Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Is my computer infected?

Started by Cowson1 , Dec 18 2015 02:11 PM

This topic is locked

#1
Cowson1

Posted 18 December 2015 - 02:11 PM

Member

Member
24 posts

Google Chrome seems to have disappeared after running terribly slow and sometimes not opening altogether.. And now Explorer is running slow and often times won't open. I've only had the pc for about a year. I'm not sure if anyone can help, but I've attached the logs below. And any help would be so greatly appreciated. Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015
Ran by Alan (administrator) on CASSELMAN (18-12-2015 14:58:04)
Running from C:\Users\Alan\Desktop
Loaded Profiles: Alan (Available Profiles: Alan)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Pokki) C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Pokki) C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pokki) C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013200 2015-12-10] (Valve Corporation)
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\RunOnce: [Application Restart #3] => C:\Users\Alan\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters).
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\RunOnce: [Application Restart #2] => C:\Users\Alan\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters).
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\MountPoints2: {b1ee5544-39b9-11e4-825f-c03fd57e9d21} - "D:\LaunchU3.exe" -a
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-08-25] (ClientConnect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-08-25] (ClientConnect LTD)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk [2014-09-02]
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Fast Connect.lnk [2015-10-17]
ShortcutTarget: Fast Connect.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D404DF7B-B4FF-441F-8D9D-E6F7362FCA00}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> DefaultScope {E2155B58-9709-48CD-96C7-502E27EA7A3F} URL = hxxp://search.whiteskyservices.com/?wstoken=55C5D325-23F3-43B5-8651-6DEC1E2B9F62&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {086A4A44-FF44-4451-8103-CEAB832594B6} URL = hxxp://www.bing.com/search?pc=conduit&ptag=A41171EDFAF7747F7B2F&form=CONADR&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {A935D83E-CFFC-11E4-827D-C03FD57E9D21} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {E2155B58-9709-48CD-96C7-502E27EA7A3F} URL = hxxp://search.whiteskyservices.com/?wstoken=55C5D325-23F3-43B5-8651-6DEC1E2B9F62&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-17] (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.929.1\NativeBHO.dll [2015-09-29] (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1305158405-1857925567-3099767685-1001: @nsroblox.roblox.com/launcher -> C:\Users\Alan\AppData\Local\Roblox\Versions\version-957ce0cc47814d39\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1305158405-1857925567-3099767685-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Alan\AppData\Local\Roblox\Versions\version-957ce0cc47814d39\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1305158405-1857925567-3099767685-1001: hopster.com/CouponPrinterPlugin -> C:\Users\Alan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323027&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=6&UP=SP9937CDEA-5E5E-4DC1-A041-A511492873F0&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323027&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=6&UP=SP9937CDEA-5E5E-4DC1-A041-A511492873F0&SSPV="
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (PriceBlink) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-23]
CHR Extension: (Norton Identity Safe) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (SpongeBob) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcbomkndjdboeecgicmjobgeldinpngi [2015-08-25]
CHR Extension: (Gmail) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-26] (Maxthon)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 0304051409696504mcinstcleanup; C:\Users\Alan\AppData\Local\Temp\030405~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20151207.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20151217.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20151217.033\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20151217.033\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-20] (Realtek Semiconductor Corporation )
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 14:58 - 2015-12-18 14:58 - 00026047 _____ C:\Users\Alan\Desktop\FRST.txt
2015-12-18 14:57 - 2015-12-18 14:58 - 00000000 ____D C:\FRST
2015-12-18 14:56 - 2015-12-18 14:56 - 02370048 _____ (Farbar) C:\Users\Alan\Desktop\FRST64.exe
2015-12-17 14:44 - 2015-12-17 14:44 - 00001123 _____ C:\Users\Alan\Desktop\nativelog.txt
2015-12-12 18:35 - 2015-12-12 18:35 - 00000219 _____ C:\Users\Alan\Desktop\Counter-Strike Global Offensive.url
2015-12-08 18:28 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-08 18:28 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-08 18:28 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-08 18:28 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-08 18:28 - 2015-11-09 18:41 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-12-08 18:28 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-08 18:28 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-08 18:28 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-08 18:28 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-08 18:28 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-08 18:28 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-08 18:28 - 2015-11-08 16:25 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-12-08 18:28 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-08 18:28 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-08 18:28 - 2015-11-05 03:59 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-08 18:27 - 2015-11-22 01:59 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-12-08 18:27 - 2015-11-22 01:59 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-12-08 18:27 - 2015-11-22 01:59 - 01659568 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-12-08 18:27 - 2015-11-22 01:59 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-12-08 18:27 - 2015-11-22 01:59 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-12-08 18:27 - 2015-11-22 01:59 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-12-08 18:27 - 2015-11-22 01:58 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-12-08 18:27 - 2015-11-21 13:32 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-12-08 18:27 - 2015-11-21 12:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-12-08 18:27 - 2015-11-21 11:59 - 01706496 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-08 18:27 - 2015-11-21 11:49 - 01344000 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-08 18:27 - 2015-11-21 11:47 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-08 18:27 - 2015-11-21 11:40 - 00414208 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-08 18:27 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-08 18:27 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-08 18:27 - 2015-11-11 10:44 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-12-08 18:27 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-08 18:27 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-08 18:27 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-08 18:27 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-08 18:27 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-08 18:27 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-08 18:27 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-08 18:27 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-08 18:27 - 2015-11-09 18:36 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-08 18:27 - 2015-11-09 18:25 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-12-08 18:27 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-08 18:27 - 2015-11-08 19:41 - 01540728 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-08 18:27 - 2015-11-08 17:30 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-08 18:27 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-08 18:27 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-08 18:27 - 2015-11-08 16:32 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-12-08 18:27 - 2015-11-08 16:23 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-08 18:27 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-08 18:27 - 2015-11-08 16:16 - 00372224 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-08 18:27 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-08 18:27 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-08 18:27 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-08 18:27 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-08 18:27 - 2015-11-08 16:13 - 01383936 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-08 18:27 - 2015-11-08 16:01 - 01753600 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2015-12-08 18:27 - 2015-11-08 15:53 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-12-08 18:27 - 2015-11-08 15:52 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-08 18:27 - 2015-11-08 15:48 - 01376256 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-08 18:27 - 2015-11-08 15:42 - 01490944 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2015-12-08 18:27 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-08 18:27 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2015-12-08 18:27 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZST.DLL
2015-12-08 18:27 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2015-12-08 18:27 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2015-12-08 18:27 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2015-12-08 18:27 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZST.DLL
2015-12-08 18:27 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2015-12-08 18:27 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2015-12-08 18:27 - 2015-10-22 11:21 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2015-12-08 18:27 - 2015-10-22 11:21 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2015-12-08 18:27 - 2015-10-22 10:58 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2015-12-08 18:27 - 2015-10-22 10:58 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2015-12-08 18:27 - 2015-10-22 09:08 - 00513456 _____ C:\windows\SysWOW64\locale.nls
2015-12-08 18:27 - 2015-10-22 09:08 - 00513456 _____ C:\windows\system32\locale.nls
2015-12-08 18:27 - 2015-10-10 12:20 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2015-12-08 18:27 - 2015-10-03 14:41 - 01385280 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-12-08 18:27 - 2015-10-03 14:41 - 01124384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-12-08 18:26 - 2015-11-20 17:47 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-08 18:26 - 2015-11-20 13:18 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-08 18:26 - 2015-11-20 11:58 - 03706880 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-08 18:26 - 2015-11-20 11:47 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-08 18:26 - 2015-11-20 11:46 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-08 18:26 - 2015-11-20 11:44 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-12-08 18:26 - 2015-11-20 11:44 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-08 18:26 - 2015-11-20 11:43 - 00897024 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-08 18:26 - 2015-11-20 11:42 - 02243584 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-08 18:26 - 2015-11-20 11:30 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-08 18:26 - 2015-11-20 11:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-08 18:26 - 2015-11-20 11:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-08 18:26 - 2015-11-20 11:27 - 00726528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-08 18:26 - 2015-10-28 10:49 - 02775552 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-12-08 18:26 - 2015-10-28 10:29 - 02462720 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-12-08 18:26 - 2015-10-11 01:34 - 00468824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2015-12-08 18:26 - 2015-10-11 01:34 - 00462168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2015-12-08 18:26 - 2015-10-11 01:34 - 00443224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2015-12-08 18:26 - 2015-10-11 01:34 - 00092504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2015-12-08 18:26 - 2015-10-11 01:34 - 00027992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2015-12-08 18:26 - 2015-10-10 13:41 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2015-12-08 18:26 - 2015-10-10 13:41 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2015-12-08 18:26 - 2015-10-08 11:11 - 00060928 _____ (Microsoft Corporation) C:\windows\system32\PCPKsp.dll
2015-12-08 18:26 - 2015-10-08 10:50 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPKsp.dll
2015-12-08 18:26 - 2015-10-05 13:28 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\wininit.exe
2015-12-08 18:26 - 2015-10-05 13:25 - 00572928 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-12-05 18:00 - 2015-12-06 21:40 - 00121168 _____ C:\Users\Alan\Documents\Presentation1.pptx
2015-12-01 18:44 - 2015-12-01 18:44 - 00000000 ____D C:\windows\System32\Tasks\Norton 360
2015-12-01 18:38 - 2015-12-01 18:38 - 00003228 _____ C:\windows\System32\Tasks\Norton WSC Integration
2015-12-01 18:30 - 2015-12-01 18:30 - 00271589 _____ C:\Users\Alan\Documents\frozen_power_point.pptx
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\35AD.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\33D9.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\335B.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\331C.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\329E.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\31A3.tmp
2015-11-18 13:45 - 2015-11-18 13:45 - 00868320 _____ C:\Users\Alan\Downloads\proposal.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 14:57 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-18 14:52 - 2014-08-04 20:56 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-18 14:38 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-12-18 14:32 - 2014-09-02 15:07 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2015-12-18 14:31 - 2014-08-03 18:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1305158405-1857925567-3099767685-1001
2015-12-18 14:26 - 2014-09-02 15:07 - 00000000 ____D C:\Users\Alan\AppData\Roaming\ID Vault
2015-12-18 14:25 - 2014-08-18 16:40 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-18 14:24 - 2014-08-03 18:56 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DE19AB62-3E84-43C7-86C1-8A2913B34B13}
2015-12-17 21:07 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-17 21:06 - 2014-08-03 19:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-17 20:58 - 2013-08-31 10:40 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-17 20:58 - 2013-08-22 08:36 - 00000000 ____D C:\windows\Inf
2015-12-17 20:56 - 2015-07-31 11:46 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2015-12-17 20:56 - 2014-08-03 18:48 - 00000000 ____D C:\Users\Alan\AppData\Local\SweetLabs App Platform
2015-12-17 20:55 - 2015-04-08 16:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-17 20:54 - 2014-08-18 16:40 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-17 20:54 - 2014-08-03 18:51 - 00000000 ___DO C:\Users\Alan\SkyDrive
2015-12-17 20:53 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-12-17 20:52 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-17 20:52 - 2013-08-22 09:44 - 00502456 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-17 20:51 - 2014-08-30 19:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-17 20:51 - 2014-08-30 19:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-17 20:50 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-12-17 16:25 - 2015-05-08 16:30 - 00000000 ____D C:\Users\Alan\AppData\Roaming\.minecraft
2015-12-17 14:43 - 2015-05-08 16:27 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-12-13 15:31 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2015-12-12 19:17 - 2015-02-22 19:34 - 00000000 ____D C:\Users\Alan\AppData\Local\CrashDumps
2015-12-08 20:44 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-08 20:44 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-12-08 18:59 - 2014-09-14 12:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 18:59 - 2014-08-30 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 18:59 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-12-08 18:54 - 2014-08-03 19:31 - 00000000 ____D C:\windows\system32\MRT
2015-12-08 18:52 - 2014-08-04 20:56 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 18:50 - 2014-08-03 19:31 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-08 18:14 - 2014-08-03 18:48 - 00000000 ____D C:\Users\Alan
2015-12-05 04:11 - 2013-08-31 11:36 - 00000000 ____D C:\windows\Panther
2015-12-04 16:20 - 2014-08-18 16:40 - 00003898 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 16:20 - 2014-08-18 16:40 - 00003662 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 16:09 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-03 18:36 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-12-01 18:39 - 2014-09-02 15:08 - 00000000 ____D C:\Users\Alan\AppData\Local\ID Vault
2015-12-01 18:38 - 2015-08-16 03:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-12-01 18:38 - 2014-09-02 17:26 - 00002389 _____ C:\Users\Public\Desktop\Norton Security Suite.LNK
2015-12-01 18:38 - 2014-09-02 17:26 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2015-12-01 12:19 - 2015-03-11 09:14 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 12:19 - 2015-03-11 09:14 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-01 00:52 - 2014-04-21 18:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-01 00:52 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-29 23:13 - 2015-11-14 20:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-20 12:37 - 2015-09-11 09:23 - 00000994 _____ C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2015-11-20 12:37 - 2015-09-11 09:23 - 00000986 _____ C:\Users\Alan\Desktop\join.me.lnk
2015-11-20 12:37 - 2015-09-11 09:23 - 00000000 ____D C:\Users\Alan\AppData\Local\join.me
2015-11-18 03:38 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData

==================== Files in the root of some directories =======

2014-04-21 18:35 - 2014-04-21 18:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-26 18:20 - 2015-01-26 18:21 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-15 02:59

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by Alan (2015-12-18 14:58:42)
Running from C:\Users\Alan\Desktop
Windows 8.1 (X64) (2014-08-03 23:48:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1305158405-1857925567-3099767685-500 - Administrator - Disabled)
Alan (S-1-5-21-1305158405-1857925567-3099767685-1001 - Administrator - Enabled) => C:\Users\Alan
Guest (S-1-5-21-1305158405-1857925567-3099767685-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.929.1 - White Sky)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Groupon (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Pokki_893e2a8f4b240ed6d7def79e56791067c96f41be) (Version: 1.0.2.55621 - Pokki)
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Host App Service (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\SweetLabs_AP) (Version: 0.269.7.800 - Pokki)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
join.me (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\JoinMe) (Version: 2.10.0.1636 - LogMeIn, Inc.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.50.5 - ClientConnect LTD) <==== ATTENTION
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.16.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.0.197 - Stoneware, Inc.)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo Web Start (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Marble Blast Gold (HKLM-x32\...\Marble Blast Gold) (Version: - )
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.2.1.1000 - Maxthon International Limited)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
ROBLOX Player for Alan (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Alan (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Spotify (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Pokki_c84ed94178c62e6b7accc5a222a50f54957768f2) (Version: 1.1.0.48487 - Pokki)
Start Menu (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.800 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Alan\AppData\Local\Roblox\Versions\version-957ce0cc47814d39\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points =========================

27-11-2015 06:23:04 Scheduled Checkpoint
04-12-2015 15:44:20 Scheduled Checkpoint
08-12-2015 18:46:50 Windows Update
16-12-2015 08:29:59 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010D4E7D-A9F3-4C1E-9F9B-ED7DB36AC9F2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-17] (Microsoft Corporation)
Task: {02AF8016-C938-41E8-BA86-929F08E863C5} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1305158405-1857925567-3099767685-1001 => C:\Users\Alan\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-11-14] (Microsoft Corporation)
Task: {0BBE95E8-BF25-4E9A-97C4-9DD41FBFAA19} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {1B9AA0CE-B46F-4515-B994-F8618E6CC58A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1C6523D4-240B-49CC-86D4-A6F0FB4FD072} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-11-21] (Maxthon International ltd.)
Task: {1FCCC5E7-614B-4A69-B1DC-4D4DF8143244} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {2023826E-2058-4ABA-BAF7-0DE431001284} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {236C0C95-6668-4206-8FF9-37332E074449} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {2C9B8124-22E7-4CA7-9D55-6957C801D95F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {338A7E65-F195-4AF2-A639-686AAC180B1B} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {351876A8-982B-4EB2-9CBA-661F5A17B549} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {3BFCBC21-E7AD-4A31-9064-34801CE929A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {3D0D5E7F-9174-4FA5-BF5C-1B84EA7A2D62} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {738CAE93-4A08-4DBB-B55B-4E66590FD6EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {86A53A86-A2B4-479E-8719-45CE99607E89} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {9E1B6788-2785-4649-8A33-E6368353DF7B} - System32\Tasks\SweetLabs App Platform => C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-10-30] (Pokki)
Task: {A47E4D25-F661-4C1E-8080-D8042B3430D3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {AD68966F-294C-4EAE-A5FF-5A876DAA993E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AFC7AE72-451C-4163-8076-CF4DBF814E6E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {B7113429-E989-4A96-AAEC-57774F2492F1} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {C96873E4-F289-4C4D-9323-D92F1011C857} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {E4088686-D5B0-4214-A18A-32D12E85BFBB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {F499A0C8-E6A8-456C-B835-9F8770EC2164} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {F7E82A2A-A103-43D9-9C5A-9D5EAB1C386C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)
Task: {FCE61AF5-E7C3-49F6-9897-C3260674B7F9} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\Alan\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-21 18:36 - 2011-08-16 22:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-04-21 18:49 - 2013-05-14 13:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-27 01:51 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-21 18:36 - 2011-08-16 22:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-08-07 15:10 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-25 01:49 - 2015-10-25 01:49 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\0b2afd93fc0545b7b94339e8a4a7af97\Windows.UI.Xaml.ni.dll
2015-10-25 01:49 - 2015-10-25 01:49 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2015-09-29 18:25 - 2015-09-29 18:25 - 00548152 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2014-04-21 18:36 - 2011-05-17 15:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 18:59 - 2009-12-04 18:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 19:04 - 2009-12-04 19:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-08-08 18:48 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-04-21 18:36 - 2013-12-03 00:37 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-28 15:15 - 2015-04-28 15:15 - 00569856 _____ () C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 15:15 - 2015-04-28 15:15 - 01400846 _____ () C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2015-04-28 15:15 - 2015-04-28 15:15 - 00151054 _____ () C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2015-04-28 15:15 - 2015-04-28 15:15 - 00222734 _____ () C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2015-10-23 16:27 - 2015-10-23 16:27 - 21344952 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2015-09-30 15:47 - 2015-09-30 15:47 - 45080248 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{656DCDCC-B5F0-4C79-9E35-1A67A750185D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D52C89A4-E487-46B0-B33F-91666005BD7E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{97A4841D-9A03-49AC-9B66-942C79F98DFD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{8BCAB4B2-A03A-4B43-B33B-D8F60F0C4914}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F0AE0F23-3DE3-4E5F-B8F1-E45271C966F2}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{034C92CB-1025-4A7A-8D4A-5E721EFC7D41}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{4F42DF0E-034C-4934-9F95-E3F1DAB25C36}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{575C533A-A7DC-4DD0-BECC-AD7124350422}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{A42F97A4-8C8F-4855-8D2E-78B19968D44C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{7BA8727F-3B5B-40FE-B202-AD6B46AEC04F}] => (Allow) C:\Users\Alan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2E5F8B46-924D-4544-B665-643ED9B28907}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FEBAAC19-30A5-42DF-89BB-90A1786D2FF8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3DEAEDD7-E3A5-429B-A56D-D7FE208509FB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F92125B7-693C-475F-9A7A-074C42996083}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{377AE85C-217B-4569-A746-19E97C5284BF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{CCB08CC8-7630-4F2E-8967-3733D541892B}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{B06E54F9-EF55-472F-B0C6-10FBFC498775}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{6A4E7566-6EEB-4BB1-835B-5BEC4AC09D61}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{12B71BB5-121E-490D-9A6D-F05B62D654C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE48F51D-2C85-4659-81C3-CAFDE3AA4C34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5BD134E-A7D8-455C-8E2F-BE24AD144CA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{04BA2FC7-DE35-4F6D-8358-F000152C5C6F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{888F5271-51FB-480F-9346-155B59121AAE}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{A8538F59-63FC-42D2-ADB2-F37A7470D053}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{2EA926FC-168D-4029-9323-AEFFFD1A0DA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3F4B13F6-B13D-4B79-837E-DE5C964AF653}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4C2295B0-4B47-4FF5-9E26-E3E32B5F8AD1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{33914FF9-0A07-43A1-9002-FC7139198991}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{72ED7A12-ADF3-4A98-85AD-DD5EB38A1CA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5E130B04-0A65-4052-932F-2C7E5079F836}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{246B02B6-DE75-4F1E-BCAE-6DBFAF440DF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0FB3359F-BEEB-410B-A990-CAC023DF114F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{56B3EF96-E1E8-431F-BD84-2732D7314683}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{986CFCE0-F181-4581-A5F9-29C7533D7B49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{11E88703-3532-4209-9EA7-EC4C0C452419}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E0B0ECE1-3637-40BE-A3F3-EE102ED37741}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{F20706E3-33FC-4C76-8102-9CCFE033BEE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{59A085BB-E89E-4F5A-BF4C-51897783A4D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{48257AE3-5FED-4B64-8510-399C04763CCF}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{FBDB23DE-0A5E-4BEC-960D-5664C35AEBFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5ADF009-249A-4732-BB8A-68A50FC9F39C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFF97AB9-1A0F-415D-B3ED-267F7FB9CD51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{665BF454-135B-414F-8AEE-BE2B96FBDA96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71993C03-AEB2-4372-B156-27F8633A9610}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1E850B5F-00C7-40D9-8568-D1307DCC07B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{59D09EB2-8845-4814-B0F7-268DAED120E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{450BA8A0-C303-4B9C-9810-7784F29B0357}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D9868B56-D9E4-4CCE-885C-67244D0B16C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3D15FBB8-527D-43E4-9E88-948C696D2ADB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2015 02:36:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1aa8

Start Time: 01d139cab6fb2284

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: aa78c02b-a5be-11e5-82b4-c03fd57e9d21

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/18/2015 02:31:31 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/18/2015 02:26:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a68

Start Time: 01d139c94b295b38

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 3eb1376b-a5bd-11e5-82b4-c03fd57e9d21

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/18/2015 02:21:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60465437

Error: (12/18/2015 02:21:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60465437

Error: (12/18/2015 02:21:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/18/2015 02:21:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60464312

Error: (12/18/2015 02:21:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60464312

Error: (12/18/2015 02:21:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/18/2015 02:21:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60463172

System errors:
=============
Error: (12/17/2015 08:47:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053

Error: (12/17/2015 08:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053

Error: (12/17/2015 08:47:48 PM) (Source: DCOM) (EventID: 10010) (User: CASSELMAN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (12/17/2015 08:47:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (12/17/2015 08:47:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (12/17/2015 08:43:41 PM) (Source: DCOM) (EventID: 10010) (User: CASSELMAN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (12/17/2015 08:42:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (12/17/2015 08:42:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

==================== Memory info ===========================

Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 39%
Total physical RAM: 6058.37 MB
Available physical RAM: 3648.31 MB
Total Virtual: 7658.37 MB
Available Virtual: 4708.16 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:787.18 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 249F60AE)

Partition: GPT.

==================== End of Addition.txt ============================

#2
zep516

Posted 18 December 2015 - 04:52 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

I'll be with you shortly with further instructions.

#3
zep516

Posted 18 December 2015 - 05:11 PM

Trusted Helper

Malware Removal
8,093 posts

Please remove these programs from your uninstall programs list.

Amazon Browser App
CouponPrinterPlugin
Lenovo Browser Guard

Next
Download the enclosed

fixlist.txt 3.81KB 170 downloads file. Save it in the location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST64 is, (Fixlog.txt). Please post it to your reply.

Next
Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Next

Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.
In your next reply post;

Fixlog.txt
The AdwCleaner [SO].txt Log
The JRT.txt Log

#4
Cowson1

Posted 19 December 2015 - 11:10 AM

Member

Topic Starter
Member
24 posts

Thank you for your help and for the quick reply. I hope I have done everything correctly.

Fix result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by Alan (2015-12-19 09:43:28) Run:1
Running from C:\Users\Alan\Desktop
Loaded Profiles: Alan (Available Profiles: Alan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> DefaultScope {E2155B58-9709-48CD-96C7-502E27EA7A3F} URL = hxxp://search.whiteskyservices.com/?wstoken=55C5D325-23F3-43B5-8651-6DEC1E2B9F62&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {086A4A44-FF44-4451-8103-CEAB832594B6} URL = hxxp://www.bing.com/search?pc=conduit&ptag=A41171EDFAF7747F7B2F&form=CONADR&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {A935D83E-CFFC-11E4-827D-C03FD57E9D21} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {E2155B58-9709-48CD-96C7-502E27EA7A3F} URL = hxxp://search.whiteskyservices.com/?wstoken=55C5D325-23F3-43B5-8651-6DEC1E2B9F62&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323027&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=6&UP=SP9937CDEA-5E5E-4DC1-A041-A511492873F0&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323027&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=6&UP=SP9937CDEA-5E5E-4DC1-A041-A511492873F0&SSPV="
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\35AD.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\33D9.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\335B.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\331C.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\329E.tmp
2015-11-22 18:45 - 2015-11-22 18:45 - 00061059 _____ C:\Users\Alan\Downloads\31A3.tmp
2015-11-18 13:45 - 2015-11-18 13:45 - 00868320 _____ C:\Users\Alan\Downloads\proposal.zip
FF Plugin HKU\S-1-5-21-1305158405-1857925567-3099767685-1001: hopster.com/CouponPrinterPlugin -> C:\Users\Alan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
Task: {FCE61AF5-E7C3-49F6-9897-C3260674B7F9} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\Alan\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION
C:\Users\Alan\AppData\Local\Temp\LenovoExperienceImprovement.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{086A4A44-FF44-4451-8103-CEAB832594B6}" => key removed successfully
HKCR\CLSID\{086A4A44-FF44-4451-8103-CEAB832594B6} => key not found.
"HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}" => key removed successfully
HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => key not found.
"HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A935D83E-CFFC-11E4-827D-C03FD57E9D21}" => key removed successfully
HKCR\CLSID\{A935D83E-CFFC-11E4-827D-C03FD57E9D21} => key not found.
"HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2155B58-9709-48CD-96C7-502E27EA7A3F}" => key removed successfully
HKCR\CLSID\{E2155B58-9709-48CD-96C7-502E27EA7A3F} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
AntiLog32 => service removed successfully
C:\Users\Alan\Downloads\35AD.tmp => moved successfully
C:\Users\Alan\Downloads\33D9.tmp => moved successfully
C:\Users\Alan\Downloads\335B.tmp => moved successfully
C:\Users\Alan\Downloads\331C.tmp => moved successfully
C:\Users\Alan\Downloads\329E.tmp => moved successfully
C:\Users\Alan\Downloads\31A3.tmp => moved successfully
C:\Users\Alan\Downloads\proposal.zip => moved successfully
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\Software\MozillaPlugins\hopster.com/CouponPrinterPlugin => key not found.
C:\Users\Alan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCE61AF5-E7C3-49F6-9897-C3260674B7F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE61AF5-E7C3-49F6-9897-C3260674B7F9}" => key removed successfully
C:\windows\System32\Tasks\Lenovo\Experience Improvement => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Experience Improvement" => key removed successfully
"C:\Users\Alan\AppData\Local\Temp\LenovoExperienceImprovement.exe" => not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{B5F1947F-5F7F-4D22-B034-83AA333A1F59} canceled.
{CE5F6125-0037-4F2F-8CC5-AA80B933D082} canceled.
{F2D561A4-BD92-4148-BB31-C7C8972CE1F9} canceled.
{CE48B9B4-4778-4CCA-9264-9C740EF0E6B0} canceled.
4 out of 4 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 540.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 09:44:16 ====

# AdwCleaner v5.025 - Logfile created 19/12/2015 at 09:59:57
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Alan - CASSELMAN
# Running from : C:\Users\Alan\Desktop\adwcleaner_5.025.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CouponPrinterService
Service Found : YahooAUService

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Amazon\ABB
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh
Folder Found : C:\Users\Alan\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Alan\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Alan\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

File Found : C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by Alan (Administrator) on Sat 12/19/2015 at 10:10:00.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 5

Successfully deleted: C:\ProgramData\Start Menu\Programs\pc app store.lnk (Shortcut)
Successfully deleted: C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\pc app store.lnk (Shortcut)
Successfully deleted: C:\Users\Alan\Start Menu\Programs\pc app store.lnk (Shortcut)
Successfully deleted: C:\Users\Alan\Start Menu\Programs\pokki menu.lnk (Shortcut)
Successfully deleted: C:\windows\couponprinter.ocx (File)

Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0304051409696504mcinstcleanup (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/19/2015 at 10:12:02.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5
zep516

Posted 19 December 2015 - 01:04 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

RE: AdwCleaner

Run the "Clean" option if you have not done so, the posted log shows simply a scan was performed.

Then

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

#6
Cowson1

Posted 19 December 2015 - 04:35 PM

Member

Topic Starter
Member
24 posts

Ok. It looks like I posted the wrong Adwcleaner log earlier. I've posted what I believe is the correct one, followed by the mbam log. Thanks again.

# AdwCleaner v5.025 - Logfile created 19/12/2015 at 10:00:52
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Alan - CASSELMAN
# Running from : C:\Users\Alan\Desktop\adwcleaner_5.025.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService
[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Amazon\ABB
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh
[-] Folder Deleted : C:\Users\Alan\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Alan\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Alan\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_893e2a8f4b240ed6d7def79e56791067c96f41be
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_c84ed94178c62e6b7accc5a222a50f54957768f2
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6

***** [ Web browsers ] *****

[-] [C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : homepage-web.com
[-] [C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aoiidodopnnhiflaflbfeblnojefhigh
[-] [C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5104 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/19/2015
Scan Time: 5:12 PM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.19.05
Rootkit Database: v2015.12.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371675
Time Elapsed: 13 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [ac45f7af5a3182b459b31fe6eb19639d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\apppatch\apppatch64\SPVCLdr64.dll, Quarantined, [4da450560388bc7aef0a5ea638ccdb25],

Physical Sectors: 0
(No malicious items detected)

(end)

Edited by Cowson1, 19 December 2015 - 04:36 PM.

#7
zep516

Posted 19 December 2015 - 04:40 PM

Trusted Helper

Malware Removal
8,093 posts

Reset your Chrome browser settings
1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings,” click Reset settings.
5.In the dialog that appears, click Reset.

Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Does chrome work now ?

#8
Cowson1

Posted 19 December 2015 - 04:46 PM

Member

Topic Starter
Member
24 posts

I tried to uninstall to reinstall chrome a couple of weeks ago when having problems. But for some reason I wasn't having any luck. Now I don't know that chrome is on the pc...there is no icon or anything to click on to access it. Sorry. Just using explorer at the moment.

Edited by Cowson1, 19 December 2015 - 04:46 PM.

#9
zep516

Posted 19 December 2015 - 04:54 PM

Trusted Helper

Malware Removal
8,093 posts

How is the rest of the computer ? It looks like we got rid of all the adware,

If you want Chrome you can try reinstalling it from Here

Then run the computer for a while and let me know how things are.

#10
Cowson1

Posted 19 December 2015 - 04:55 PM

Member

Topic Starter
Member
24 posts

Ok. I have chrome. When I opened browser I got a couple of pop-ups.I reset the settings and seems ok now? I'll see how it goes for a bit and let you know.

Edited by Cowson1, 19 December 2015 - 04:56 PM.

#11
zep516

Posted 19 December 2015 - 05:04 PM

Trusted Helper

Malware Removal
8,093 posts

ok. Sounds good, if problems occur I'd want to to see another farber scan.

#12
Cowson1

Posted 20 December 2015 - 05:47 PM

Member

Topic Starter
Member
24 posts

Seems to be running fine but I am getting pop up that says "install FCPS extension for chrome". Not sure if this is normal or not.

Edited by Cowson1, 20 December 2015 - 09:32 PM.

#13
zep516

Posted 20 December 2015 - 05:52 PM

Trusted Helper

Malware Removal
8,093 posts

That would be the Chrome browser correct ?

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

#14
Cowson1

Posted 21 December 2015 - 04:26 PM

Member

Topic Starter
Member
24 posts

Ok thanks. Here are the files:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Alan (administrator) on CASSELMAN (21-12-2015 17:22:25)
Running from C:\Users\Alan\Desktop
Loaded Profiles: Alan (Available Profiles: Alan)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Pokki) C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Pokki) C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Pokki) C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013200 2015-12-10] (Valve Corporation)
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\RunOnce: [Application Restart #3] => C:\Users\Alan\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters).
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\RunOnce: [Application Restart #2] => C:\Users\Alan\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters).
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\MountPoints2: {b1ee5544-39b9-11e4-825f-c03fd57e9d21} - "D:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk [2014-09-02]
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Fast Connect.lnk [2015-10-17]
ShortcutTarget: Fast Connect.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D404DF7B-B4FF-441F-8D9D-E6F7362FCA00}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> DefaultScope {686516D7-97E6-45C1-B411-031273882DEE} URL = hxxp://search.whiteskyservices.com/?wstoken=55C5D325-23F3-43B5-8651-6DEC1E2B9F62&dtid=1&pid=21&src=sgsearch&v=1.15.929.1&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001 -> {686516D7-97E6-45C1-B411-031273882DEE} URL = hxxp://search.whiteskyservices.com/?wstoken=55C5D325-23F3-43B5-8651-6DEC1E2B9F62&dtid=1&pid=21&src=sgsearch&v=1.15.929.1&searchparam={SearchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-17] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.929.1\NativeBHO.dll [2015-09-29] (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1305158405-1857925567-3099767685-1001: @nsroblox.roblox.com/launcher -> C:\Users\Alan\AppData\Local\Roblox\Versions\version-957ce0cc47814d39\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1305158405-1857925567-3099767685-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Alan\AppData\Local\Roblox\Versions\version-957ce0cc47814d39\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-26] (Maxthon)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20151218.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20151220.001\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20151220.001\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-20] (Realtek Semiconductor Corporation )
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-21 17:22 - 2015-12-21 17:22 - 00000000 ____D C:\Users\Alan\Desktop\FRST-OlderVersion
2015-12-19 17:31 - 2015-12-19 17:31 - 00001319 _____ C:\Users\Alan\Desktop\mbamlog.txt
2015-12-19 17:11 - 2015-12-19 17:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-19 17:11 - 2015-12-19 17:11 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-19 17:11 - 2015-12-19 17:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-19 17:11 - 2015-12-19 17:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-19 17:11 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-19 17:11 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-19 17:11 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-19 17:09 - 2015-12-19 17:09 - 22908888 _____ (Malwarebytes ) C:\Users\Alan\Desktop\mbam-setup-2.2.0.1024.exe
2015-12-19 12:04 - 2015-12-19 12:04 - 00002410 _____ C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-12-19 12:04 - 2015-12-19 12:04 - 00002256 _____ C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-12-19 10:12 - 2015-12-19 10:12 - 00001118 _____ C:\Users\Alan\Desktop\JRT.txt
2015-12-19 10:05 - 2015-12-19 10:05 - 01599336 _____ (Malwarebytes) C:\Users\Alan\Desktop\JRT.exe
2015-12-19 09:59 - 2015-12-19 16:55 - 00000000 ____D C:\AdwCleaner
2015-12-19 09:58 - 2015-12-19 09:58 - 01740288 _____ C:\Users\Alan\Desktop\adwcleaner_5.025.exe
2015-12-19 09:43 - 2015-12-19 09:44 - 00010843 _____ C:\Users\Alan\Desktop\Fixlog.txt
2015-12-18 14:58 - 2015-12-21 17:22 - 00023232 _____ C:\Users\Alan\Desktop\FRST.txt
2015-12-18 14:58 - 2015-12-18 14:59 - 00034716 _____ C:\Users\Alan\Desktop\Addition.txt
2015-12-18 14:57 - 2015-12-21 17:22 - 00000000 ____D C:\FRST
2015-12-18 14:56 - 2015-12-21 17:22 - 02370560 _____ (Farbar) C:\Users\Alan\Desktop\FRST64.exe
2015-12-17 14:44 - 2015-12-17 14:44 - 00001123 _____ C:\Users\Alan\Desktop\nativelog.txt
2015-12-12 18:35 - 2015-12-12 18:35 - 00000219 _____ C:\Users\Alan\Desktop\Counter-Strike Global Offensive.url
2015-12-08 18:28 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-08 18:28 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-08 18:28 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-08 18:28 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-08 18:28 - 2015-11-09 18:41 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-12-08 18:28 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-08 18:28 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-08 18:28 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-08 18:28 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-08 18:28 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-08 18:28 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-08 18:28 - 2015-11-08 16:25 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-12-08 18:28 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-08 18:28 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-08 18:28 - 2015-11-05 03:59 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-08 18:27 - 2015-11-22 01:59 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-12-08 18:27 - 2015-11-22 01:59 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-12-08 18:27 - 2015-11-22 01:59 - 01659568 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-12-08 18:27 - 2015-11-22 01:59 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-12-08 18:27 - 2015-11-22 01:59 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-12-08 18:27 - 2015-11-22 01:59 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-12-08 18:27 - 2015-11-22 01:58 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-12-08 18:27 - 2015-11-21 13:32 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-12-08 18:27 - 2015-11-21 12:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-12-08 18:27 - 2015-11-21 11:59 - 01706496 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-08 18:27 - 2015-11-21 11:49 - 01344000 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-08 18:27 - 2015-11-21 11:47 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-08 18:27 - 2015-11-21 11:40 - 00414208 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-08 18:27 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-08 18:27 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-08 18:27 - 2015-11-11 10:44 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-12-08 18:27 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-08 18:27 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-08 18:27 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-08 18:27 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-08 18:27 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-08 18:27 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-08 18:27 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-08 18:27 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-08 18:27 - 2015-11-09 18:36 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-08 18:27 - 2015-11-09 18:25 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-12-08 18:27 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-08 18:27 - 2015-11-08 19:41 - 01540728 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-08 18:27 - 2015-11-08 17:30 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-08 18:27 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-08 18:27 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-08 18:27 - 2015-11-08 16:32 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-12-08 18:27 - 2015-11-08 16:23 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-08 18:27 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-08 18:27 - 2015-11-08 16:16 - 00372224 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-08 18:27 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-08 18:27 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-08 18:27 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-08 18:27 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-08 18:27 - 2015-11-08 16:13 - 01383936 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-08 18:27 - 2015-11-08 16:01 - 01753600 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2015-12-08 18:27 - 2015-11-08 15:53 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-12-08 18:27 - 2015-11-08 15:52 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-08 18:27 - 2015-11-08 15:48 - 01376256 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-08 18:27 - 2015-11-08 15:42 - 01490944 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2015-12-08 18:27 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-08 18:27 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2015-12-08 18:27 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZST.DLL
2015-12-08 18:27 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2015-12-08 18:27 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2015-12-08 18:27 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2015-12-08 18:27 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZST.DLL
2015-12-08 18:27 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2015-12-08 18:27 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2015-12-08 18:27 - 2015-10-22 11:21 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2015-12-08 18:27 - 2015-10-22 11:21 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2015-12-08 18:27 - 2015-10-22 10:58 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2015-12-08 18:27 - 2015-10-22 10:58 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2015-12-08 18:27 - 2015-10-22 09:08 - 00513456 _____ C:\windows\SysWOW64\locale.nls
2015-12-08 18:27 - 2015-10-22 09:08 - 00513456 _____ C:\windows\system32\locale.nls
2015-12-08 18:27 - 2015-10-10 12:20 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2015-12-08 18:27 - 2015-10-03 14:41 - 01385280 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-12-08 18:27 - 2015-10-03 14:41 - 01124384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-12-08 18:26 - 2015-11-20 17:47 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-08 18:26 - 2015-11-20 13:18 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-08 18:26 - 2015-11-20 11:58 - 03706880 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-08 18:26 - 2015-11-20 11:47 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-08 18:26 - 2015-11-20 11:46 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-08 18:26 - 2015-11-20 11:44 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-12-08 18:26 - 2015-11-20 11:44 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-08 18:26 - 2015-11-20 11:43 - 00897024 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-08 18:26 - 2015-11-20 11:42 - 02243584 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-08 18:26 - 2015-11-20 11:30 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-08 18:26 - 2015-11-20 11:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-08 18:26 - 2015-11-20 11:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-08 18:26 - 2015-11-20 11:27 - 00726528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-08 18:26 - 2015-10-28 10:49 - 02775552 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-12-08 18:26 - 2015-10-28 10:29 - 02462720 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-12-08 18:26 - 2015-10-11 01:34 - 00468824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2015-12-08 18:26 - 2015-10-11 01:34 - 00462168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2015-12-08 18:26 - 2015-10-11 01:34 - 00443224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2015-12-08 18:26 - 2015-10-11 01:34 - 00092504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2015-12-08 18:26 - 2015-10-11 01:34 - 00027992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2015-12-08 18:26 - 2015-10-10 13:41 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2015-12-08 18:26 - 2015-10-10 13:41 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2015-12-08 18:26 - 2015-10-08 11:11 - 00060928 _____ (Microsoft Corporation) C:\windows\system32\PCPKsp.dll
2015-12-08 18:26 - 2015-10-08 10:50 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPKsp.dll
2015-12-08 18:26 - 2015-10-05 13:28 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\wininit.exe
2015-12-08 18:26 - 2015-10-05 13:25 - 00572928 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-12-05 18:00 - 2015-12-06 21:40 - 00121168 _____ C:\Users\Alan\Documents\Presentation1.pptx
2015-12-01 18:44 - 2015-12-01 18:44 - 00000000 ____D C:\windows\System32\Tasks\Norton 360
2015-12-01 18:38 - 2015-12-01 18:38 - 00003228 _____ C:\windows\System32\Tasks\Norton WSC Integration
2015-12-01 18:30 - 2015-12-01 18:30 - 00271589 _____ C:\Users\Alan\Documents\frozen_power_point.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-21 14:06 - 2014-09-02 15:07 - 00000000 ____D C:\Users\Alan\AppData\Roaming\ID Vault
2015-12-21 14:04 - 2014-08-03 18:56 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DE19AB62-3E84-43C7-86C1-8A2913B34B13}
2015-12-20 19:31 - 2014-08-03 18:48 - 00000000 ____D C:\Users\Alan\AppData\Local\SweetLabs App Platform
2015-12-20 13:45 - 2014-09-02 15:07 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2015-12-20 03:52 - 2014-08-04 20:56 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-19 18:25 - 2014-08-18 16:40 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-19 18:16 - 2015-04-08 16:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-19 17:31 - 2013-08-31 10:40 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-19 17:31 - 2013-08-22 08:36 - 00000000 ____D C:\windows\Inf
2015-12-19 17:30 - 2015-07-31 11:46 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2015-12-19 17:27 - 2014-08-18 16:40 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-19 17:27 - 2014-08-03 18:51 - 00000000 ___DO C:\Users\Alan\SkyDrive
2015-12-19 17:27 - 2013-08-22 10:36 - 00000000 ____D C:\windows\IME
2015-12-19 17:27 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-19 12:14 - 2014-08-03 18:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1305158405-1857925567-3099767685-1001
2015-12-19 10:10 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-19 10:04 - 2015-10-30 14:03 - 00003304 _____ C:\windows\System32\Tasks\SweetLabs App Platform
2015-12-19 10:01 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-12-19 10:00 - 2014-08-08 18:48 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Yahoo!
2015-12-19 10:00 - 2014-08-08 18:48 - 00000000 ____D C:\Users\Alan\AppData\LocalLow\Yahoo!
2015-12-19 10:00 - 2014-08-08 18:39 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-12-19 10:00 - 2014-04-21 18:46 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-12-19 09:43 - 2014-04-21 18:50 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-12-18 18:37 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-12-18 18:36 - 2015-04-18 02:30 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-12-18 18:36 - 2015-04-18 02:30 - 00000000 ___SD C:\windows\system32\GWX
2015-12-18 18:02 - 2015-05-14 02:28 - 00000000 ___RD C:\Users\Alan\OneDrive
2015-12-18 18:02 - 2014-08-22 10:51 - 00003096 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1305158405-1857925567-3099767685-1001
2015-12-18 17:39 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-12-18 14:38 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-12-17 21:07 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-17 21:06 - 2014-08-03 19:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-17 20:53 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-12-17 20:52 - 2013-08-22 09:44 - 00502456 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-17 20:51 - 2014-08-30 19:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-17 20:51 - 2014-08-30 19:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-17 16:25 - 2015-05-08 16:30 - 00000000 ____D C:\Users\Alan\AppData\Roaming\.minecraft
2015-12-17 14:43 - 2015-05-08 16:27 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-12-13 15:31 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2015-12-12 19:17 - 2015-02-22 19:34 - 00000000 ____D C:\Users\Alan\AppData\Local\CrashDumps
2015-12-08 20:44 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-08 18:59 - 2014-09-14 12:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 18:59 - 2014-08-30 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 18:54 - 2014-08-03 19:31 - 00000000 ____D C:\windows\system32\MRT
2015-12-08 18:52 - 2014-08-04 20:56 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 18:50 - 2014-08-03 19:31 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-08 18:14 - 2014-08-03 18:48 - 00000000 ____D C:\Users\Alan
2015-12-05 04:11 - 2013-08-31 11:36 - 00000000 ____D C:\windows\Panther
2015-12-04 16:20 - 2014-08-18 16:40 - 00003898 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 16:20 - 2014-08-18 16:40 - 00003662 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 16:09 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-03 18:36 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-12-01 18:39 - 2014-09-02 15:08 - 00000000 ____D C:\Users\Alan\AppData\Local\ID Vault
2015-12-01 18:38 - 2015-08-16 03:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-12-01 18:38 - 2014-09-02 17:26 - 00002389 _____ C:\Users\Public\Desktop\Norton Security Suite.LNK
2015-12-01 18:38 - 2014-09-02 17:26 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2015-12-01 12:19 - 2015-03-11 09:14 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 12:19 - 2015-03-11 09:14 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-01 00:52 - 2014-04-21 18:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-01 00:52 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-29 23:13 - 2015-11-14 20:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2014-04-21 18:35 - 2014-04-21 18:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-26 18:20 - 2015-01-26 18:21 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\oct608B.tmp.exe
C:\Users\Alan\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-15 02:59

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Alan (2015-12-21 17:22:51)
Running from C:\Users\Alan\Desktop
Windows 8.1 (X64) (2014-08-03 23:48:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1305158405-1857925567-3099767685-500 - Administrator - Disabled)
Alan (S-1-5-21-1305158405-1857925567-3099767685-1001 - Administrator - Enabled) => C:\Users\Alan
Guest (S-1-5-21-1305158405-1857925567-3099767685-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.929.1 - White Sky)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
join.me (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\JoinMe) (Version: 2.10.0.1636 - LogMeIn, Inc.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.16.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.0.197 - Stoneware, Inc.)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marble Blast Gold (HKLM-x32\...\Marble Blast Gold) (Version: - )
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.2.1.1000 - Maxthon International Limited)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
Pokki (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\SweetLabs_AP) (Version: 0.269.7.802 - Pokki)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
ROBLOX Player for Alan (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Alan (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Start Menu (HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.800 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1305158405-1857925567-3099767685-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Alan\AppData\Local\Roblox\Versions\version-957ce0cc47814d39\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points =========================

27-11-2015 06:23:04 Scheduled Checkpoint
04-12-2015 15:44:20 Scheduled Checkpoint
08-12-2015 18:46:50 Windows Update
16-12-2015 08:29:59 Scheduled Checkpoint
19-12-2015 09:31:57 Removed Amazon Browser App
19-12-2015 09:43:34 Restore Point Created by FRST
19-12-2015 10:10:03 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-12-19 09:43 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010D4E7D-A9F3-4C1E-9F9B-ED7DB36AC9F2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-17] (Microsoft Corporation)
Task: {0BBE95E8-BF25-4E9A-97C4-9DD41FBFAA19} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {1B9AA0CE-B46F-4515-B994-F8618E6CC58A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1C6523D4-240B-49CC-86D4-A6F0FB4FD072} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-11-21] (Maxthon International ltd.)
Task: {1FCCC5E7-614B-4A69-B1DC-4D4DF8143244} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {236C0C95-6668-4206-8FF9-37332E074449} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {256DD8F2-AF93-4BA1-AC34-394BB20DA0E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {2C9B8124-22E7-4CA7-9D55-6957C801D95F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {338A7E65-F195-4AF2-A639-686AAC180B1B} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {351876A8-982B-4EB2-9CBA-661F5A17B549} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {3BFCBC21-E7AD-4A31-9064-34801CE929A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {3D0D5E7F-9174-4FA5-BF5C-1B84EA7A2D62} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {4B8E138D-168F-4032-8B5B-CBA4459F538C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1305158405-1857925567-3099767685-1001 => C:\Users\Alan\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-18] (Microsoft Corporation)
Task: {708F8571-1DF6-41DB-A233-4556786101F4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {738CAE93-4A08-4DBB-B55B-4E66590FD6EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {86A53A86-A2B4-479E-8719-45CE99607E89} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {9C316845-688B-43FD-8F23-ED3FF273A73B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {A47E4D25-F661-4C1E-8080-D8042B3430D3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {AD68966F-294C-4EAE-A5FF-5A876DAA993E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AFC7AE72-451C-4163-8076-CF4DBF814E6E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {B2F24058-D006-4024-AAC3-E6115EE5777F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {B7113429-E989-4A96-AAEC-57774F2492F1} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {C96873E4-F289-4C4D-9323-D92F1011C857} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {CDE18FAD-FEA4-4745-8298-34CD3CD70258} - System32\Tasks\SweetLabs App Platform => C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-10-30] (Pokki)
Task: {F499A0C8-E6A8-456C-B835-9F8770EC2164} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {F7E82A2A-A103-43D9-9C5A-9D5EAB1C386C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-07 15:10 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-27 01:51 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-21 18:36 - 2011-08-16 22:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-04-21 18:49 - 2013-05-14 13:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-04-21 18:36 - 2011-08-16 22:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2015-10-25 01:49 - 2015-10-25 01:49 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\0b2afd93fc0545b7b94339e8a4a7af97\Windows.UI.Xaml.ni.dll
2015-10-25 01:49 - 2015-10-25 01:49 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2015-09-29 18:25 - 2015-09-29 18:25 - 00548152 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2014-11-21 18:26 - 2014-11-21 18:26 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-04-21 18:36 - 2011-05-17 15:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 18:59 - 2009-12-04 18:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 19:04 - 2009-12-04 19:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-08-08 18:48 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-04-28 15:15 - 2015-04-28 15:15 - 00569856 _____ () C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 15:15 - 2015-04-28 15:15 - 01400846 _____ () C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2015-04-28 15:15 - 2015-04-28 15:15 - 00151054 _____ () C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2015-04-28 15:15 - 2015-04-28 15:15 - 00222734 _____ () C:\Users\Alan\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2014-04-21 18:36 - 2013-12-03 00:37 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-12-17 21:31 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 21:31 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1305158405-1857925567-3099767685-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{656DCDCC-B5F0-4C79-9E35-1A67A750185D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D52C89A4-E487-46B0-B33F-91666005BD7E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{97A4841D-9A03-49AC-9B66-942C79F98DFD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{8BCAB4B2-A03A-4B43-B33B-D8F60F0C4914}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F0AE0F23-3DE3-4E5F-B8F1-E45271C966F2}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{034C92CB-1025-4A7A-8D4A-5E721EFC7D41}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{4F42DF0E-034C-4934-9F95-E3F1DAB25C36}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{575C533A-A7DC-4DD0-BECC-AD7124350422}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{A42F97A4-8C8F-4855-8D2E-78B19968D44C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{7BA8727F-3B5B-40FE-B202-AD6B46AEC04F}] => (Allow) C:\Users\Alan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2E5F8B46-924D-4544-B665-643ED9B28907}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FEBAAC19-30A5-42DF-89BB-90A1786D2FF8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3DEAEDD7-E3A5-429B-A56D-D7FE208509FB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F92125B7-693C-475F-9A7A-074C42996083}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{377AE85C-217B-4569-A746-19E97C5284BF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{CCB08CC8-7630-4F2E-8967-3733D541892B}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{B06E54F9-EF55-472F-B0C6-10FBFC498775}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{6A4E7566-6EEB-4BB1-835B-5BEC4AC09D61}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{12B71BB5-121E-490D-9A6D-F05B62D654C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE48F51D-2C85-4659-81C3-CAFDE3AA4C34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5BD134E-A7D8-455C-8E2F-BE24AD144CA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{04BA2FC7-DE35-4F6D-8358-F000152C5C6F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{888F5271-51FB-480F-9346-155B59121AAE}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{A8538F59-63FC-42D2-ADB2-F37A7470D053}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{2EA926FC-168D-4029-9323-AEFFFD1A0DA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3F4B13F6-B13D-4B79-837E-DE5C964AF653}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4C2295B0-4B47-4FF5-9E26-E3E32B5F8AD1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{33914FF9-0A07-43A1-9002-FC7139198991}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{72ED7A12-ADF3-4A98-85AD-DD5EB38A1CA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5E130B04-0A65-4052-932F-2C7E5079F836}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{246B02B6-DE75-4F1E-BCAE-6DBFAF440DF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0FB3359F-BEEB-410B-A990-CAC023DF114F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{56B3EF96-E1E8-431F-BD84-2732D7314683}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{986CFCE0-F181-4581-A5F9-29C7533D7B49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{11E88703-3532-4209-9EA7-EC4C0C452419}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E0B0ECE1-3637-40BE-A3F3-EE102ED37741}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{F20706E3-33FC-4C76-8102-9CCFE033BEE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{59A085BB-E89E-4F5A-BF4C-51897783A4D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{48257AE3-5FED-4B64-8510-399C04763CCF}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{FBDB23DE-0A5E-4BEC-960D-5664C35AEBFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5ADF009-249A-4732-BB8A-68A50FC9F39C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFF97AB9-1A0F-415D-B3ED-267F7FB9CD51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{665BF454-135B-414F-8AEE-BE2B96FBDA96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71993C03-AEB2-4372-B156-27F8633A9610}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1E850B5F-00C7-40D9-8568-D1307DCC07B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{59D09EB2-8845-4814-B0F7-268DAED120E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{450BA8A0-C303-4B9C-9810-7784F29B0357}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D9868B56-D9E4-4CCE-885C-67244D0B16C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3D15FBB8-527D-43E4-9E88-948C696D2ADB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2015 05:21:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10389796

Error: (12/21/2015 05:21:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10389796

Error: (12/21/2015 05:21:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2015 05:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10388609

Error: (12/21/2015 05:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10388609

Error: (12/21/2015 05:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2015 02:28:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2265

Error: (12/21/2015 02:28:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2265

Error: (12/21/2015 02:28:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/21/2015 02:28:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

System errors:
=============
Error: (12/21/2015 05:24:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (12/21/2015 05:22:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

==================== Memory info ===========================

Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 25%
Total physical RAM: 6058.37 MB
Available physical RAM: 4489.68 MB
Total Virtual: 7658.37 MB
Available Virtual: 4383.25 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:785.17 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 249F60AE)

Partition: GPT.

==================== End of Addition.txt ============================

#15
zep516

Posted 21 December 2015 - 04:42 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Everything looks ok.

RE: Browser issue
FCPS Extension

That's a direct result of this entry below:
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

Constant Guard Protection is offered to you from Comcast / Xfinity I don't see a problem with it, but I will check it out a bit more.

http://customer.xfin...constant-guard/