Wondershare DVD Slideshow Builder Deluxe(Build 6.5.0.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.5.0.0 - Wondershare Software Co.,Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2BDB373C-9C01-4582-98F5-7E9886547AC9} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {30148679-6C85-44E2-971B-7631FF0F6BC6} - System32\Tasks\{AED8D1F9-A1DB-4C8B-A0B4-D8E013F3221D} => pcalua.exe -a "C:\Users\Owner\Downloads\FMOL4630_2012 (1).exe" -d C:\Users\Owner\Desktop
    Task: {4D0D7202-8CCE-42C3-A3F6-0B81C74EA391} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {52C3EB55-2C1E-4286-963F-D45FA821F2AB} - System32\Tasks\{9FF37891-F19D-4EF1-87E7-691E2D6142FF} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8II7HNS5\FMOL4630_2012 (1).exe" -d C:\Users\Owner\Desktop
    Task: {5C056C90-4865-45BA-A924-5716C6527D6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {97CE9277-786F-451A-A1AD-781F79512B7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {A0D1E2A8-BF5A-4481-BFED-6AB44C44BDF6} - System32\Tasks\{DE004A50-38BA-41C8-BCE4-E334E5407E37} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8II7HNS5\FMOL4630_2012.exe" -d C:\Users\Owner\Desktop
    Task: {A6AE9853-63FB-4519-A48F-C803DCBFEE31} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {AA4B0063-FFE7-4FE8-B504-0D9748BC44BC} - System32\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupdate.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {AE9E50B8-CCC5-4106-8005-F166D79B81B8} - System32\Tasks\{396588E5-4E8C-4AE4-BAC7-AE3EF88FEEEE} => Chrome.exe
    Task: {C30D9A48-7A10-40CD-898A-A7B70EA8F4B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {CCC38634-0FAB-4FBC-8372-8E88C0D706F3} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
    Task: {E084C0BF-340F-4006-98AA-DB3539C1C736} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
    Task: {FC4D6779-F9A5-4413-92F7-3AB67D4671EE} - System32\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4340\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Owner\Documents\Desktop Items\Formulator Online.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.formulatoronline.com/Login/
    ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Formulator Online.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.formulatoronline.com/Login/

    ==================== Loaded Modules (Whitelisted) ==============

    2014-09-08 21:08 - 2012-09-29 13:25 - 00409088 _____ () C:\Windows\System32\HPM1210LM.DLL
    2013-02-24 20:55 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
    2013-02-19 23:27 - 2009-12-20 20:42 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
    2014-09-08 21:08 - 2012-09-29 13:25 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
    2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-02-17 15:15 - 2011-10-21 11:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-08-11 19:47 - 2014-08-11 19:46 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2014-08-11 19:47 - 2014-08-11 19:46 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
    2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
    2014-08-30 10:02 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2014-08-30 10:02 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\dataquick.com -> hxxps://valuations.dataquick.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\equi-trax.com -> hxxps://www.equi-trax.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\formulatoronline.com -> hxxps://www.formulatoronline.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\google.com -> hxxps://www.google.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\mlxchange.com -> nom.mlxchange.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\parlogic.com -> hxxp://parlogic.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\parlogic.com -> hxxps://parlogic.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\pay4mycollege.com -> hxxp://www.pay4mycollege.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\petraharperrealestate.com -> hxxps://www.petraharperrealestate.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2016-06-21 13:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 71.10.216.1 - 71.10.216.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    MSCONFIG\startupreg: TotalRecipeSearch AppIntegrator 32-bit => C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator.exe
    MSCONFIG\startupreg: TotalRecipeSearch Search Scope Monitor => "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9D03E964-8E44-46C0-A80D-F5585699466F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{75603E24-C9A9-4C6E-BEF7-A1F3858639DA}] => (Allow) LPort=2869
    FirewallRules: [{6686322D-4A55-4E14-996D-4236B97A6590}] => (Allow) LPort=1900
    FirewallRules: [{25333F2D-7490-4DE2-8D1B-2E29A9333798}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6D0289FC-CB13-4A8E-B81B-A214AC2839A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1BD56826-9D63-470D-8991-B2893CB5AFEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{8CEEF098-CB7B-432D-87AD-4FFBBD07B550}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{38296858-88A4-43A4-85CB-29FD0905BA6B}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
    FirewallRules: [TCP Query User{1A3D4C62-13F1-4D63-B081-A72A8605E657}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
    FirewallRules: [UDP Query User{D064E681-3167-40E6-9C56-896F3901DB28}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
    FirewallRules: [{FF91484B-8074-4170-8A9C-822DA8E96995}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{F0DAB5A5-D5FE-47DB-B87A-F6C359630227}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{557ED65F-CF3B-4492-AB3E-CFED57454007}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{EB229072-1C03-495B-90D8-80387D9F2544}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{280D002D-7F94-46BD-88DE-0112387B20F4}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{827751D3-263A-49D4-817A-0249988E5AF7}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{D2DC3E32-9E36-42C0-8BD3-7E650F7A46FD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{F3ADCF4C-5D84-495E-A32B-9E448E5D15CD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [TCP Query User{E182E2F4-F773-4DBA-A51F-EEF60C50E6D8}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
    FirewallRules: [UDP Query User{1F95E160-AB11-4B06-9F74-9642EAC469AE}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
    FirewallRules: [{315FE8C6-CB36-4DB5-93F3-C05CE33FEBCD}] => (Allow) C:\Users\Owner\AppData\Local\Temp\Speedmax.exe
    FirewallRules: [{50BDE0CF-E37A-4593-A1D7-8BAC9A913096}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{7FA1A982-633B-4CC5-89FD-1323F839D575}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{F09F6888-21FE-48AB-BD7D-7DC08A04690F}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{2A4CDE82-98BA-4338-934C-80A4F9A948B2}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{DA6060E9-1DA0-40DF-80EE-1A1E11E94296}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{54A05844-936D-482A-93B2-7CC579C92867}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS59BB\EasyInst64.exe
    FirewallRules: [{96DCD741-7F60-40CC-8145-D72F87B0E578}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS59BB\EasyInst64.exe
    FirewallRules: [{BECF7261-016C-4020-89ED-173DF56A1BDC}] => (Allow) LPort=9100
    FirewallRules: [{A307E204-3F1F-41D8-9CEC-A6604C780312}] => (Allow) LPort=427
    FirewallRules: [{B9213D49-142B-42C0-AAC3-77BFB9D0E13C}] => (Allow) LPort=161
    FirewallRules: [{1F2B6469-5C5C-4276-91E7-277673817E19}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6F22\EasyInst64.exe
    FirewallRules: [{F32F9F5B-6B85-4D7B-86FE-CEF3B2DA1A0A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6F22\EasyInst64.exe
    FirewallRules: [{8741BFCC-579D-4C10-8129-CBE866D40ED8}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS5748\EasyInst64.exe
    FirewallRules: [{CA55CDDF-A5FB-4EFC-B7F7-62876D8A71B6}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS5748\EasyInst64.exe
    FirewallRules: [{3913CB44-9975-45D2-A431-420348B9EFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A73B46A6-4039-4F5C-B15B-A9B952DEFBFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F9C7E644-6DF8-4BEC-9363-D9368E84088F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C01D54FB-59B1-4032-87C1-38872AB73FF8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0BE9B6D7-E4FA-49D4-9720-2E7854131AC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{7849432C-F97F-42B3-A46F-5338FEB1D838}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/21/2016 04:25:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (06/21/2016 04:25:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (06/21/2016 02:00:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Owner-PC)
    Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

    Error: (06/21/2016 02:00:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Owner-PC)
    Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

    Error: (06/21/2016 12:55:16 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c).

    Error: (06/21/2016 12:54:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/21/2016 12:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/21/2016 12:34:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/21/2016 12:13:41 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
    .

    Operation:
       Set Snapshot Context

    Context:
       Execution Context: Requestor

    Error: (06/21/2016 12:13:41 PM) (Source: VSS) (EventID: 22) (User: )
    Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
    This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
    The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered
    ].

    Operation:
       Set Snapshot Context

    Context:
       Execution Context: Requestor

    System errors:
    =============
    Error: (06/21/2016 05:37:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (06/21/2016 05:37:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

    Error: (06/21/2016 05:35:33 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (06/21/2016 05:34:01 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/21/2016 05:29:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (06/21/2016 05:29:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

    Error: (06/21/2016 05:26:39 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/21/2016 04:27:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (06/21/2016 04:27:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

    Error: (06/21/2016 04:24:00 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
    Percentage of memory in use: 56%
    Total physical RAM: 4004.27 MB
    Available physical RAM: 1725.77 MB
    Total Virtual: 8006.75 MB
    Available Virtual: 5969.38 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:231.39 GB) NTFS
    Drive e: () (Removable) (Total:14.91 GB) (Free:11.15 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2719CE2A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================


    • 0

    #84
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
    Ran by Owner (2016-06-21 18:46:27)
    Running from C:\Users\Owner\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2013-02-17 20:05:51)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2621123606-1971745821-2970127776-500 - Administrator - Disabled)
    Guest (S-1-5-21-2621123606-1971745821-2970127776-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2621123606-1971745821-2970127776-1002 - Limited - Enabled)
    Owner (S-1-5-21-2621123606-1971745821-2970127776-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ACI Forms Client (HKLM-x32\...\{0C989B91-B900-4CC1-BBF6-3A3E7614487C}) (Version: 2.08.024 - ACI)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
    AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Better-Search Updater Service (HKLM-x32\...\WNLT) (Version: 5.1.4.1 - ) <==== ATTENTION
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
    Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
    CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    EaseUS MobiSaver 5.0 (HKLM-x32\...\EaseUS MobiSaver 5.0_is1) (Version:  - EaseUS)
    Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    GoToMeeting 7.9.1.4340 (HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\GoToMeeting) (Version: 7.9.1.4340 - CitrixOnline)
    HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
    HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E94AE378-725A-41FF-BA24-397469D27FC8}) (Version: 1.3.0 - HP)
    Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
    LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog) Hidden
    LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
    Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
    Microsoft Office XP Media Content Deluxe (HKLM-x32\...\{90350409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
    Microsoft Publisher 2002 (HKLM-x32\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
    Nitro Pro 9 (HKLM-x32\...\{5d48b872-0053-4f83-b74c-577d3ffe2f2f}) (Version: 9.0.4.5 - Nitro)
    Nitro Pro 9 (Version: 9.0.4.5 - Nitro) Hidden
    Nitro Reader 3 (HKLM\...\{3C1F302A-CC25-488D-9C24-A76B95BC916F}) (Version: 3.0.6.3 - Nitro)
    PCActivator (HKLM\...\PCActivator) (Version: 1.0 - AB eCommerce)
    PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
    PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
    PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
    Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
    Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
    ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.19 - ShopAtHome.com) <==== ATTENTION
    Smilebox (HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 Version: 1.0.0.26929 - Smilebox, Inc.) Hidden
    Smilebox Bundle (HKLM-x32\...\Smilebox Bundle) (Version: 2.0.0.3 - Perion Network Ltd.)
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    The Print Shop 12 (HKLM-x32\...\{3DD1FE66-5536-41E3-B786-70068887B3F4}) (Version:  - )
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.3 - Tweaking.com)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{D31032BD-B70C-4E1E-8BE3-0B870A910983}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.31 - NCH Software)
    WebEx Training Manager for Internet Explorer (HKLM-x32\...\{D69DD1C9-A051-4526-B774-31FB69401167}) (Version: 29.2.0.23 - Cisco WebEx LLC)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version:  - windows-movie-maker.org)
    Wondershare Dr.Fone for Android(Build 4.8.2.142) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.2.142 - Wondershare Software Co.,Ltd.)
    Wondershare Dr.Fone for iOS(Build 4.8.0.7) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.8.0.7 - Wondershare Software Co.,Ltd.)
    Wondershare DVD Slideshow Builder Deluxe(Build 6.5.0.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.5.0.0 - Wondershare Software Co.,Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2BDB373C-9C01-4582-98F5-7E9886547AC9} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {30148679-6C85-44E2-971B-7631FF0F6BC6} - System32\Tasks\{AED8D1F9-A1DB-4C8B-A0B4-D8E013F3221D} => pcalua.exe -a "C:\Users\Owner\Downloads\FMOL4630_2012 (1).exe" -d C:\Users\Owner\Desktop
    Task: {4D0D7202-8CCE-42C3-A3F6-0B81C74EA391} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {52C3EB55-2C1E-4286-963F-D45FA821F2AB} - System32\Tasks\{9FF37891-F19D-4EF1-87E7-691E2D6142FF} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8II7HNS5\FMOL4630_2012 (1).exe" -d C:\Users\Owner\Desktop
    Task: {5C056C90-4865-45BA-A924-5716C6527D6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {97CE9277-786F-451A-A1AD-781F79512B7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {A0D1E2A8-BF5A-4481-BFED-6AB44C44BDF6} - System32\Tasks\{DE004A50-38BA-41C8-BCE4-E334E5407E37} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8II7HNS5\FMOL4630_2012.exe" -d C:\Users\Owner\Desktop
    Task: {A6AE9853-63FB-4519-A48F-C803DCBFEE31} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {AA4B0063-FFE7-4FE8-B504-0D9748BC44BC} - System32\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupdate.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {AE9E50B8-CCC5-4106-8005-F166D79B81B8} - System32\Tasks\{396588E5-4E8C-4AE4-BAC7-AE3EF88FEEEE} => Chrome.exe
    Task: {C30D9A48-7A10-40CD-898A-A7B70EA8F4B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {CCC38634-0FAB-4FBC-8372-8E88C0D706F3} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
    Task: {E084C0BF-340F-4006-98AA-DB3539C1C736} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
    Task: {FC4D6779-F9A5-4413-92F7-3AB67D4671EE} - System32\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4340\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Owner\Documents\Desktop Items\Formulator Online.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.formulatoronline.com/Login/
    ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Formulator Online.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.formulatoronline.com/Login/

    ==================== Loaded Modules (Whitelisted) ==============

    2014-09-08 21:08 - 2012-09-29 13:25 - 00409088 _____ () C:\Windows\System32\HPM1210LM.DLL
    2013-02-24 20:55 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
    2013-02-19 23:27 - 2009-12-20 20:42 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
    2014-09-08 21:08 - 2012-09-29 13:25 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
    2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-02-17 15:15 - 2011-10-21 11:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-08-11 19:47 - 2014-08-11 19:46 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2014-08-11 19:47 - 2014-08-11 19:46 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
    2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
    2014-08-30 10:02 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2014-08-30 10:02 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\dataquick.com -> hxxps://valuations.dataquick.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\equi-trax.com -> hxxps://www.equi-trax.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\formulatoronline.com -> hxxps://www.formulatoronline.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\google.com -> hxxps://www.google.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\mlxchange.com -> nom.mlxchange.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\parlogic.com -> hxxp://parlogic.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\parlogic.com -> hxxps://parlogic.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\pay4mycollege.com -> hxxp://www.pay4mycollege.com
    IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\petraharperrealestate.com -> hxxps://www.petraharperrealestate.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2016-06-21 13:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 71.10.216.1 - 71.10.216.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    MSCONFIG\startupreg: TotalRecipeSearch AppIntegrator 32-bit => C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator.exe
    MSCONFIG\startupreg: TotalRecipeSearch Search Scope Monitor => "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9D03E964-8E44-46C0-A80D-F5585699466F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{75603E24-C9A9-4C6E-BEF7-A1F3858639DA}] => (Allow) LPort=2869
    FirewallRules: [{6686322D-4A55-4E14-996D-4236B97A6590}] => (Allow) LPort=1900
    FirewallRules: [{25333F2D-7490-4DE2-8D1B-2E29A9333798}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6D0289FC-CB13-4A8E-B81B-A214AC2839A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1BD56826-9D63-470D-8991-B2893CB5AFEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{8CEEF098-CB7B-432D-87AD-4FFBBD07B550}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{38296858-88A4-43A4-85CB-29FD0905BA6B}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
    FirewallRules: [TCP Query User{1A3D4C62-13F1-4D63-B081-A72A8605E657}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
    FirewallRules: [UDP Query User{D064E681-3167-40E6-9C56-896F3901DB28}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
    FirewallRules: [{FF91484B-8074-4170-8A9C-822DA8E96995}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{F0DAB5A5-D5FE-47DB-B87A-F6C359630227}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{557ED65F-CF3B-4492-AB3E-CFED57454007}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{EB229072-1C03-495B-90D8-80387D9F2544}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{280D002D-7F94-46BD-88DE-0112387B20F4}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{827751D3-263A-49D4-817A-0249988E5AF7}] => (Allow) C:\Windows\System32\dmwu.exe
    FirewallRules: [{D2DC3E32-9E36-42C0-8BD3-7E650F7A46FD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [{F3ADCF4C-5D84-495E-A32B-9E448E5D15CD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
    FirewallRules: [TCP Query User{E182E2F4-F773-4DBA-A51F-EEF60C50E6D8}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
    FirewallRules: [UDP Query User{1F95E160-AB11-4B06-9F74-9642EAC469AE}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
    FirewallRules: [{315FE8C6-CB36-4DB5-93F3-C05CE33FEBCD}] => (Allow) C:\Users\Owner\AppData\Local\Temp\Speedmax.exe
    FirewallRules: [{50BDE0CF-E37A-4593-A1D7-8BAC9A913096}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{7FA1A982-633B-4CC5-89FD-1323F839D575}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{F09F6888-21FE-48AB-BD7D-7DC08A04690F}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{2A4CDE82-98BA-4338-934C-80A4F9A948B2}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{DA6060E9-1DA0-40DF-80EE-1A1E11E94296}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{54A05844-936D-482A-93B2-7CC579C92867}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS59BB\EasyInst64.exe
    FirewallRules: [{96DCD741-7F60-40CC-8145-D72F87B0E578}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS59BB\EasyInst64.exe
    FirewallRules: [{BECF7261-016C-4020-89ED-173DF56A1BDC}] => (Allow) LPort=9100
    FirewallRules: [{A307E204-3F1F-41D8-9CEC-A6604C780312}] => (Allow) LPort=427
    FirewallRules: [{B9213D49-142B-42C0-AAC3-77BFB9D0E13C}] => (Allow) LPort=161
    FirewallRules: [{1F2B6469-5C5C-4276-91E7-277673817E19}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6F22\EasyInst64.exe
    FirewallRules: [{F32F9F5B-6B85-4D7B-86FE-CEF3B2DA1A0A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6F22\EasyInst64.exe
    FirewallRules: [{8741BFCC-579D-4C10-8129-CBE866D40ED8}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS5748\EasyInst64.exe
    FirewallRules: [{CA55CDDF-A5FB-4EFC-B7F7-62876D8A71B6}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS5748\EasyInst64.exe
    FirewallRules: [{3913CB44-9975-45D2-A431-420348B9EFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A73B46A6-4039-4F5C-B15B-A9B952DEFBFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F9C7E644-6DF8-4BEC-9363-D9368E84088F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C01D54FB-59B1-4032-87C1-38872AB73FF8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0BE9B6D7-E4FA-49D4-9720-2E7854131AC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{7849432C-F97F-42B3-A46F-5338FEB1D838}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/21/2016 04:25:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (06/21/2016 04:25:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (06/21/2016 02:00:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Owner-PC)
    Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

    Error: (06/21/2016 02:00:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Owner-PC)
    Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

    Error: (06/21/2016 12:55:16 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c).

    Error: (06/21/2016 12:54:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/21/2016 12:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/21/2016 12:34:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/21/2016 12:13:41 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
    .

    Operation:
       Set Snapshot Context

    Context:
       Execution Context: Requestor

    Error: (06/21/2016 12:13:41 PM) (Source: VSS) (EventID: 22) (User: )
    Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
    This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
    The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered
    ].

    Operation:
       Set Snapshot Context

    Context:
       Execution Context: Requestor

    System errors:
    =============
    Error: (06/21/2016 05:37:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (06/21/2016 05:37:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

    Error: (06/21/2016 05:35:33 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (06/21/2016 05:34:01 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/21/2016 05:29:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (06/21/2016 05:29:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

    Error: (06/21/2016 05:26:39 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/21/2016 04:27:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (06/21/2016 04:27:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

    Error: (06/21/2016 04:24:00 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
    Percentage of memory in use: 56%
    Total physical RAM: 4004.27 MB
    Available physical RAM: 1725.77 MB
    Total Virtual: 8006.75 MB
    Available Virtual: 5969.38 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:231.39 GB) NTFS
    Drive e: () (Removable) (Total:14.91 GB) (Free:11.15 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2719CE2A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================


    • 0

    #85
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    Is that it? I hope


    • 0

    Advertisements


    #86
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   14.12KB   33 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  
     
    Post both logs.Run VEW again as before

    • 0

    #87
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    Ok after the first one, it made me restart so where do I find the log?  Should I redo it?


    • 0

    #88
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    I see one on my desktop, but is that from a previous scan?


    • 0

    #89
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Logs are going to be in the same folder.  There should be a fixlog on your desktop. 


    • 0

    #90
    pharper

    pharper

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
    Ran by Owner (2016-06-21 19:34:20) Run:1
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
    HKLM-x32\...\Run: [TotalRecipeSearch AppIntegrator 64-bit] => C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: {50323b00-37c4-11e4-9ced-642737d5d080} - F:\SISetup.exe
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\MountPoints2: {ad525c50-947d-11e4-ab12-642737d5d080} - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-18\...\MountPoints2: {41a03fc7-794d-11e2-a46f-806e6f6e6963} - D:\autorun\autorun.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.better-search.net/?src=10&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    URLSearchHook: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
    SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    SearchScopes: HKLM-x32 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm002^YYA^us&si=CLrphrX90sQCFUkV7Aodl2AAlQ&ptb=5A785AAE-2D0E-49A8-9E53-B3436A7B3060&psa=&ind=2015121016&st=sb&n=781c4e78&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1523565419430232516
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {6C0974F6-1FBF-46DD-BDAB-45D64D1820A9} URL = hxxp://isearch.shopathome.com?user_id={458A9901-D9EB-4901-859E-FE7E3A9CEFD9}&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={450FC2CC-16FD-45C0-BB01-D0680A2C5660}&mid=8cfabf364223465b9d085326c40d5531-3c99ef7a0cb711bf815f2b310182d50dffe50bcb&lang=en&ds=pl011&coid=avgtbdispl&cmpid=&pr=sa&d=2013-03-25 22:24:54&v=18.1.6.542&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {A62CED7B-EBAB-4C11-AE8C-28EC7202B190} URL = hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.24.1.53&apn_uid=749EB898-4B1A-4688-89BB-94CA36C47CDD&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17496&doi=2015-02-12&trgb=IE&q={searchTerms}&psv=&pt=tb
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm002^YYA^us&si=CLrphrX90sQCFUkV7Aodl2AAlQ&ptb=5A785AAE-2D0E-49A8-9E53-B3436A7B3060&psa=&ind=2015121016&st=sb&n=781c4e78&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
    BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO-x32: ShopAtHome.com Cash Back Helper -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll => No File
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
    BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll [2014-08-25] (AVG Secure Search)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll [2014-08-25] (AVG Secure Search)
    Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll No File
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} -  No File
    DPF: HKLM-x32 {0D859AF0-C75E-11D4-B760-00E0B81077E8} hxxp://nom.mlxchange.com/5.11.05.35382/Control/FileCruiser.cab
    DPF: HKLM-x32 {145BB11A-44CA-4162-A572-D430131C352C} hxxps://www.bpofulfillment.com/WebResource.axd?d=irnzSshckJSveKJAiGfl2GHjY_wfo-IqK7dbJATIbCCXZ3MCZcsUDrWprfmLR--q8j2ZUJJfZhf7v2Htv9YV6sGAPWtn4Ipbhg_-xfRzy1k_3Ykw-ER7zzTSCRMsnkZYdfibfoHAuzAJBQAUwQyBq4UHQka0XIS-sWNyC0z52f81&t=634830530040000000
    DPF: HKLM-x32 {16FD824B-8E7B-11D2-9855-00802962956C} hxxp://nom.mlxchange.com/5.11.05.35382/Control/Specfile.cab
    DPF: HKLM-x32 {6FD482A3-7B57-438B-B040-52CAA30147EE} hxxp://nom.mlxchange.com/5.11.05.35382/Control/MLSClientUtils.cab
    DPF: HKLM-x32 {73779860-6F88-4D8C-9DAB-30583B9BAAC3} hxxps://www.sttammanyclerk.org/secure/ImageServer/iView2/FileProInet2.CAB
    DPF: HKLM-x32 {78523E50-56EB-11D3-B739-CAA1986A452F} hxxp://nom.mlxchange.com/5.11.05.35382/Control/LiteGrid.cab
    DPF: HKLM-x32 {7A7537FC-5988-11D3-8B33-00104B9E5A4A} hxxp://nom.mlxchange.com/5.11.05.35382/Control/IRCWebPrint.cab
    DPF: HKLM-x32 {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} hxxps://www.bpofulfillment.com/WebResource.axd?d=PUw2-LyUSejzL3Kx-o8EiGQozXrqAyeTvVM5wHg-487X7lkUQnJmhlRcIkzP2DJ1hxXhrHLUYsKsn8YXd9Koptzcx74T_dDKbFqVxXkIYbyNNx3mi1lgd6JflJGwzSp1xMkkQcDSWm5lQQOMfmGyanXgHHqrwWa1KnhgSw5ItwIeTv1uCQcaWz-2xtaLFxp10&t=635126927011905139
    DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxps://secure.clearcapital.com/imageUpload/ImageUploader6.cab
    DPF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://nom.mlxchange.com/5.9.06.33897/Control/IRCSharc.cab
    DPF: HKLM-x32 {B198A72B-B4C3-42B5-B8DA-B364E76429AA} hxxp://nom.mlxchange.com/5.11.05.35382/Control/WebDog.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    DPF: HKLM-x32 {F060A272-A18A-11D3-B75B-00E0B81077E8} hxxp://nom.mlxchange.com/5.11.05.35382/Control/AspCustomCtrls.cab
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\MyStart Search.xml [2014-11-05]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\Powered by Bing.xml [2014-11-18]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\sweetim.xml [2014-03-14]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-25]
    FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted [2015-12-18] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
    FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-25] [not signed]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-03-08] <==== ATTENTION
    CHR HomePage: Default -> hxxp://www.better-search.net/?barid=1523565419430232516&src=10&&st=23&i=998&did=10874
    CHR StartupUrls: Default -> "hxxp://www.better-search.net/?barid=1523565419430232516&src=10&&st=23&i=998&did=10874"
    CHR DefaultSearchURL: Default -> hxxp://www.better-search.net/?src=6&q={searchTerms}&barid=1523565419430232516&&st=23&i=998&did=10874
    CHR DefaultSearchKeyword: Default -> www.better-search.net
    CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found>
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-21] (Just Develop It) [File not signed] <==== ATTENTION
    R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
    U0 SR; no ImagePath
    U2 srservice; no ImagePath
    2016-06-16 21:29 - 2016-06-21 07:20 - 00000099 _____ C:\Windows\Reimage.ini
    2016-06-16 21:29 - 2016-06-16 21:30 - 00000000 ____D C:\Program Files\Reimage
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\rei
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\ProgramData\Reimage Protector
    2016-06-16 21:29 - 2016-06-16 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2016-06-16 20:46 - 2016-06-16 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper
    2013-06-18 10:59 - 2014-06-03 13:59 - 0003738 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    Task: {2BDB373C-9C01-4582-98F5-7E9886547AC9} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {30148679-6C85-44E2-971B-7631FF0F6BC6} - System32\Tasks\{AED8D1F9-A1DB-4C8B-A0B4-D8E013F3221D} => pcalua.exe -a "C:\Users\Owner\Downloads\FMOL4630_2012 (1).exe" -d C:\Users\Owner\Desktop
    Task: {52C3EB55-2C1E-4286-963F-D45FA821F2AB} - System32\Tasks\{9FF37891-F19D-4EF1-87E7-691E2D6142FF} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8II7HNS5\FMOL4630_2012 (1).exe" -d C:\Users\Owner\Desktop
    Task: {A0D1E2A8-BF5A-4481-BFED-6AB44C44BDF6} - System32\Tasks\{DE004A50-38BA-41C8-BCE4-E334E5407E37} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8II7HNS5\FMOL4630_2012.exe" -d C:\Users\Owner\Desktop
    Task: {A6AE9853-63FB-4519-A48F-C803DCBFEE31} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {E084C0BF-340F-4006-98AA-DB3539C1C736} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
    C:\Users\Owner\AppData\Roaming\ShopAtHome
    C:\PROGRA~2\TOTALR~2
    FirewallRules: [{315FE8C6-CB36-4DB5-93F3-C05CE33FEBCD}] => (Allow) C:\Users\Owner\AppData\Local\Temp\Speedmax.exe
    C:\ProgramData\lyricsgizm
    C:\Users\Owner\AppData\Local\Temp\7zS59BB
    FirewallRules: [{50BDE0CF-E37A-4593-A1D7-8BAC9A913096}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{7FA1A982-633B-4CC5-89FD-1323F839D575}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{F09F6888-21FE-48AB-BD7D-7DC08A04690F}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{2A4CDE82-98BA-4338-934C-80A4F9A948B2}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{DA6060E9-1DA0-40DF-80EE-1A1E11E94296}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
    FirewallRules: [{54A05844-936D-482A-93B2-7CC579C92867}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS59BB\EasyInst64.exe
    FirewallRules: [{96DCD741-7F60-40CC-8145-D72F87B0E578}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS59BB\EasyInst64.exe
    FirewallRules: [{BECF7261-016C-4020-89ED-173DF56A1BDC}] => (Allow) LPort=9100
    FirewallRules: [{A307E204-3F1F-41D8-9CEC-A6604C780312}] => (Allow) LPort=427
    FirewallRules: [{B9213D49-142B-42C0-AAC3-77BFB9D0E13C}] => (Allow) LPort=161
    FirewallRules: [{1F2B6469-5C5C-4276-91E7-277673817E19}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6F22\EasyInst64.exe
    FirewallRules: [{F32F9F5B-6B85-4D7B-86FE-CEF3B2DA1A0A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6F22\EasyInst64.exe
    FirewallRules: [{8741BFCC-579D-4C10-8129-CBE866D40ED8}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS5748\EasyInst64.exe
    FirewallRules: [{CA55CDDF-A5FB-4EFC-B7F7-62876D8A71B6}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS5748\EasyInst64.exe
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
    EmptyTemp:

     

     

     

     

     

     

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch AppIntegrator 64-bit => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value removed successfully
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50323b00-37c4-11e4-9ced-642737d5d080}" => key removed successfully
    HKCR\CLSID\{50323b00-37c4-11e4-9ced-642737d5d080} => key not found.
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad525c50-947d-11e4-ab12-642737d5d080}" => key removed successfully
    HKCR\CLSID\{ad525c50-947d-11e4-ab12-642737d5d080} => key not found.
    "HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41a03fc7-794d-11e2-a46f-806e6f6e6963}" => key removed successfully
    HKCR\CLSID\{41a03fc7-794d-11e2-a46f-806e6f6e6963} => key not found.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value removed successfully
    "HKCR\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found.
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C0974F6-1FBF-46DD-BDAB-45D64D1820A9}" => key removed successfully
    HKCR\CLSID\{6C0974F6-1FBF-46DD-BDAB-45D64D1820A9} => key not found.
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
    HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A62CED7B-EBAB-4C11-AE8C-28EC7202B190}" => key removed successfully
    HKCR\CLSID\{A62CED7B-EBAB-4C11-AE8C-28EC7202B190} => key not found.
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => key removed successfully
    HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => key not found.
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => key removed successfully
    HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => key removed successfully
    "HKCR\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
    "HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
    HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => value removed successfully
    "HKCR\Wow6432Node\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
    "HKCR\Wow6432Node\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => key removed successfully
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
    HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => value removed successfully
    HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0D859AF0-C75E-11D4-B760-00E0B81077E8}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{0D859AF0-C75E-11D4-B760-00E0B81077E8}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{145BB11A-44CA-4162-A572-D430131C352C}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{145BB11A-44CA-4162-A572-D430131C352C}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{16FD824B-8E7B-11D2-9855-00802962956C}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{16FD824B-8E7B-11D2-9855-00802962956C}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6FD482A3-7B57-438B-B040-52CAA30147EE}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{6FD482A3-7B57-438B-B040-52CAA30147EE}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{73779860-6F88-4D8C-9DAB-30583B9BAAC3}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{73779860-6F88-4D8C-9DAB-30583B9BAAC3}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{78523E50-56EB-11D3-B739-CAA1986A452F}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{78523E50-56EB-11D3-B739-CAA1986A452F}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7A7537FC-5988-11D3-8B33-00104B9E5A4A}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{7A7537FC-5988-11D3-8B33-00104B9E5A4A}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7ECB1A47-6647-4B2C-A8DA-675569C9FF15}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{7ECB1A47-6647-4B2C-A8DA-675569C9FF15}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{B198A72B-B4C3-42B5-B8DA-B364E76429AA}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{B198A72B-B4C3-42B5-B8DA-B364E76429AA}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{F060A272-A18A-11D3-B75B-00E0B81077E8}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{F060A272-A18A-11D3-B75B-00E0B81077E8}" => key removed successfully
    "HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2" => key removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => moved successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2" => key removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => moved successfully
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\MyStart Search.xml => moved successfully
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\Powered by Bing.xml => moved successfully
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\searchplugins\sweetim.xml => moved successfully
    C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted => moved successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
    C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 => moved successfully
    C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
    Chrome HomePage => removed successfully
    Chrome StartupUrls => removed successfully
    Chrome DefaultSearchURL => removed successfully
    Chrome DefaultSearchKeyword => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab" => key removed successfully
    BackupStack => service removed successfully
    vToolbarUpdater18.1.9 => Service stopped successfully.
    vToolbarUpdater18.1.9 => service removed successfully
    avgtp => Service stopped successfully.
    avgtp => service removed successfully
    SR => service removed successfully
    srservice => service removed successfully
    C:\Windows\Reimage.ini => moved successfully
    C:\Program Files\Reimage => moved successfully
    C:\rei => moved successfully
    C:\ProgramData\Reimage Protector => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper => moved successfully
    C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BDB373C-9C01-4582-98F5-7E9886547AC9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BDB373C-9C01-4582-98F5-7E9886547AC9}" => key removed successfully
    C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - Owner)" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30148679-6C85-44E2-971B-7631FF0F6BC6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30148679-6C85-44E2-971B-7631FF0F6BC6}" => key removed successfully
    C:\Windows\System32\Tasks\{AED8D1F9-A1DB-4C8B-A0B4-D8E013F3221D} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AED8D1F9-A1DB-4C8B-A0B4-D8E013F3221D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52C3EB55-2C1E-4286-963F-D45FA821F2AB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52C3EB55-2C1E-4286-963F-D45FA821F2AB}" => key removed successfully
    C:\Windows\System32\Tasks\{9FF37891-F19D-4EF1-87E7-691E2D6142FF} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FF37891-F19D-4EF1-87E7-691E2D6142FF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0D1E2A8-BF5A-4481-BFED-6AB44C44BDF6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0D1E2A8-BF5A-4481-BFED-6AB44C44BDF6}" => key removed successfully
    C:\Windows\System32\Tasks\{DE004A50-38BA-41C8-BCE4-E334E5407E37} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE004A50-38BA-41C8-BCE4-E334E5407E37}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6AE9853-63FB-4519-A48F-C803DCBFEE31}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6AE9853-63FB-4519-A48F-C803DCBFEE31}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E084C0BF-340F-4006-98AA-DB3539C1C736}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E084C0BF-340F-4006-98AA-DB3539C1C736}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
    C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => moved successfully
    "HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
    "HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Classes\exefile" => key removed successfully
    C:\Users\Owner\AppData\Roaming\ShopAtHome => moved successfully
    "C:\PROGRA~2\TOTALR~2" => not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{315FE8C6-CB36-4DB5-93F3-C05CE33FEBCD} => value removed successfully
    "C:\ProgramData\lyricsgizm" => not found.
    "C:\Users\Owner\AppData\Local\Temp\7zS59BB" => not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50BDE0CF-E37A-4593-A1D7-8BAC9A913096} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FA1A982-633B-4CC5-89FD-1323F839D575} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F09F6888-21FE-48AB-BD7D-7DC08A04690F} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A4CDE82-98BA-4338-934C-80A4F9A948B2} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA6060E9-1DA0-40DF-80EE-1A1E11E94296} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54A05844-936D-482A-93B2-7CC579C92867} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96DCD741-7F60-40CC-8145-D72F87B0E578} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BECF7261-016C-4020-89ED-173DF56A1BDC} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A307E204-3F1F-41D8-9CEC-A6604C780312} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9213D49-142B-42C0-AAC3-77BFB9D0E13C} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F2B6469-5C5C-4276-91E7-277673817E19} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F32F9F5B-6B85-4D7B-86FE-CEF3B2DA1A0A} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8741BFCC-579D-4C10-8129-CBE866D40ED8} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA55CDDF-A5FB-4EFC-B7F7-62876D8A71B6} => value removed successfully

    =========  FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

    ========= End of CMD: =========

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5731853 B
    Java, Flash, Steam htmlcache => 4034 B
    Windows/system/drivers => 8416742 B
    Edge => 0 B
    Chrome => 464064600 B
    Firefox => 25293294 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 75462886 B
    systemprofile32 => 61716305 B
    LocalService => 66228 B
    NetworkService => 902532 B
    Owner => 51922952 B

    RecycleBin => 768960 B
    EmptyTemp: => 670.2 MB temporary data Removed.

    ================================

    The system needed a reboot.

    ==== End of Fixlog 19:34:54 ====


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP