Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Owner (2016-06-21 18:46:27)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-17 20:05:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2621123606-1971745821-2970127776-500 - Administrator - Disabled)
Guest (S-1-5-21-2621123606-1971745821-2970127776-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2621123606-1971745821-2970127776-1002 - Limited - Enabled)
Owner (S-1-5-21-2621123606-1971745821-2970127776-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACI Forms Client (HKLM-x32\...\{0C989B91-B900-4CC1-BBF6-3A3E7614487C}) (Version: 2.08.024 - ACI)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Better-Search Updater Service (HKLM-x32\...\WNLT) (Version: 5.1.4.1 - ) <==== ATTENTION
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS MobiSaver 5.0 (HKLM-x32\...\EaseUS MobiSaver 5.0_is1) (Version: - EaseUS)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.9.1.4340 (HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\GoToMeeting) (Version: 7.9.1.4340 - CitrixOnline)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E94AE378-725A-41FF-BA24-397469D27FC8}) (Version: 1.3.0 - HP)
Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Media Content Deluxe (HKLM-x32\...\{90350409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM-x32\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
Nitro Pro 9 (HKLM-x32\...\{5d48b872-0053-4f83-b74c-577d3ffe2f2f}) (Version: 9.0.4.5 - Nitro)
Nitro Pro 9 (Version: 9.0.4.5 - Nitro) Hidden
Nitro Reader 3 (HKLM\...\{3C1F302A-CC25-488D-9C24-A76B95BC916F}) (Version: 3.0.6.3 - Nitro)
PCActivator (HKLM\...\PCActivator) (Version: 1.0 - AB eCommerce)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.19 - ShopAtHome.com) <==== ATTENTION
Smilebox (HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 Version: 1.0.0.26929 - Smilebox, Inc.) Hidden
Smilebox Bundle (HKLM-x32\...\Smilebox Bundle) (Version: 2.0.0.3 - Perion Network Ltd.)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
The Print Shop 12 (HKLM-x32\...\{3DD1FE66-5536-41E3-B786-70068887B3F4}) (Version: - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.3 - Tweaking.com)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{D31032BD-B70C-4E1E-8BE3-0B870A910983}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.31 - NCH Software)
WebEx Training Manager for Internet Explorer (HKLM-x32\...\{D69DD1C9-A051-4526-B774-31FB69401167}) (Version: 29.2.0.23 - Cisco WebEx LLC)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version: - windows-movie-maker.org)
Wondershare Dr.Fone for Android(Build 4.8.2.142) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.2.142 - Wondershare Software Co.,Ltd.)
Wondershare Dr.Fone for iOS(Build 4.8.0.7) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.8.0.7 - Wondershare Software Co.,Ltd.)
Wondershare DVD Slideshow Builder Deluxe(Build 6.5.0.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.5.0.0 - Wondershare Software Co.,Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2BDB373C-9C01-4582-98F5-7E9886547AC9} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {30148679-6C85-44E2-971B-7631FF0F6BC6} - System32\Tasks\{AED8D1F9-A1DB-4C8B-A0B4-D8E013F3221D} => pcalua.exe -a "C:\Users\Owner\Downloads\FMOL4630_2012 (1).exe" -d C:\Users\Owner\Desktop
Task: {4D0D7202-8CCE-42C3-A3F6-0B81C74EA391} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {52C3EB55-2C1E-4286-963F-D45FA821F2AB} - System32\Tasks\{9FF37891-F19D-4EF1-87E7-691E2D6142FF} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8II7HNS5\FMOL4630_2012 (1).exe" -d C:\Users\Owner\Desktop
Task: {5C056C90-4865-45BA-A924-5716C6527D6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {97CE9277-786F-451A-A1AD-781F79512B7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A0D1E2A8-BF5A-4481-BFED-6AB44C44BDF6} - System32\Tasks\{DE004A50-38BA-41C8-BCE4-E334E5407E37} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8II7HNS5\FMOL4630_2012.exe" -d C:\Users\Owner\Desktop
Task: {A6AE9853-63FB-4519-A48F-C803DCBFEE31} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AA4B0063-FFE7-4FE8-B504-0D9748BC44BC} - System32\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupdate.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AE9E50B8-CCC5-4106-8005-F166D79B81B8} - System32\Tasks\{396588E5-4E8C-4AE4-BAC7-AE3EF88FEEEE} => Chrome.exe
Task: {C30D9A48-7A10-40CD-898A-A7B70EA8F4B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {CCC38634-0FAB-4FBC-8372-8E88C0D706F3} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
Task: {E084C0BF-340F-4006-98AA-DB3539C1C736} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {FC4D6779-F9A5-4413-92F7-3AB67D4671EE} - System32\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4340\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Owner\Documents\Desktop Items\Formulator Online.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.formulatoronline.com/Login/
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Formulator Online.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.formulatoronline.com/Login/
==================== Loaded Modules (Whitelisted) ==============
2014-09-08 21:08 - 2012-09-29 13:25 - 00409088 _____ () C:\Windows\System32\HPM1210LM.DLL
2013-02-24 20:55 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-02-19 23:27 - 2009-12-20 20:42 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2014-09-08 21:08 - 2012-09-29 13:25 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-17 15:15 - 2011-10-21 11:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-11 19:47 - 2014-08-11 19:46 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-08-11 19:47 - 2014-08-11 19:46 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-08-30 10:02 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-08-30 10:02 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\dataquick.com -> hxxps://valuations.dataquick.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\equi-trax.com -> hxxps://www.equi-trax.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\formulatoronline.com -> hxxps://www.formulatoronline.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\google.com -> hxxps://www.google.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\mlxchange.com -> nom.mlxchange.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\parlogic.com -> hxxp://parlogic.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\parlogic.com -> hxxps://parlogic.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\pay4mycollege.com -> hxxp://www.pay4mycollege.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\petraharperrealestate.com -> hxxps://www.petraharperrealestate.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-06-21 13:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: TotalRecipeSearch AppIntegrator 32-bit => C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: TotalRecipeSearch Search Scope Monitor => "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9D03E964-8E44-46C0-A80D-F5585699466F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{75603E24-C9A9-4C6E-BEF7-A1F3858639DA}] => (Allow) LPort=2869
FirewallRules: [{6686322D-4A55-4E14-996D-4236B97A6590}] => (Allow) LPort=1900
FirewallRules: [{25333F2D-7490-4DE2-8D1B-2E29A9333798}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D0289FC-CB13-4A8E-B81B-A214AC2839A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BD56826-9D63-470D-8991-B2893CB5AFEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8CEEF098-CB7B-432D-87AD-4FFBBD07B550}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38296858-88A4-43A4-85CB-29FD0905BA6B}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [TCP Query User{1A3D4C62-13F1-4D63-B081-A72A8605E657}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{D064E681-3167-40E6-9C56-896F3901DB28}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
FirewallRules: [{FF91484B-8074-4170-8A9C-822DA8E96995}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{F0DAB5A5-D5FE-47DB-B87A-F6C359630227}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{557ED65F-CF3B-4492-AB3E-CFED57454007}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{EB229072-1C03-495B-90D8-80387D9F2544}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{280D002D-7F94-46BD-88DE-0112387B20F4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{827751D3-263A-49D4-817A-0249988E5AF7}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{D2DC3E32-9E36-42C0-8BD3-7E650F7A46FD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{F3ADCF4C-5D84-495E-A32B-9E448E5D15CD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [TCP Query User{E182E2F4-F773-4DBA-A51F-EEF60C50E6D8}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{1F95E160-AB11-4B06-9F74-9642EAC469AE}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [{315FE8C6-CB36-4DB5-93F3-C05CE33FEBCD}] => (Allow) C:\Users\Owner\AppData\Local\Temp\Speedmax.exe
FirewallRules: [{50BDE0CF-E37A-4593-A1D7-8BAC9A913096}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
FirewallRules: [{7FA1A982-633B-4CC5-89FD-1323F839D575}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
FirewallRules: [{F09F6888-21FE-48AB-BD7D-7DC08A04690F}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
FirewallRules: [{2A4CDE82-98BA-4338-934C-80A4F9A948B2}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
FirewallRules: [{DA6060E9-1DA0-40DF-80EE-1A1E11E94296}] => (Allow) C:\ProgramData\lyricsgizm\lyricsgizm.exe
FirewallRules: [{54A05844-936D-482A-93B2-7CC579C92867}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS59BB\EasyInst64.exe
FirewallRules: [{96DCD741-7F60-40CC-8145-D72F87B0E578}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS59BB\EasyInst64.exe
FirewallRules: [{BECF7261-016C-4020-89ED-173DF56A1BDC}] => (Allow) LPort=9100
FirewallRules: [{A307E204-3F1F-41D8-9CEC-A6604C780312}] => (Allow) LPort=427
FirewallRules: [{B9213D49-142B-42C0-AAC3-77BFB9D0E13C}] => (Allow) LPort=161
FirewallRules: [{1F2B6469-5C5C-4276-91E7-277673817E19}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6F22\EasyInst64.exe
FirewallRules: [{F32F9F5B-6B85-4D7B-86FE-CEF3B2DA1A0A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6F22\EasyInst64.exe
FirewallRules: [{8741BFCC-579D-4C10-8129-CBE866D40ED8}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS5748\EasyInst64.exe
FirewallRules: [{CA55CDDF-A5FB-4EFC-B7F7-62876D8A71B6}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS5748\EasyInst64.exe
FirewallRules: [{3913CB44-9975-45D2-A431-420348B9EFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A73B46A6-4039-4F5C-B15B-A9B952DEFBFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F9C7E644-6DF8-4BEC-9363-D9368E84088F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C01D54FB-59B1-4032-87C1-38872AB73FF8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BE9B6D7-E4FA-49D4-9720-2E7854131AC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7849432C-F97F-42B3-A46F-5338FEB1D838}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/21/2016 04:25:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (06/21/2016 04:25:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (06/21/2016 02:00:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Owner-PC)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.
Error: (06/21/2016 02:00:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Owner-PC)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.
Error: (06/21/2016 12:55:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c).
Error: (06/21/2016 12:54:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/21/2016 12:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/21/2016 12:34:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/21/2016 12:13:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.
Operation:
Set Snapshot Context
Context:
Execution Context: Requestor
Error: (06/21/2016 12:13:41 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered
].
Operation:
Set Snapshot Context
Context:
Execution Context: Requestor
System errors:
=============
Error: (06/21/2016 05:37:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (06/21/2016 05:37:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
Error: (06/21/2016 05:35:33 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (06/21/2016 05:34:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (06/21/2016 05:29:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (06/21/2016 05:29:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
Error: (06/21/2016 05:26:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (06/21/2016 04:27:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (06/21/2016 04:27:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
Error: (06/21/2016 04:24:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
==================== Memory info ===========================
Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 56%
Total physical RAM: 4004.27 MB
Available physical RAM: 1725.77 MB
Total Virtual: 8006.75 MB
Available Virtual: 5969.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:231.39 GB) NTFS
Drive e: () (Removable) (Total:14.91 GB) (Free:11.15 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2719CE2A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================