Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems downloading and running programs


  • Please log in to reply

#91
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Owner (administrator) on OWNER-PC (21-06-2016 19:55:16)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1107672 2016-04-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-18] (Google Inc.)
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-06-15]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-06-15]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2014-06-11]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2014-06-11]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-13]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-17]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{77E23ABE-1BB2-48A9-BA12-F41B64556458}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8AC013FA-C812-4531-90E6-9EB1CCE989C7}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{D9E8C3FF-8E71-41F2-A82E-2A6BEBCFDE46}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F355C6F0-4857-45BC-BE92-D6C2F8F75698}: [DhcpNameServer] 71.92.29.130 97.81.22.195 68.113.206.10

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2012-10-30] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2621123606-1971745821-2970127776-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-28] (Citrix Online)
FF Extension: Webroot Password Manager - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9cfwhamj.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-06-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (MusixHub Start) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhpmdajdojnnhkfgffkofkjifglkan [2016-02-06]
CHR Extension: (MusixHub) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehfkemccjknagjgcbfccjajkgnbffpj [2016-02-06]
CHR Extension: (Webroot Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2015-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
S4 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-09] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 19:34 - 2016-06-21 19:34 - 00034189 _____ C:\Users\Owner\Desktop\Fixlog.txt
2016-06-21 18:46 - 2016-06-21 18:47 - 00034610 _____ C:\Users\Owner\Desktop\Addition.txt
2016-06-21 18:45 - 2016-06-21 19:55 - 00029419 _____ C:\Users\Owner\Desktop\FRST.txt
2016-06-21 18:45 - 2016-06-21 19:55 - 00000000 ____D C:\FRST
2016-06-21 18:43 - 2016-06-21 18:43 - 02387456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-06-21 18:18 - 2016-06-21 18:18 - 00014260 _____ C:\Users\Owner\Desktop\VEW.txt-application.txt
2016-06-21 18:13 - 2016-06-21 18:13 - 00015630 _____ C:\Users\Owner\Desktop\VEW.txt-1.txt
2016-06-21 18:10 - 2016-06-21 18:14 - 00014260 _____ C:\VEW.txt
2016-06-21 18:06 - 2016-06-21 18:06 - 00061440 _____ ( ) C:\Users\Owner\Desktop\VEW.exe
2016-06-21 18:01 - 2016-06-21 18:01 - 00061440 _____ ( ) C:\Users\Owner\Downloads\VEW.exe
2016-06-21 17:42 - 2016-06-21 17:42 - 00479440 _____ C:\Users\Owner\Desktop\ntbtlog.txt
2016-06-21 16:27 - 2016-06-21 16:27 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-21 12:35 - 2016-06-21 12:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(64-bit).dat
2016-06-21 12:35 - 2016-06-21 12:35 - 00000000 ____D C:\RegBackup
2016-06-21 12:32 - 2016-06-21 12:32 - 00003216 _____ C:\bootsqm.dat
2016-06-21 12:19 - 2016-06-21 12:19 - 00004964 _____ C:\Users\Owner\Desktop\chkdsk_log.txt
2016-06-21 11:50 - 2016-06-21 11:50 - 00002163 _____ C:\Users\Owner\Desktop\Tweaking.com - Windows Repair.lnk
2016-06-21 11:50 - 2016-06-21 11:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-21 11:50 - 2016-06-21 11:50 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-21 11:49 - 2016-06-21 12:03 - 00187466 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-06-21 11:49 - 2016-06-21 11:49 - 21657496 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-06-21 07:20 - 2016-06-21 07:20 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-06-21 07:19 - 2016-06-21 07:19 - 00000996 _____ C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
2016-06-20 22:31 - 2016-06-20 22:31 - 00365756 _____ C:\Users\Owner\Desktop\CBS (2).zip
2016-06-20 19:54 - 2016-06-21 08:34 - 09617360 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup_en-khp.exe
2016-06-20 15:19 - 2016-06-20 15:19 - 00198488 _____ C:\Users\Owner\Documents\Sterling multi offer form.pdf
2016-06-20 12:36 - 2016-06-20 12:36 - 02301750 _____ C:\Users\Owner\Desktop\Irvin CMA.pdf
2016-06-19 23:08 - 2016-06-19 23:08 - 00365756 _____ C:\Users\Owner\Desktop\CBS.zip
2016-06-19 08:44 - 2016-06-19 08:44 - 00026961 _____ C:\ProgramData\1466343840.bdinstall.bin
2016-06-19 08:42 - 2016-06-19 08:42 - 00026961 _____ C:\ProgramData\1466343763.bdinstall.bin
2016-06-18 17:20 - 2016-06-18 17:20 - 00000000 ____D C:\80e9e2bab38cc8247d
2016-06-16 20:09 - 2016-06-19 16:46 - 00000979 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-16 20:09 - 2016-06-16 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-16 20:09 - 2016-06-16 20:09 - 00000000 ____D C:\Program Files\CCleaner
2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2016-06-16 13:34 - 2016-06-16 13:34 - 00000000 ____D C:\ProgramData\elsi..tion_d291612c4dce6913_0005.0001_8bf3579dfe869d67
2016-06-15 22:13 - 2016-06-15 22:18 - 00000000 ____D C:\Users\Owner\Documents\Wondershare PDF to Word
2016-06-15 21:48 - 2016-06-15 21:48 - 00026961 _____ C:\ProgramData\1466045325.bdinstall.bin
2016-06-15 21:42 - 2016-06-15 21:42 - 00026961 _____ C:\ProgramData\1466044942.bdinstall.bin
2016-06-15 21:40 - 2016-06-15 21:40 - 00026961 _____ C:\ProgramData\1466044838.bdinstall.bin
2016-06-15 21:07 - 2016-06-15 21:07 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp906725983
2016-06-15 21:07 - 2016-06-15 21:07 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp1074965474
2016-06-15 20:50 - 2016-06-15 20:50 - 00598869 _____ C:\Users\Owner\Desktop\Charles St disclosure.pdf
2016-06-15 20:18 - 2016-06-15 22:10 - 00000034 _____ C:\Windows\system32\STOOLSubmit.ret
2016-06-15 20:09 - 2016-06-15 22:10 - 00000000 ____D C:\ProgramData\Dumps
2016-06-15 13:01 - 2016-06-15 13:02 - 00008241 _____ C:\ProgramData\1466013653.1532.bin
2016-06-15 13:00 - 2016-06-15 19:21 - 00093781 _____ C:\ProgramData\1466013653.3504.bin
2016-06-15 13:00 - 2016-06-15 13:02 - 00002124 _____ C:\ProgramData\1466013653.3208.bin
2016-06-15 13:00 - 2016-06-15 13:01 - 00000930 _____ C:\ProgramData\1466013653.5456.bin
2016-06-15 12:16 - 2016-06-19 16:46 - 00002195 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-15 12:16 - 2016-06-15 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-15 12:15 - 2016-06-15 20:10 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-15 12:15 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-06-15 12:15 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-06-15 12:15 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-06-15 12:15 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-06-15 12:15 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2016-06-15 12:09 - 2016-06-15 12:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bitdefender
2016-06-15 12:09 - 2016-06-15 12:09 - 00002321 _____ C:\ProgramData\1466010261.5560.bin
2016-06-15 12:05 - 2016-06-15 12:50 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-15 12:05 - 2016-06-15 12:44 - 00159876 _____ C:\ProgramData\1466010261.6104.bin
2016-06-15 12:05 - 2016-06-15 12:09 - 00017164 _____ C:\ProgramData\1466010261.4824.bin
2016-06-15 12:05 - 2016-06-15 12:08 - 00001545 _____ C:\ProgramData\1466010261.1248.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00014645 _____ C:\ProgramData\1466010261.3904.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00002342 _____ C:\ProgramData\1466010261.6108.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00001090 _____ C:\ProgramData\1466010261.5604.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00001090 _____ C:\ProgramData\1466010261.4184.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-15 12:05 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-06-15 12:05 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-06-15 12:04 - 2016-06-15 12:16 - 00233409 _____ C:\ProgramData\1466010261.4764.bin
2016-06-15 12:04 - 2016-06-15 12:16 - 00189211 _____ C:\ProgramData\1466010261.1352.bin
2016-06-15 12:04 - 2016-06-15 12:15 - 00015069 _____ C:\ProgramData\1466010261.5776.bin
2016-06-15 12:04 - 2016-06-15 12:05 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-15 12:04 - 2016-06-15 12:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
2016-06-15 11:54 - 2016-06-15 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp861625900
2016-06-15 11:54 - 2016-06-15 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp2128510550
2016-06-15 11:49 - 2016-06-21 19:36 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-15 11:49 - 2016-06-15 11:49 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-06-15 11:04 - 2016-06-15 11:04 - 00000162 _____ C:\Users\Owner\Documents\~$fferson DR. list.csv
2016-06-13 09:50 - 2016-06-13 09:50 - 00349696 _____ C:\Users\Owner\Documents\Pet logo for property page.sig
2016-06-12 19:02 - 2016-06-12 19:02 - 00111354 _____ C:\Users\Owner\Documents\Brickyard w-9.pdf
2016-06-10 14:32 - 2016-06-10 14:33 - 04701481 _____ C:\Users\Owner\Desktop\Chelan flyer.pdf
2016-06-10 09:15 - 2016-06-10 09:15 - 00279692 _____ C:\Users\Owner\Documents\BEST SQUEEZE PAGE-POST A PROP START GUIDE.pdf
2016-06-07 23:07 - 2016-06-07 23:07 - 00073728 _____ C:\Users\Owner\Documents\Pet Stationary.sig
2016-06-06 12:46 - 2016-06-06 12:46 - 00022844 _____ C:\Users\Owner\Documents\Seller utility form.pdf
2016-06-05 19:45 - 2016-06-05 19:45 - 00082073 _____ C:\Users\Owner\Documents\CHELAN DUAL AGENCY.pdf
2016-06-05 19:42 - 2016-06-05 19:42 - 00135270 _____ C:\Users\Owner\Documents\CHELAN PROPERTY DISCLOSURE.pdf
2016-06-05 19:36 - 2016-06-05 19:36 - 00130133 _____ C:\Users\Owner\Documents\CHELAN LISTING AGREEMENT.pdf
2016-06-05 14:27 - 2016-06-05 14:27 - 00265335 _____ C:\Users\Owner\Documents\Chelan comps.pdf
2016-06-04 18:26 - 2016-06-04 18:26 - 00079744 _____ C:\Users\Owner\Documents\Wells fargo june 2016 payment confirmation.pdf
2016-06-04 18:17 - 2016-06-04 18:17 - 00049986 _____ C:\Users\Owner\Documents\Demco june 2016 payment.pdf
2016-06-03 22:59 - 2016-06-03 23:00 - 00003772 _____ C:\Users\Owner\Documents\Forest Ln list.csv
2016-06-03 22:23 - 2016-06-03 22:23 - 00002067 _____ C:\Users\Owner\Documents\Yates list.csv
2016-06-03 22:22 - 2016-06-03 22:22 - 00002067 _____ C:\Users\Owner\Documents\Yates.csv
2016-06-03 22:20 - 2016-06-03 22:20 - 00008270 _____ C:\Users\Owner\Documents\Cuthell list.csv
2016-06-03 22:06 - 2016-06-03 22:06 - 00009461 _____ C:\Users\Owner\Documents\Tricou Blvd list.csv
2016-06-03 22:03 - 2016-06-03 22:03 - 00008393 _____ C:\Users\Owner\Documents\Scott Pl list.csv
2016-06-03 21:57 - 2016-06-03 21:57 - 00012798 _____ C:\Users\Owner\Documents\James Robert list.csv
2016-06-03 21:53 - 2016-06-03 21:54 - 00019664 _____ C:\Users\Owner\Documents\Rene Dr. list.csv
2016-06-03 21:48 - 2016-06-03 21:49 - 00009357 _____ C:\Users\Owner\Documents\Adelle Dr. list.csv
2016-06-03 21:43 - 2016-06-03 21:43 - 00002043 _____ C:\Users\Owner\Documents\Chad Dr. list.csv
2016-06-03 20:02 - 2016-06-03 20:03 - 00705305 _____ C:\Users\Owner\Documents\Pet 2016 license.pdf
2016-06-03 20:02 - 2016-06-03 20:03 - 00705305 _____ C:\Users\Owner\Documents\3611720151229 (1).pdf
2016-06-03 11:27 - 2016-06-03 11:27 - 00988458 _____ C:\Users\Owner\Documents\10_12 Properties Ad Proof  inside northside.pdf
2016-06-02 22:30 - 2016-06-02 22:30 - 00067237 _____ C:\Users\Owner\Desktop\Lease app.pdf
2016-06-02 11:37 - 2016-06-02 11:37 - 00709120 _____ C:\Users\Owner\Documents\SEVENTH SOLD.sig
2016-06-02 11:35 - 2016-06-02 11:47 - 00709120 _____ C:\Users\Owner\Documents\RIVERWOOD SOLD.sig
2016-06-02 11:30 - 2016-06-02 11:30 - 00709120 _____ C:\Users\Owner\Documents\JAELYN SOLD SITE.sig
2016-06-02 10:53 - 2016-06-02 10:53 - 00709120 _____ C:\Users\Owner\Documents\CARTER TR SITE.sig
2016-06-01 11:19 - 2016-06-01 11:19 - 00003621 _____ C:\Users\Owner\Documents\Cort mail out.csv
2016-06-01 08:53 - 2016-06-01 08:57 - 00028665 _____ C:\Users\Owner\Documents\State st labels.pdf
2016-06-01 08:52 - 2016-06-01 08:56 - 00031232 _____ C:\Users\Owner\Documents\State st mail out.xls
2016-06-01 08:50 - 2016-06-01 08:50 - 00002930 _____ C:\Users\Owner\Documents\State st list.csv
2016-06-01 08:46 - 2016-06-01 08:46 - 00032347 _____ C:\Users\Owner\Documents\Jefferson labels.pdf
2016-06-01 08:45 - 2016-06-17 15:16 - 00043520 _____ C:\Users\Owner\Documents\Jefferson mail out.xls
2016-06-01 08:43 - 2016-06-01 08:44 - 00007249 _____ C:\Users\Owner\Documents\Jefferson DR. list.csv
2016-06-01 08:21 - 2016-06-01 08:21 - 00022528 _____ C:\Users\Owner\Documents\Rue Chateau.xls
2016-06-01 08:18 - 2016-06-01 08:18 - 00000339 _____ C:\Users\Owner\Documents\Rue Chateau.csv
2016-06-01 08:15 - 2016-06-01 08:15 - 00020039 _____ C:\Users\Owner\Documents\Rue Monet labels.pdf
2016-06-01 08:12 - 2016-06-01 08:12 - 00023040 _____ C:\Users\Owner\Documents\Rue Monet mail out.xls
2016-06-01 08:08 - 2016-06-01 08:08 - 00000478 _____ C:\Users\Owner\Documents\Rue Monet list.csv
2016-06-01 08:00 - 2016-06-01 08:00 - 00031813 _____ C:\Users\Owner\Documents\Rue Chene labels.pdf
2016-06-01 07:54 - 2016-06-01 07:54 - 00034816 _____ C:\Users\Owner\Documents\Rue Chene mail out excel temp.xlt
2016-06-01 07:51 - 2016-06-01 07:51 - 00034816 _____ C:\Users\Owner\Documents\Rue Chene mail out workbook.xls
2016-06-01 07:48 - 2016-06-01 07:49 - 00014380 _____ C:\Users\Owner\Documents\Rue Chene mail out-3.xltx
2016-06-01 07:27 - 2016-06-01 07:27 - 00032996 _____ C:\Users\Owner\Documents\Rue Maison labels.pdf
2016-06-01 07:24 - 2016-06-01 07:24 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list-2.csv
2016-06-01 07:22 - 2016-06-01 07:22 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list.csv
2016-06-01 07:21 - 2016-06-01 07:21 - 00040960 _____ C:\Users\Owner\Documents\Rue Masion mail out.xls
2016-06-01 07:07 - 2016-06-01 07:07 - 00006460 _____ C:\Users\Owner\Documents\Rue Maison list csv.csv
2016-06-01 06:50 - 2016-06-01 06:51 - 00039936 _____ C:\Users\Owner\Documents\Rue chene list.xls
2016-06-01 06:48 - 2016-06-01 06:51 - 00006121 _____ C:\Users\Owner\Documents\Rue Chene mail out.csv
2016-05-31 12:25 - 2016-05-31 12:25 - 00142784 _____ C:\Users\Owner\Documents\Client list updated 5-31-16.csv
2016-05-31 11:58 - 2016-06-01 06:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SendBlaster3
2016-05-31 11:58 - 2016-05-31 11:58 - 00000000 ____D C:\Users\Owner\Documents\SendBlaster3
2016-05-23 17:39 - 2016-05-23 17:39 - 00017163 _____ C:\Users\Owner\Documents\MatrixContacts.CSV
2016-05-23 17:38 - 2016-05-23 17:55 - 00017005 _____ C:\Users\Owner\Documents\MLS contact list.csv
2016-05-22 08:51 - 2016-05-22 08:51 - 00077874 _____ C:\Users\Owner\Documents\Smart start drivers ed receipt.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 19:44 - 2009-07-13 23:45 - 00029120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-21 19:44 - 2009-07-13 23:45 - 00029120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-21 19:40 - 2009-07-14 00:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-21 19:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-06-21 19:36 - 2015-08-18 14:14 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job
2016-06-21 19:36 - 2013-02-18 21:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-21 19:36 - 2013-02-18 15:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-21 19:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 19:34 - 2014-05-12 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-21 19:34 - 2013-02-20 22:48 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Temp
2016-06-21 19:18 - 2013-02-18 15:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-21 18:43 - 2015-08-18 14:14 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job
2016-06-21 17:35 - 2014-06-18 13:12 - 00479440 _____ C:\Windows\ntbtlog.txt
2016-06-21 17:31 - 2016-01-07 13:04 - 00000000 ____D C:\Windows\pss
2016-06-21 16:26 - 2013-02-17 15:45 - 00129968 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-21 16:24 - 2009-07-13 23:45 - 00458896 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-21 13:55 - 2009-07-13 21:34 - 00000439 _____ C:\Windows\win.ini
2016-06-21 13:51 - 2014-02-27 10:15 - 00782510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-20 19:58 - 2013-04-03 09:20 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-06-20 14:00 - 2013-02-19 23:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PrimoPDF
2016-06-19 17:20 - 2011-05-05 05:14 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-06-19 17:20 - 2010-07-11 20:28 - 00086352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
2016-06-18 14:24 - 2015-12-21 15:21 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 14:24 - 2015-12-21 15:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 19:47 - 2013-06-08 21:39 - 00000085 _____ C:\Windows\ImportClient.INI
2016-06-17 19:47 - 2013-06-08 21:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nitro PDF
2016-06-17 19:47 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-06-17 07:26 - 2013-02-18 13:53 - 00000000 ____D C:\ProgramData\WRData
2016-06-16 20:49 - 2015-09-22 12:34 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-06-16 20:48 - 2016-02-06 12:13 - 00000000 ____D C:\ProgramData\Freemake
2016-06-16 20:47 - 2016-04-20 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2016-06-16 20:47 - 2016-04-20 06:10 - 00000000 ____D C:\Program Files (x86)\iMobie
2016-06-16 19:48 - 2013-02-27 14:58 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-06-15 22:39 - 2014-08-30 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-06-15 22:39 - 2014-08-30 10:02 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-06-15 21:07 - 2015-12-10 16:18 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp
2016-06-15 20:57 - 2013-02-18 22:30 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\LastPass
2016-06-15 19:19 - 2009-07-13 21:34 - 00000828 _____ C:\Windows\system32\Drivers\etc\hosts_bak_815
2016-06-02 10:58 - 2016-02-04 20:31 - 00709120 _____ C:\Users\Owner\Documents\WHIP ST SITE.sig
2016-06-02 10:54 - 2015-10-09 13:23 - 01459200 _____ C:\Users\Owner\Documents\DURBIN RD SITE.sig
2016-06-02 10:50 - 2015-10-09 13:26 - 02203648 _____ C:\Users\Owner\Documents\SHELLY ST SITE.sig
2016-06-01 09:19 - 2014-05-22 13:26 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-06-01 09:19 - 2014-05-22 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-23 08:47 - 2016-05-03 12:49 - 03495424 _____ C:\Users\Owner\Documents\announcement card.pcr

==================== Files in the root of some directories =======

2016-05-11 12:59 - 2016-05-11 12:59 - 0000000 _____ () C:\Program Files (x86)\GUT3615.tmp
2013-12-05 10:27 - 2013-12-05 10:27 - 49940480 _____ () C:\Program Files (x86)\GUT7A73.tmp
2016-02-01 21:20 - 2016-02-01 21:20 - 6871040 _____ () C:\Program Files (x86)\GUTA6F1.tmp
2014-06-11 06:45 - 2016-06-15 20:44 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-09-16 11:12 - 2016-02-06 18:29 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-14 18:44 - 2013-07-14 18:44 - 0001465 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2016-04-12 14:14 - 2016-04-12 14:14 - 0000000 _____ () C:\Users\Owner\AppData\Local\{D0F9E2AA-C4FD-49F7-86F5-E2944F1F0250}
2016-06-15 12:05 - 2016-06-15 12:08 - 0001545 _____ () C:\ProgramData\1466010261.1248.bin
2016-06-15 12:04 - 2016-06-15 12:16 - 0189211 _____ () C:\ProgramData\1466010261.1352.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 0014645 _____ () C:\ProgramData\1466010261.3904.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 0001090 _____ () C:\ProgramData\1466010261.4184.bin
2016-06-15 12:04 - 2016-06-15 12:16 - 0233409 _____ () C:\ProgramData\1466010261.4764.bin
2016-06-15 12:05 - 2016-06-15 12:09 - 0017164 _____ () C:\ProgramData\1466010261.4824.bin
2016-06-15 12:09 - 2016-06-15 12:09 - 0002321 _____ () C:\ProgramData\1466010261.5560.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 0001090 _____ () C:\ProgramData\1466010261.5604.bin
2016-06-15 12:04 - 2016-06-15 12:15 - 0015069 _____ () C:\ProgramData\1466010261.5776.bin
2016-06-15 12:05 - 2016-06-15 12:44 - 0159876 _____ () C:\ProgramData\1466010261.6104.bin
2016-06-15 12:05 - 2016-06-15 12:05 - 0002342 _____ () C:\ProgramData\1466010261.6108.bin
2016-06-15 13:01 - 2016-06-15 13:02 - 0008241 _____ () C:\ProgramData\1466013653.1532.bin
2016-06-15 13:00 - 2016-06-15 13:02 - 0002124 _____ () C:\ProgramData\1466013653.3208.bin
2016-06-15 13:00 - 2016-06-15 19:21 - 0093781 _____ () C:\ProgramData\1466013653.3504.bin
2016-06-15 13:00 - 2016-06-15 13:01 - 0000930 _____ () C:\ProgramData\1466013653.5456.bin
2016-06-15 21:40 - 2016-06-15 21:40 - 0026961 _____ () C:\ProgramData\1466044838.bdinstall.bin
2016-06-15 21:42 - 2016-06-15 21:42 - 0026961 _____ () C:\ProgramData\1466044942.bdinstall.bin
2016-06-15 21:48 - 2016-06-15 21:48 - 0026961 _____ () C:\ProgramData\1466045325.bdinstall.bin
2016-06-19 08:42 - 2016-06-19 08:42 - 0026961 _____ () C:\ProgramData\1466343763.bdinstall.bin
2016-06-19 08:44 - 2016-06-19 08:44 - 0026961 _____ () C:\ProgramData\1466343840.bdinstall.bin

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-17 08:58

==================== End of FRST.txt ============================


  • 0

Advertisements


#92
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Owner (2016-06-21 19:56:01)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-17 20:05:51)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2621123606-1971745821-2970127776-500 - Administrator - Disabled)
Guest (S-1-5-21-2621123606-1971745821-2970127776-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2621123606-1971745821-2970127776-1002 - Limited - Enabled)
Owner (S-1-5-21-2621123606-1971745821-2970127776-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACI Forms Client (HKLM-x32\...\{0C989B91-B900-4CC1-BBF6-3A3E7614487C}) (Version: 2.08.024 - ACI)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Better-Search Updater Service (HKLM-x32\...\WNLT) (Version: 5.1.4.1 - ) <==== ATTENTION
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS MobiSaver 5.0 (HKLM-x32\...\EaseUS MobiSaver 5.0_is1) (Version:  - EaseUS)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.9.1.4340 (HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\GoToMeeting) (Version: 7.9.1.4340 - CitrixOnline)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E94AE378-725A-41FF-BA24-397469D27FC8}) (Version: 1.3.0 - HP)
Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Media Content Deluxe (HKLM-x32\...\{90350409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM-x32\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
Nitro Pro 9 (HKLM-x32\...\{5d48b872-0053-4f83-b74c-577d3ffe2f2f}) (Version: 9.0.4.5 - Nitro)
Nitro Pro 9 (Version: 9.0.4.5 - Nitro) Hidden
Nitro Reader 3 (HKLM\...\{3C1F302A-CC25-488D-9C24-A76B95BC916F}) (Version: 3.0.6.3 - Nitro)
PCActivator (HKLM\...\PCActivator) (Version: 1.0 - AB eCommerce)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.19 - ShopAtHome.com) <==== ATTENTION
Smilebox (HKU\S-1-5-21-2621123606-1971745821-2970127776-1000 Version: 1.0.0.26929 - Smilebox, Inc.) Hidden
Smilebox Bundle (HKLM-x32\...\Smilebox Bundle) (Version: 2.0.0.3 - Perion Network Ltd.)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
The Print Shop 12 (HKLM-x32\...\{3DD1FE66-5536-41E3-B786-70068887B3F4}) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.3 - Tweaking.com)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{D31032BD-B70C-4E1E-8BE3-0B870A910983}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.31 - NCH Software)
WebEx Training Manager for Internet Explorer (HKLM-x32\...\{D69DD1C9-A051-4526-B774-31FB69401167}) (Version: 29.2.0.23 - Cisco WebEx LLC)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version:  - windows-movie-maker.org)
Wondershare Dr.Fone for Android(Build 4.8.2.142) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.2.142 - Wondershare Software Co.,Ltd.)
Wondershare Dr.Fone for iOS(Build 4.8.0.7) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.8.0.7 - Wondershare Software Co.,Ltd.)
Wondershare DVD Slideshow Builder Deluxe(Build 6.5.0.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.5.0.0 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4D0D7202-8CCE-42C3-A3F6-0B81C74EA391} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5C056C90-4865-45BA-A924-5716C6527D6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {97CE9277-786F-451A-A1AD-781F79512B7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AA4B0063-FFE7-4FE8-B504-0D9748BC44BC} - System32\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupdate.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AE9E50B8-CCC5-4106-8005-F166D79B81B8} - System32\Tasks\{396588E5-4E8C-4AE4-BAC7-AE3EF88FEEEE} => Chrome.exe
Task: {C30D9A48-7A10-40CD-898A-A7B70EA8F4B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {CCC38634-0FAB-4FBC-8372-8E88C0D706F3} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
Task: {FC4D6779-F9A5-4413-92F7-3AB67D4671EE} - System32\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4340\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2621123606-1971745821-2970127776-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\Documents\Desktop Items\Formulator Online.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.formulatoronline.com/Login/
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Formulator Online.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.formulatoronline.com/Login/

==================== Loaded Modules (Whitelisted) ==============

2014-09-08 21:08 - 2012-09-29 13:25 - 00409088 _____ () C:\Windows\System32\HPM1210LM.DLL
2013-02-24 20:55 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-02-19 23:27 - 2009-12-20 20:42 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2014-09-08 21:08 - 2012-09-29 13:25 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-02-17 15:15 - 2011-10-21 11:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\dataquick.com -> hxxps://valuations.dataquick.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\equi-trax.com -> hxxps://www.equi-trax.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\formulatoronline.com -> hxxps://www.formulatoronline.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\google.com -> hxxps://www.google.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\mlxchange.com -> nom.mlxchange.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\parlogic.com -> hxxp://parlogic.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\parlogic.com -> hxxps://parlogic.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\pay4mycollege.com -> hxxp://www.pay4mycollege.com
IE trusted site: HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\...\petraharperrealestate.com -> hxxps://www.petraharperrealestate.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-06-21 13:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2621123606-1971745821-2970127776-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: TotalRecipeSearch AppIntegrator 32-bit => C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: TotalRecipeSearch Search Scope Monitor => "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9D03E964-8E44-46C0-A80D-F5585699466F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{75603E24-C9A9-4C6E-BEF7-A1F3858639DA}] => (Allow) LPort=2869
FirewallRules: [{6686322D-4A55-4E14-996D-4236B97A6590}] => (Allow) LPort=1900
FirewallRules: [{25333F2D-7490-4DE2-8D1B-2E29A9333798}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D0289FC-CB13-4A8E-B81B-A214AC2839A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BD56826-9D63-470D-8991-B2893CB5AFEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8CEEF098-CB7B-432D-87AD-4FFBBD07B550}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38296858-88A4-43A4-85CB-29FD0905BA6B}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [TCP Query User{1A3D4C62-13F1-4D63-B081-A72A8605E657}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{D064E681-3167-40E6-9C56-896F3901DB28}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
FirewallRules: [{FF91484B-8074-4170-8A9C-822DA8E96995}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{F0DAB5A5-D5FE-47DB-B87A-F6C359630227}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{557ED65F-CF3B-4492-AB3E-CFED57454007}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{EB229072-1C03-495B-90D8-80387D9F2544}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{280D002D-7F94-46BD-88DE-0112387B20F4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{827751D3-263A-49D4-817A-0249988E5AF7}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{D2DC3E32-9E36-42C0-8BD3-7E650F7A46FD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{F3ADCF4C-5D84-495E-A32B-9E448E5D15CD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [TCP Query User{E182E2F4-F773-4DBA-A51F-EEF60C50E6D8}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{1F95E160-AB11-4B06-9F74-9642EAC469AE}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [{3913CB44-9975-45D2-A431-420348B9EFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A73B46A6-4039-4F5C-B15B-A9B952DEFBFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F9C7E644-6DF8-4BEC-9363-D9368E84088F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C01D54FB-59B1-4032-87C1-38872AB73FF8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BE9B6D7-E4FA-49D4-9720-2E7854131AC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7849432C-F97F-42B3-A46F-5338FEB1D838}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/21/2016 07:35:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 57%
Total physical RAM: 4004.27 MB
Available physical RAM: 1702.7 MB
Total Virtual: 8006.75 MB
Available Virtual: 6187.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:232.33 GB) NTFS
Drive e: () (Removable) (Total:14.91 GB) (Free:11.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2719CE2A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#93
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Error: (06/21/2016 07:35:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1

 

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check,
 
Reboot.
 
Then run VEW again and see if we have a new error.

  • 0

#94
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
It's doing a disk check, is this what you wanted done when rebooting?
  • 0

#95
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Yes.  My experience has been that running a disk check will fix the error most of the time.  I see from your FRST log that you may have a second hard drive.  If you do run a disk check on it too.


  • 0

#96
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ok I didn't realize the disk check would take so long. It's been at 14% for almost 2 hours now, but it appears to be running.

I am not aware of a second hard drive, what would that be labeled? Lol
  • 0

#97
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Right click on Computer and select Manage then Disk Management (under Storage) .  In the bottom right you should see Disk 0 and Disk 1.  I assume Disk 0 is C: but if there are any letters assigned to Disk 1 you should see them.


  • 0

#98
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Ok, you wanted me to run vew again after the reboot.  But I wasn't sure exactly what boxes you wanted me to check, so I did the same thing as before and here is what happened?

Attached Thumbnails

  • Vew error.JPG

  • 0

#99
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

You did not Right click and Run As Admin.


  • 0

#100
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/06/2016 8:35:47 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/06/2016 4:15:06 AM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 22/06/2016 12:36:14 AM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 22/06/2016 12:35:22 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2621123606-1971745821-2970127776-1000:
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Policies\Microsoft\SystemCertificates
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Policies\Microsoft\SystemCertificates
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Policies\Microsoft\SystemCertificates
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Policies\Microsoft\SystemCertificates
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\SystemCertificates\Root
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\SystemCertificates\trust
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\SystemCertificates\My
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\SystemCertificates\CA
Process 2496 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2621123606-1971745821-2970127776-1000\Software\Microsoft\SystemCertificates\Disallowed


  • 0

Advertisements


#101
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Disk 1 shows E:, btw

 

What does this mean, and do I need to run another scan?

Attached Thumbnails

  • Disk 1.JPG

  • 0

#102
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Since you have a disk E: you should run the check disk on it too.  

 

 
1. Double-click My Computer, and then right-click the hard disk that you want to check. E:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
 
I would also uninstall Windows Live.  IF you absolutely need it you can download a new version later but it is holding open the registry on shutdown which is not good.
Also uninstall LeapFrog Connect 
Can you run VEW for System too?

  • 0

#103
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Oh that was just an SD card with pictures I have, I don't need to scan that, lol.


  • 0

#104
pharper

pharper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

What's next?


  • 0

#105
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

http://www.geekstogo...-7#entry2567286


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP