Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Constant Web popups - Slow Computer (Kilp Pal?) [Solved]


  • This topic is locked This topic is locked
18 replies to this topic

#1 paudusd

paudusd

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 01 December 2014 - 09:30 AM

My computer has constant web pop ups when I'm browsing the internet (using any browser) new popup ads come up in new windows just about every time I click (Whether on a link or not).  and my computer is also running really slow..

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-27 22:04:18
-----------------------------
22:04:18.764    OS Version: Windows x64 6.2.9200 
22:04:18.764    Number of processors: 4 586 0x1301
22:04:18.764    ComputerName: CHRISTI-LAPTOP  UserName: cpaulson12
22:06:00.756    Initialize success
22:06:00.862    VM: initialized successfully
22:06:00.863    VM: Amd CPU BiosDisabled 
22:06:55.172    AVAST engine defs: 14112701
22:09:29.495    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000029
22:09:29.498    Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR20002 Size: 953869MB BusType: 11
22:09:29.716    Disk 0 MBR read successfully
22:09:29.721    Disk 0 MBR scan
22:09:29.734    Disk 0 unknown MBR code
22:09:29.741    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
22:09:29.832    Disk 0 scanning C:\windows\system32\drivers
22:09:57.096    Service scanning
22:10:33.804    Modules scanning
22:10:33.810    Disk 0 trace - called modules:
22:10:33.828    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
22:10:33.837    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0009b46b460]
22:10:33.844    3 CLASSPNP.SYS[fffff8006466727b] -> nt!IofCallDriver -> [0xffffe0009b28e610]
22:10:33.848    5 amd_xata.sys[fffff80063d2a594] -> nt!IofCallDriver -> \Device\00000029[0xffffe0009b2fa4a0]
22:10:48.118    AVAST engine scan C:\windows
22:11:36.593    AVAST engine scan C:\windows\system32
22:18:28.599    AVAST engine scan C:\windows\system32\drivers
22:21:20.407    AVAST engine scan C:\Users\cpaulson12
05:13:20.739    AVAST engine scan C:\ProgramData
05:19:26.644    Disk 0 statistics 5068239/0/0 @ 0.96 MB/s
05:19:26.679    Scan finished successfully
05:20:30.536    Disk 0 MBR has been saved successfully to "C:\Users\cpaulson12\Desktop\COMP FIX\FILES\MBR.dat"
05:20:30.543    The log file has been saved successfully to "C:\Users\cpaulson12\Desktop\COMP FIX\FILES\aswMBR.txt"
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by cpaulson12 (administrator) on CHRISTI-LAPTOP on 27-11-2014 21:46:15
Running from C:\Users\cpaulson12\Desktop\COMP FIX
Loaded Profile: cpaulson12 (Available profiles: cpaulson12)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pokki) C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\cpaulson12\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(AVAST Software) C:\Users\cpaulson12\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #3] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #1] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = http://www.bing.com/...=IE11TR&pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = http://www.bing.com/...=IE11TR&pc=LCJB
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = http://www.bing.com/...=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = http://www.bing.com/...=IE11TR&pc=LCJB
SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {25C7EB70-989E-42E1-AF40-DBBE6D958EAC} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A74F766D-718E-4A04-A80F-7ADAB7E811B6} URL = http://search.yahoo....petb&type=10741
SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
Toolbar: HKLM-x32 - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport.dll No File
Toolbar: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A7F7E4CA-068A-4E43-8A44-69A72B3FD351}: [NameServer] 75.75.75.75,75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default
FF NewTab: file:///C:\\Users\\cpaulson12\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm
FF DefaultSearchEngine: FindWide
FF SelectedSearchEngine: Groovorio
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
FF user.js: detected! => C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\user.js
FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\idvaultaddon@whitesky [2014-10-25]
FF Extension: TicTaCaoiupon - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\n@HZ.com [2014-10-21]
FF Extension: No Name - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\temp [2014-07-09]
FF Extension: SSAlEsCheccker - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\tU@f.org [2014-09-28]
FF Extension: surfkeepit - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\Y@rgeb.com [2014-11-06]
FF Extension: RooyalShoppeRAApp - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\yoe.93h7@qrxs-.edu [2014-09-08]
FF Extension: shoppndruop - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\ysi9gtz@qbd-ii.net [2014-09-07]
FF Extension: LuckyCoupon - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\zeN@L.net [2014-11-13]
FF Extension: FindWide Toolbar - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\toolbar10741@findwide.com.xpi [2014-08-03]
FF HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09]
CHR Extension: (Google Drive) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
CHR Extension: (YouTube) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09]
CHR Extension: (Google Search) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09]
CHR Extension: (Full Screen) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-19]
CHR Extension: (Savings com DealFinder) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap [2014-11-13]
CHR Extension: (Chromium Updater) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmicnfbmcjhlbdohdmdhfjlbigkcddl [2014-08-26]
CHR Extension: (surfkeepit) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\igoblnhahmknebfjlklmcgjmjolkfblo [2014-11-06]
CHR Extension: (Ask the Gooru) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffimodjajkloehmbfgeiclolgbebec [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09]
CHR Extension: (Shut Up) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfoejikkmejobodofaimigojomlfim [2014-09-28]
CHR Extension: (Rotten Tomato) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\peokdhcembipiholieikfdloegjagplb [2014-08-26]
CHR Extension: (Gmail) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09]
CHR Extension: (Klip Pal) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkoehejbnbinjafeopgalokcmjdgkkhe [2014-10-01]
CHR Extension: (Beautify for Trello) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmoihbfiilgkkgcogbblhhanjjaocil [2014-09-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3475912 2014-08-03] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-15] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
U3 aswMBR; \??\C:\Users\CPAULS~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\CPAULS~1\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-27 21:45 - 2014-11-27 21:46 - 00000000 ____D () C:\FRST
2014-11-27 21:43 - 2014-11-27 21:43 - 02117632 _____ (Farbar) C:\Users\cpaulson12\Downloads\FRST64 (1).exe
2014-11-27 21:35 - 2014-11-27 21:46 - 00000000 ____D () C:\Users\cpaulson12\Desktop\COMP FIX
2014-11-27 21:35 - 2014-11-27 21:35 - 05198336 _____ (AVAST Software) C:\Users\cpaulson12\Desktop\aswMBR.exe
2014-11-27 21:18 - 2014-11-27 21:18 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Zemana
2014-11-22 16:30 - 2014-11-20 14:51 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-22 16:30 - 2014-11-20 14:51 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-22 12:54 - 2014-09-27 01:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2014-11-22 12:54 - 2014-09-26 23:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2014-11-22 12:54 - 2014-09-26 21:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-22 12:54 - 2014-09-26 21:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-11-22 12:54 - 2014-09-26 21:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-22 12:53 - 2014-10-18 03:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-11-22 12:53 - 2014-10-18 02:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-11-22 12:53 - 2014-10-18 02:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-11-22 12:53 - 2014-10-18 01:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-11-22 12:53 - 2014-10-18 00:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-11-22 12:53 - 2014-10-18 00:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-11-22 12:53 - 2014-10-18 00:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-11-22 12:53 - 2014-10-18 00:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-11-22 12:53 - 2014-10-18 00:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-11-22 12:53 - 2014-10-18 00:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-11-22 12:53 - 2014-10-18 00:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-11-22 12:53 - 2014-10-18 00:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-11-22 12:53 - 2014-10-18 00:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-11-22 12:53 - 2014-10-18 00:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-11-22 12:53 - 2014-10-18 00:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-11-22 12:53 - 2014-10-18 00:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-11-22 12:53 - 2014-10-17 01:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-22 12:53 - 2014-10-17 00:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-22 12:53 - 2014-10-12 20:33 - 00116032 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-11-22 12:53 - 2014-10-10 18:58 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-22 12:53 - 2014-10-10 18:53 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-22 12:53 - 2014-10-09 19:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-22 12:53 - 2014-10-09 19:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-11-22 12:53 - 2014-10-09 19:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-11-22 12:53 - 2014-10-08 01:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-22 12:53 - 2014-10-08 01:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-22 12:53 - 2014-10-08 01:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-11-22 12:53 - 2014-10-08 01:30 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-11-22 12:53 - 2014-10-08 01:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
2014-11-22 12:53 - 2014-10-08 01:09 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-11-22 12:53 - 2014-10-08 00:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2014-11-22 12:53 - 2014-10-08 00:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-22 12:53 - 2014-10-08 00:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-22 12:53 - 2014-10-08 00:27 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-11-22 12:53 - 2014-10-08 00:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2014-11-22 12:53 - 2014-10-08 00:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-22 12:53 - 2014-10-07 23:32 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-11-22 12:53 - 2014-10-07 23:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-11-22 12:53 - 2014-10-07 23:19 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-11-22 12:52 - 2014-09-21 22:38 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-11-22 12:52 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-11-22 12:52 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2014-11-22 12:52 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-11-22 12:52 - 2014-09-18 18:16 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-11-22 12:52 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
2014-11-22 12:52 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
2014-11-22 12:51 - 2014-10-30 23:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-22 12:51 - 2014-10-30 21:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-22 12:49 - 2014-10-30 23:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-22 12:49 - 2014-10-30 23:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-22 12:49 - 2014-10-30 22:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-22 12:49 - 2014-10-30 22:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2014-11-22 12:49 - 2014-10-30 22:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-22 12:49 - 2014-10-30 22:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-22 12:49 - 2014-10-30 22:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-22 12:49 - 2014-10-30 22:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-22 12:49 - 2014-10-30 22:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-22 12:49 - 2014-10-30 22:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2014-11-22 12:49 - 2014-10-30 22:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-11-22 12:49 - 2014-10-30 22:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-22 12:49 - 2014-10-30 22:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-22 12:49 - 2014-10-30 22:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-22 12:49 - 2014-10-30 21:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-22 12:49 - 2014-10-30 21:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-22 12:49 - 2014-10-30 21:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-11-22 12:49 - 2014-10-30 21:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-22 12:49 - 2014-10-30 21:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-22 12:49 - 2014-10-30 21:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-11-22 12:49 - 2014-10-30 21:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-22 12:49 - 2014-10-30 21:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-22 12:49 - 2014-10-30 21:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-22 12:49 - 2014-10-30 21:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2014-11-22 12:49 - 2014-10-30 21:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-22 12:49 - 2014-10-30 21:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-22 12:49 - 2014-10-30 21:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-22 12:49 - 2014-10-30 20:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-22 12:49 - 2014-10-30 20:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-22 12:49 - 2014-10-30 20:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2014-11-22 12:49 - 2014-10-30 20:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-11-22 12:49 - 2014-10-30 20:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-22 12:49 - 2014-10-30 20:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-22 12:49 - 2014-10-30 20:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-22 12:49 - 2014-10-30 20:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-22 12:49 - 2014-10-30 20:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-22 12:49 - 2014-10-30 20:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-22 12:49 - 2014-10-30 20:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-22 12:48 - 2014-10-30 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-11-22 12:48 - 2014-10-30 23:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-11-22 12:48 - 2014-10-30 23:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-11-22 12:48 - 2014-10-30 23:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-11-22 12:48 - 2014-10-30 23:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-11-22 12:48 - 2014-10-30 23:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-11-22 12:48 - 2014-10-30 23:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-22 12:48 - 2014-10-30 23:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-22 12:48 - 2014-10-30 23:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-11-22 12:48 - 2014-10-30 23:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-22 12:48 - 2014-10-30 22:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-22 12:48 - 2014-10-30 22:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-22 12:48 - 2014-10-30 22:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-11-22 12:48 - 2014-10-30 22:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-22 12:48 - 2014-10-30 22:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-22 12:48 - 2014-10-30 22:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-11-22 12:48 - 2014-10-30 22:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 12:48 - 2014-10-30 22:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-11-22 12:48 - 2014-10-30 22:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-11-22 12:48 - 2014-10-30 22:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-11-22 12:48 - 2014-10-30 22:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-22 12:48 - 2014-10-30 22:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-22 12:48 - 2014-10-30 22:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-11-22 12:48 - 2014-10-30 22:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-11-22 12:48 - 2014-10-30 22:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-11-22 12:48 - 2014-10-30 22:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-22 12:48 - 2014-10-30 21:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-11-22 12:48 - 2014-10-30 21:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-11-22 12:48 - 2014-10-30 21:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-11-22 12:48 - 2014-10-30 21:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-11-22 12:48 - 2014-10-30 21:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-11-22 12:48 - 2014-10-30 21:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-11-22 12:48 - 2014-10-30 21:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-11-22 12:48 - 2014-10-30 21:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-22 12:48 - 2014-10-30 21:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-22 12:48 - 2014-10-30 21:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-22 12:48 - 2014-10-30 21:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-22 12:48 - 2014-10-30 21:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-22 12:48 - 2014-10-30 21:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-11-22 12:48 - 2014-10-30 21:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-22 12:48 - 2014-10-30 21:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-11-22 12:48 - 2014-10-30 20:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-22 12:48 - 2014-10-30 20:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-11-22 12:48 - 2014-10-30 20:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-11-22 12:48 - 2014-10-30 20:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-11-22 12:48 - 2014-10-30 20:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-22 12:48 - 2014-10-30 20:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-11-22 12:48 - 2014-10-30 20:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-22 12:48 - 2014-10-30 20:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-11-22 12:48 - 2014-10-30 20:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-11-22 12:48 - 2014-10-30 20:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-11-22 12:48 - 2014-10-30 20:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-11-22 12:47 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-22 12:47 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-22 12:47 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-22 12:47 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-22 12:47 - 2014-11-04 17:38 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-22 12:47 - 2014-11-03 18:10 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-22 12:47 - 2014-10-30 22:53 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-11-22 12:47 - 2014-10-30 22:49 - 00537088 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-22 12:47 - 2014-10-30 22:24 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-11-22 12:47 - 2014-10-22 23:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-22 12:47 - 2014-10-22 23:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-22 12:47 - 2014-10-07 00:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-22 12:47 - 2014-10-07 00:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-22 12:47 - 2014-10-07 00:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-22 12:47 - 2014-10-07 00:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-11-22 12:47 - 2014-10-07 00:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-22 12:47 - 2014-10-06 21:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-22 12:47 - 2014-10-06 21:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-22 12:47 - 2014-10-06 21:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-22 12:47 - 2014-10-06 21:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-22 12:47 - 2014-10-06 19:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-11-22 12:47 - 2014-10-06 19:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-22 12:47 - 2014-08-22 23:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-22 12:47 - 2014-08-22 23:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-22 12:46 - 2014-09-10 00:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-11-22 12:46 - 2014-09-07 21:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-11-22 12:46 - 2014-09-07 21:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-11-22 12:46 - 2014-09-07 16:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
2014-11-22 12:46 - 2014-09-04 16:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-11-22 12:46 - 2014-09-04 16:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-11-22 12:46 - 2014-09-03 21:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-11-22 12:46 - 2014-09-03 20:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-11-22 12:46 - 2014-09-03 19:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2014-11-22 12:46 - 2014-09-03 18:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2014-11-22 12:46 - 2014-08-30 18:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-11-22 12:46 - 2014-08-30 18:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-11-22 12:46 - 2014-08-30 16:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-11-22 12:46 - 2014-08-30 16:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2014-11-22 12:46 - 2014-08-30 15:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2014-11-22 12:46 - 2014-08-30 15:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-11-22 12:46 - 2014-08-30 14:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2014-11-22 12:46 - 2014-08-30 14:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-11-22 12:46 - 2014-08-27 20:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-11-22 12:46 - 2014-08-27 18:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-11-22 12:46 - 2014-08-27 18:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-11-22 12:46 - 2014-08-22 23:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-11-22 12:46 - 2014-08-22 23:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-11-22 12:46 - 2014-08-22 22:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2014-11-22 12:46 - 2014-08-01 18:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2014-11-22 12:46 - 2014-08-01 18:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2014-11-13 22:26 - 2014-11-22 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Nitro PDF
2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\LSC
2014-11-13 21:09 - 2014-10-30 05:25 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-11-06 20:03 - 2014-11-06 20:04 - 71648048 _____ (Apple Inc.) C:\Users\cpaulson12\Downloads\iCloudSetup.exe
2014-11-06 19:51 - 2014-11-06 19:51 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-06 19:51 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files\iTunes
2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-06 19:50 - 2014-11-06 19:50 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-27 21:44 - 2014-07-10 03:18 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-185766733-1824046107-1153005522-1002
2014-11-27 21:42 - 2014-02-15 20:47 - 01423703 _____ () C:\windows\WindowsUpdate.log
2014-11-27 21:39 - 2014-07-09 20:10 - 00002256 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-27 21:37 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Pokki
2014-11-27 21:37 - 2014-07-09 17:15 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\ID Vault
2014-11-27 21:34 - 2014-07-10 03:16 - 00002306 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-11-27 21:34 - 2014-07-09 21:06 - 00002135 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-11-27 21:32 - 2014-07-09 13:59 - 00000000 ___RD () C:\Users\cpaulson12\Google Drive
2014-11-27 21:32 - 2014-02-15 21:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-27 21:31 - 2014-07-09 13:54 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 21:30 - 2013-10-07 12:23 - 00466964 _____ () C:\windows\PFRO.log
2014-11-27 21:30 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-27 21:29 - 2014-02-15 21:41 - 00002560 _____ () C:\windows\system32\VfService.trf
2014-11-27 21:29 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
2014-11-27 21:29 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-11-27 21:25 - 2013-08-22 09:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-11-27 21:23 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-11-27 21:20 - 2014-07-10 03:19 - 00003970 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{745A42CE-EB87-47C1-8067-C57D29127740}
2014-11-27 21:15 - 2013-10-07 12:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-27 21:11 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
2014-11-22 17:30 - 2014-07-24 21:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 16:59 - 2014-07-09 13:54 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 16:29 - 2013-08-22 08:44 - 00492512 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-22 16:28 - 2014-07-09 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-22 16:24 - 2014-07-14 17:44 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-11-22 15:04 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
2014-11-22 14:54 - 2014-10-21 20:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-22 13:10 - 2014-07-09 20:26 - 00000000 ____D () C:\windows\system32\MRT
2014-11-22 13:00 - 2014-07-09 20:26 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-22 12:27 - 2014-07-09 17:16 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\ID Vault
2014-11-22 12:14 - 2014-07-09 19:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-13 22:06 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\vpnplugins
2014-11-13 21:49 - 2014-08-26 17:55 - 00000000 ____D () C:\ProgramData\c3e08c6694ad16e5
2014-11-13 21:46 - 2014-07-21 23:37 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\CrashDumps
2014-11-13 21:30 - 2014-07-24 21:50 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-06 20:07 - 2013-08-22 08:46 - 00025470 _____ () C:\windows\setupact.log
2014-11-06 20:02 - 2014-07-09 20:06 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Apple Computer
2014-11-06 19:50 - 2014-07-09 20:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-06 19:50 - 2014-07-09 20:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-05 13:35 - 2014-08-02 15:36 - 00000000 ____D () C:\Users\cpaulson12\Desktop\guestbook
 
Some content of TEMP:
====================
C:\Users\cpaulson12\AppData\Local\Temp\0068011417144806mcinst.exe
C:\Users\cpaulson12\AppData\Local\Temp\air4444.exe
C:\Users\cpaulson12\AppData\Local\Temp\air7885.exe
C:\Users\cpaulson12\AppData\Local\Temp\airC2FC.exe
C:\Users\cpaulson12\AppData\Local\Temp\airEBD4.exe
C:\Users\cpaulson12\AppData\Local\Temp\airFFF7.exe
C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\cpaulson12\AppData\Local\Temp\octC212.tmp.exe
C:\Users\cpaulson12\AppData\Local\Temp\octED6B.tmp.exe
C:\Users\cpaulson12\AppData\Local\Temp\optprosetup.exe
C:\Users\cpaulson12\AppData\Local\Temp\ose00000.exe
C:\Users\cpaulson12\AppData\Local\Temp\PCFixSpeedSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-22 12:48
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by cpaulson12 at 2014-11-27 21:48:13
Running from C:\Users\cpaulson12\Desktop\COMP FIX
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{49717648-68B0-3342-F28B-7DF710E1EBF4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.188.0 - Conexant Systems)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Pokki) (Version: 0.269.4.103 - Pokki)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
UserGuide (x32 Version: 1.0.0.17 - Lenovo) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{288799CB-E38C-44A0-A9FA-40D150FFE081}\InprocServer32 -> C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
 
==================== Restore Points  =========================
 
07-11-2014 02:28:54 Scheduled Checkpoint
22-11-2014 18:48:43 Windows Update
28-11-2014 03:28:16 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2209DCE6-3563-48C7-9C36-180BBA71445B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {2387F1B2-9135-4078-846E-F5233CADE335} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
Task: {2BCA6A4B-EF5E-4A4D-A7F9-E4F6DA45DE13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {2FF2D58D-E35A-41A0-BBCC-A2B3967A3B8D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {3904EEED-831E-46DD-8EB7-7E5A16DBB1A4} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {3CE885C6-DED7-4AC4-8126-7FB38E024F73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {4808CEBA-CD6B-4595-A16B-E2504A3EF9A6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)
Task: {786AF07E-C139-440E-B4C6-B7DDE97F43A4} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {96F6A4DC-6956-437C-92FF-E8E587EBD3E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9CC9985E-1A1F-4856-9ADA-DABF527D53D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {9DB6C33C-90C5-486F-A357-1FCE20B64D2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {B75A126B-9EDF-4CB7-8F21-D3ABAC67005A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
Task: {BDC16737-0D81-4657-9331-F4F131F2D55B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-11-22] (Microsoft Corporation)
Task: {C88CEF1D-40E3-4307-AD13-5B50EE12FCFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
Task: {E1529557-CA4F-4F57-A382-6F988FEEEF6E} - \Groovorio No Task File <==== ATTENTION
Task: {E3B7B63A-DACE-434F-A25F-5F3D56B74610} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F8E4C8B8-A751-4F59-9B70-B46D7A3F38AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-11 00:25 - 2013-09-11 00:25 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-11 06:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-15 21:27 - 2012-04-24 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-15 21:41 - 2014-02-15 21:41 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-15 21:41 - 2014-02-15 21:41 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-11-22 12:12 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-25 05:04 - 2013-09-25 05:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 05:01 - 2013-09-25 05:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 05:08 - 2013-09-25 05:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-08-03 09:08 - 2014-08-03 09:08 - 03475912 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-22 16:41 - 2014-11-22 16:41 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2014-11-22 16:41 - 2014-11-22 16:41 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-09-22 14:30 - 2014-09-22 14:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2014-11-27 21:31 - 2014-11-27 21:31 - 00098816 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32api.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00110080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\pywintypes27.dll
2014-11-27 21:31 - 2014-11-27 21:31 - 00364544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\pythoncom27.dll
2014-11-27 21:31 - 2014-11-27 21:31 - 00045568 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\_socket.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 01160704 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\_ssl.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00320512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32com.shell.shell.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00713216 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\_hashlib.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 01175040 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\wx._core_.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00805888 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\wx._gdi_.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00811008 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\wx._windows_.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 01062400 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\wx._controls_.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00735232 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\wx._misc_.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00128512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\_elementtree.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00127488 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\pyexpat.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00557056 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\pysqlite2._sqlite.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00007168 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\hashobjs_ext.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00087552 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\_ctypes.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00119808 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32file.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00108544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32security.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00018432 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32event.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00038912 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32inet.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00070656 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\wx._html2.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00167936 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32gui.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00011264 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32crypt.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00027136 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\_multiprocessing.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00686080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\unicodedata.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00122368 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\wx._wizard.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00010240 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\select.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00024064 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32pipe.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00025600 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32pdh.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00525640 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\windows._lib_cacheinvalidation.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00035840 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32process.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00017408 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32profile.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00022528 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\win32ts.pyd
2014-11-27 21:31 - 2014-11-27 21:31 - 00078336 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36442\wx._animate.pyd
2014-11-22 12:11 - 2014-09-23 05:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-08-15 18:04 - 2014-08-06 21:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-15 18:04 - 2014-08-06 21:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-15 18:04 - 2014-08-06 21:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 18:04 - 2014-08-06 21:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 18:04 - 2014-08-06 21:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-15 18:04 - 2014-08-06 21:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
2014-10-02 12:07 - 2014-10-02 12:07 - 00569856 _____ () C:\Users\cpaulson12\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-10-02 12:07 - 2014-10-02 12:07 - 01400846 _____ () C:\Users\cpaulson12\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-10-02 12:07 - 2014-10-02 12:07 - 00151054 _____ () C:\Users\cpaulson12\AppData\Local\Pokki\Engine\avutil-51.dll
2014-10-02 12:07 - 2014-10-02 12:07 - 00222734 _____ () C:\Users\cpaulson12\AppData\Local\Pokki\Engine\avformat-54.dll
2014-11-22 12:09 - 2014-11-22 12:09 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-07-09 19:23 - 2014-07-09 19:25 - 01286256 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\PPRESOURCES.DLL
2014-07-09 19:23 - 2014-07-09 19:24 - 00196176 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\IEAWSDC.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-185766733-1824046107-1153005522-500 - Administrator - Disabled)
cpaulson12 (S-1-5-21-185766733-1824046107-1153005522-1002 - Administrator - Enabled) => C:\Users\cpaulson12
Guest (S-1-5-21-185766733-1824046107-1153005522-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/27/2014 09:28:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Home Network since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (11/27/2014 09:28:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc.
 
System Error:
The system cannot find the file specified.
.
 
Error: (11/22/2014 03:20:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5843
 
Error: (11/22/2014 03:20:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5843
 
Error: (11/22/2014 03:20:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/22/2014 03:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4421
 
Error: (11/22/2014 03:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4421
 
Error: (11/22/2014 03:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/22/2014 03:20:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2937
 
Error: (11/22/2014 03:20:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2937
 
 
System errors:
=============
Error: (11/27/2014 09:36:28 PM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/27/2014 09:35:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
Error: (11/27/2014 09:23:58 PM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (11/27/2014 09:23:28 PM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (11/22/2014 04:34:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.
 
Error: (11/22/2014 04:18:29 PM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (11/22/2014 04:18:29 PM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (11/22/2014 04:18:29 PM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (11/22/2014 04:18:29 PM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (11/22/2014 00:49:05 PM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office Sessions:
=========================
Error: (11/27/2014 09:28:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Home Network since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (11/27/2014 09:28:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc.
 
System Error:
The system cannot find the file specified.
 
Error: (11/22/2014 03:20:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5843
 
Error: (11/22/2014 03:20:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5843
 
Error: (11/22/2014 03:20:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/22/2014 03:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4421
 
Error: (11/22/2014 03:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4421
 
Error: (11/22/2014 03:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/22/2014 03:20:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2937
 
Error: (11/22/2014 03:20:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2937
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
Percentage of memory in use: 63%
Total physical RAM: 5327.26 MB
Available physical RAM: 1945.34 MB
Total Pagefile: 6223.26 MB
Available Pagefile: 2403.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:893.13 GB) (Free:774.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.48 GB) NTFS
Drive e: ('11 - '13 cabin) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F91D03FF)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 December 2014 - 06:42 AM

:welcome:

 

Lets clean you up some and go from there, run these scans in order please and post the log from each one

 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 paudusd

    paudusd

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 02 December 2014 - 07:56 PM

    # AdwCleaner v4.103 - Report created 02/12/2014 at 10:30:36
    # Updated 01/12/2014 by Xplode
    # Database : 2014-12-01.2 [Live]
    # Operating System : Windows 8.1  (64 bits)
    # Username : cpaulson12 - CHRISTI-LAPTOP
    # Running from : C:\Users\cpaulson12\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\KeingCoupoon
    Folder Deleted : C:\ProgramData\RouyAlCoupon
    Folder Deleted : C:\ProgramData\TicTaCoouPoni
    Folder Deleted : C:\ProgramData\tiopdeaall
    Folder Deleted : C:\ProgramData\c3e08c6694ad16e5
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
    Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    Folder Deleted : C:\Program Files (x86)\TidyNetwork
    Folder Deleted : C:\Program Files (x86)\DriverRestore
    Folder Deleted : C:\Users\cpaulson12\AppData\Local\StormWatch
    Folder Deleted : C:\Users\CPAULS~1\AppData\Local\Temp\AirInstaller
    Folder Deleted : C:\Users\CPAULS~1\AppData\Local\Temp\Klip Pal
    Folder Deleted : C:\Users\cpaulson12\AppData\Roaming\Optimizer Pro
    Folder Deleted : C:\Users\cpaulson12\Documents\Optimizer Pro
    Folder Deleted : C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\n@HZ.com
    Folder Deleted : C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\tU@f.org
    Folder Deleted : C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\Y@rgeb.com
    Folder Deleted : C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\ysi9gtz@qbd-ii.net
    Folder Deleted : C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\zeN@L.net
    Folder Deleted : C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\igoblnhahmknebfjlklmcgjmjolkfblo
    File Deleted : C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\user.js
    File Deleted : C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
    File Deleted : C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
    File Deleted : C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
    Task Deleted : Groovorio
    Task Deleted : Optimizer Pro Schedule
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKCU\Software\Classes\pokki
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
    Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
    Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
    Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
    Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{25C7EB70-989E-42E1-AF40-DBBE6D958EAC}
    Key Deleted : HKCU\Software\BRS
    Key Deleted : HKCU\Software\eSupport.com
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\Pokki
    Key Deleted : HKCU\Software\DriverRestore
    Key Deleted : HKCU\Software\StormWatch
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17416
     
     
    -\\ Mozilla Firefox v33.0.3 (x86 en-US)
     
    [3hli1wif.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "FindWide");
    [3hli1wif.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Groovorio");
    [3hli1wif.default\prefs.js] - Line Deleted : user_pref("extensions.IcnejK7F8cx9sePO.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [3hli1wif.default\prefs.js] - Line Deleted : user_pref("extensions.ZFn4Mrp8MlTuVFJ7.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [3hli1wif.default\prefs.js] - Line Deleted : user_pref("extensions.g5rVWXRf5.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"su[...]
    [3hli1wif.default\prefs.js] - Line Deleted : user_pref("extensions.jM5RAnvFO7bfivDE.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [3hli1wif.default\prefs.js] - Line Deleted : user_pref("extensions.jdLTAH4137aTT7yI.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
     
    -\\ Google Chrome v36.0.1985.143
     
    [C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk3_14_29&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0DyB0F0D0D0AzyyCyCtBtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtA1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StA0FtC0A0CtCtDyCtGzzyCzztCtG0C0A0ByEtG0B0CzzyEtGtC0DtC0BtAyDtB0CyE0C0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AyC0CyBzzzyyCtGyBzytDyEtGyE0A0BtCtG0AyB0D0BtG0EzytB0C0AyDtAzz0FtDyBtD2Q&cr=1336287701&ir=
    [C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    [C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
    [C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : igoblnhahmknebfjlklmcgjmjolkfblo
    [C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://groovorio.com/?f=1&a=grv_adk3_14_29&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0DyB0F0D0D0AzyyCyCtBtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtA1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StA0FtC0A0CtCtDyCtGzzyCzztCtG0C0A0ByEtG0B0CzzyEtGtC0DtC0BtAyDtB0CyE0C0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AyC0CyBzzzyyCtGyBzytDyEtGyE0A0BtCtG0AyB0D0BtG0EzytB0C0AyDtAzz0FtDyBtD2Q&cr=1336287701&ir=
    [C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://groovorio.com/?f=7&a=grv_adk3_14_29&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0DyB0F0D0D0AzyyCyCtBtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtA1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StA0FtC0A0CtCtDyCtGzzyCzztCtG0C0A0ByEtG0B0CzzyEtGtC0DtC0BtAyDtB0CyE0C0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AyC0CyBzzzyyCtGyBzytDyEtGyE0A0BtCtG0AyB0D0BtG0EzytB0C0AyDtAzz0FtDyBtD2Q&cr=1336287701&ir=
     
    *************************
     
    AdwCleaner[R0].txt - [9217 octets] - [02/12/2014 10:25:37]
    AdwCleaner[S0].txt - [8758 octets] - [02/12/2014 10:30:36]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8818 octets] ##########
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 8.1 x64
    Ran by cpaulson12 on Tue 12/02/2014 at 10:34:25.45
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
     
     
    ~~~ FireFox
     
    Successfully deleted the following from C:\Users\cpaulson12\AppData\Roaming\mozilla\firefox\profiles\3hli1wif.default\prefs.js
     
    user_pref("extensions.IcnejK7F8cx9sePO.url", "hxxp://jpi-proxy.info/sync2/?q=hfZ9ofqRAfnMCyVUojwMg708BNmGWj8lkGhGheDUojw9rjwEqHaFqdsGqchIC7n0rjnFrja6rdsFqjrGtNhVCT94tMVKhd95pd
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 12/02/2014 at 10:37:46.22
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
    <?xml version="1.0" encoding="UTF-16" ?>
    <mbam-log>
    <header>
    <date>2014/12/02 10:40:53 -0600</date>
    <logfile>mbam-log-2014-12-02 (10-40-52).xml</logfile>
    <isadmin>yes</isadmin>
    </header>
    <engine>
    <version>2.00.3.1025</version>
    <malware-database>v2014.12.02.05</malware-database>
    <rootkit-database>v2014.12.02.02</rootkit-database>
    <license>free</license>
    <file-protection>disabled</file-protection>
    <web-protection>disabled</web-protection>
    <self-protection>disabled</self-protection>
    </engine>
    <system>
    <osversion>Windows 8.1</osversion>
    <arch>x64</arch>
    <username>cpaulson12</username>
    <filesys>NTFS</filesys>
    </system>
    <summary>
    <type>threat</type>
    <result>completed</result>
    <objects>333271</objects>
    <time>1049</time>
    <processes>0</processes>
    <modules>0</modules>
    <keys>1</keys>
    <values>0</values>
    <datas>0</datas>
    <folders>0</folders>
    <files>4</files>
    <sectors>0</sectors>
    </summary>
    <options>
    <memory>enabled</memory>
    <startup>enabled</startup>
    <filesystem>enabled</filesystem>
    <archives>enabled</archives>
    <rootkits>disabled</rootkits>
    <deeprootkit>disabled</deeprootkit>
    <heuristics>enabled</heuristics>
    <pup>enabled</pup>
    <pum>enabled</pum>
    </options>
    <items>
    <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{346101c4}</path><vendor>PUP.Optional.Booster.A</vendor><action>success</action><hash>937a8fcff28ab5818146ec72ac578878</hash></key>
    <file><path>C:\Users\cpaulson12\Downloads\Setup (1).exe</path><vendor>PUP.Optional.SmartSec</vendor><action>success</action><hash>09049cc23e3ef83e049f0ae55da406fa</hash></file>
    <file><path>C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage</path><vendor>PUP.Optional.ReMarkable.A</vendor><action>success</action><hash>41ccd28ca7d571c5c522cbf2c341de22</hash></file>
    <file><path>C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal</path><vendor>PUP.Optional.ReMarkable.A</vendor><action>success</action><hash>53ba570790ecda5c5e89615ccc389967</hash></file>
    <file><path>C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\prefs.js</path><vendor>PUP.Optional.TidyNetwork.A</vendor><action>replaced</action><baddata>user_pref(&quot;browser.newtab.url&quot;, &quot;file:///C:\\Users\\cpaulson12\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm&quot;);</baddata><gooddata></gooddata><hash>b55879e5027a9e989502cacb20e5956b</hash></file>
    </items>
    </mbam-log>
     


    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 02 December 2014 - 09:38 PM

    See if you can get me the Malwarebytes log, its hard to read the way you posted it

     

    1. Open up Malwarebytes 
    2. Go to the History Tab
    3. Click on Application Logs
    4. Click on the last Scan Log you just ran
    5. Click on View
    6. Then on the Bottom click on Copy to Clipboard
    7. Then paste it into this thread
     
     
    Then run a new scan with FRST, be sure to checkmark Additions and post both logs please


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 paudusd

    paudusd

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 02 December 2014 - 09:49 PM

    Sure.

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 12/2/2014
    Scan Time: 10:40:53 AM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.12.02.05
    Rootkit Database: v2014.12.02.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: cpaulson12
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 333271
    Time Elapsed: 17 min, 29 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 1
    PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{346101c4}, Quarantined, [937a8fcff28ab5818146ec72ac578878], 
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 4
    PUP.Optional.SmartSec, C:\Users\cpaulson12\Downloads\Setup (1).exe, Quarantined, [09049cc23e3ef83e049f0ae55da406fa], 
    PUP.Optional.ReMarkable.A, C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [41ccd28ca7d571c5c522cbf2c341de22], 
    PUP.Optional.ReMarkable.A, C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [53ba570790ecda5c5e89615ccc389967], 
    PUP.Optional.TidyNetwork.A, C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "file:///C:\\Users\\cpaulson12\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm");), Replaced,[b55879e5027a9e989502cacb20e5956b]
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
    Ran by cpaulson12 (administrator) on CHRISTI-LAPTOP on 02-12-2014 21:44:54
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Loaded Profile: cpaulson12 (Available profiles: cpaulson12)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-07] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-15] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-15] (Lenovo(beijing) Limited)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #3] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #1] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A74F766D-718E-4A04-A80F-7ADAB7E811B6} URL = http://search.yahoo....petb&type=10741
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: TicTaCoupon -> {49c19184-e770-4a09-8161-0eca8b669385} -> C:\ProgramData\TicTaCoupon\9pXorjQgjxDmqM.x64.dll ()
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: TicTaCoupon -> {49c19184-e770-4a09-8161-0eca8b669385} -> C:\ProgramData\TicTaCoupon\9pXorjQgjxDmqM.dll ()
    BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Toolbar: HKLM - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport.dll No File
    Toolbar: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A7F7E4CA-068A-4E43-8A44-69A72B3FD351}: [NameServer] 75.75.75.75,75.75.76.76
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
    FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\idvaultaddon@whitesky [2014-10-25]
    FF Extension: No Name - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\temp [2014-07-09]
    FF Extension: RooyalShoppeRAApp - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\yoe.93h7@qrxs-.edu [2014-09-08]
    FF Extension: FindWide Toolbar - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\toolbar10741@findwide.com.xpi [2014-08-03]
    FF HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
     
    Chrome: 
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09]
    CHR Extension: (Google Drive) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
    CHR Extension: (YouTube) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09]
    CHR Extension: (Google Search) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09]
    CHR Extension: (Accessibility Developer Tools) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkknkljclfencbdbgkenhalefipecmb [2014-12-02]
    CHR Extension: (Full Screen) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-19]
    CHR Extension: (Savings com DealFinder) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap [2014-11-13]
    CHR Extension: (Chromium Updater) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmicnfbmcjhlbdohdmdhfjlbigkcddl [2014-08-26]
    CHR Extension: (Ask the Gooru) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffimodjajkloehmbfgeiclolgbebec [2014-11-05]
    CHR Extension: (Google Wallet) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09]
    CHR Extension: (Shut Up) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfoejikkmejobodofaimigojomlfim [2014-09-28]
    CHR Extension: (Rotten Tomato) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\peokdhcembipiholieikfdloegjagplb [2014-08-26]
    CHR Extension: (Gmail) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09]
    CHR Extension: (Klip Pal) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkoehejbnbinjafeopgalokcmjdgkkhe [2014-10-01]
    CHR Extension: (Beautify for Trello) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmoihbfiilgkkgcogbblhhanjjaocil [2014-09-08]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 346101c4; c:\Program Files (x86)\CouponGenie\BuyPractical.dll [3995136 2014-11-27] () [File not signed]
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-15] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-02 21:42 - 2014-12-02 21:43 - 00000000 ____D () C:\ProgramData\TicTaCoupon
    2014-12-02 21:42 - 2014-12-02 21:43 - 00000000 ____D () C:\ProgramData\c3e08c6694ad16e5
    2014-12-02 10:39 - 2014-12-02 10:39 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-02 10:38 - 2014-12-02 10:23 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\cpaulson12\Desktop\mbam-setup-2.0.3.1025 (2).exe
    2014-12-02 10:37 - 2014-12-02 10:37 - 00000955 _____ () C:\Users\cpaulson12\Desktop\JRT.txt
    2014-12-02 10:34 - 2014-12-02 10:34 - 00000000 ____D () C:\windows\ERUNT
    2014-12-02 10:33 - 2014-12-02 10:21 - 01707646 _____ (Thisisu) C:\Users\cpaulson12\Desktop\JRT.exe
    2014-12-02 10:25 - 2014-12-02 10:30 - 00000000 ____D () C:\AdwCleaner
    2014-12-02 10:25 - 2014-12-02 10:20 - 02154496 _____ () C:\Users\cpaulson12\Desktop\AdwCleaner.exe
    2014-12-02 10:22 - 2014-12-02 10:23 - 00000000 ___RD () C:\Users\cpaulson12\Desktop\putback
    2014-11-27 22:30 - 2014-11-27 22:30 - 04443312 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2014-11-27 22:00 - 2014-11-27 22:01 - 00281392 _____ () C:\windows\Minidump\112714-33546-01.dmp
    2014-11-27 22:00 - 2014-11-27 22:00 - 547900009 _____ () C:\windows\MEMORY.DMP
    2014-11-27 22:00 - 2014-11-27 22:00 - 00000000 ____D () C:\windows\Minidump
    2014-11-27 21:50 - 2014-11-27 21:50 - 00000000 ____D () C:\Program Files (x86)\CouponGenie
    2014-11-27 21:45 - 2014-12-02 21:44 - 00000000 ____D () C:\FRST
    2014-11-27 21:43 - 2014-11-27 21:43 - 02117632 _____ (Farbar) C:\Users\cpaulson12\Downloads\FRST64 (1).exe
    2014-11-27 21:35 - 2014-12-02 21:44 - 00000000 ____D () C:\Users\cpaulson12\Desktop\COMP FIX
    2014-11-27 21:18 - 2014-11-27 21:18 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Zemana
    2014-11-22 16:30 - 2014-11-20 14:51 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-22 16:30 - 2014-11-20 14:51 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-22 12:54 - 2014-09-27 01:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
    2014-11-22 12:54 - 2014-09-26 23:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
    2014-11-22 12:54 - 2014-09-26 21:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-22 12:54 - 2014-09-26 21:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
    2014-11-22 12:54 - 2014-09-26 21:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-22 12:53 - 2014-10-18 03:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-11-22 12:53 - 2014-10-18 02:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-11-22 12:53 - 2014-10-18 02:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2014-11-22 12:53 - 2014-10-18 01:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-11-22 12:53 - 2014-10-18 00:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
    2014-11-22 12:53 - 2014-10-18 00:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-11-22 12:53 - 2014-10-18 00:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-11-22 12:53 - 2014-10-18 00:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-11-22 12:53 - 2014-10-18 00:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2014-11-22 12:53 - 2014-10-18 00:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-11-22 12:53 - 2014-10-18 00:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-11-22 12:53 - 2014-10-18 00:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-11-22 12:53 - 2014-10-18 00:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-11-22 12:53 - 2014-10-18 00:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-11-22 12:53 - 2014-10-18 00:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-11-22 12:53 - 2014-10-18 00:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-11-22 12:53 - 2014-10-17 01:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-22 12:53 - 2014-10-17 00:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-22 12:53 - 2014-10-12 20:33 - 00116032 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2014-11-22 12:53 - 2014-10-10 18:58 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-22 12:53 - 2014-10-10 18:53 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-22 12:53 - 2014-10-09 19:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-22 12:53 - 2014-10-09 19:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
    2014-11-22 12:53 - 2014-10-09 19:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2014-11-22 12:53 - 2014-10-08 01:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-22 12:53 - 2014-10-08 01:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-22 12:53 - 2014-10-08 01:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
    2014-11-22 12:53 - 2014-10-08 01:30 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2014-11-22 12:53 - 2014-10-08 01:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
    2014-11-22 12:53 - 2014-10-08 01:09 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2014-11-22 12:53 - 2014-10-08 00:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2014-11-22 12:53 - 2014-10-08 00:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-22 12:53 - 2014-10-08 00:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-22 12:53 - 2014-10-08 00:27 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2014-11-22 12:53 - 2014-10-08 00:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2014-11-22 12:53 - 2014-10-08 00:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-22 12:53 - 2014-10-07 23:32 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-11-22 12:53 - 2014-10-07 23:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-11-22 12:53 - 2014-10-07 23:19 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-11-22 12:52 - 2014-09-21 22:38 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
    2014-11-22 12:52 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2014-11-22 12:52 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
    2014-11-22 12:52 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2014-11-22 12:52 - 2014-09-18 18:16 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
    2014-11-22 12:52 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
    2014-11-22 12:52 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
    2014-11-22 12:51 - 2014-10-30 23:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-22 12:51 - 2014-10-30 21:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-22 12:49 - 2014-10-30 23:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-22 12:49 - 2014-10-30 23:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-22 12:49 - 2014-10-30 22:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-22 12:49 - 2014-10-30 22:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
    2014-11-22 12:49 - 2014-10-30 22:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-11-22 12:49 - 2014-10-30 22:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-22 12:49 - 2014-10-30 22:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-22 12:49 - 2014-10-30 22:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-22 12:49 - 2014-10-30 22:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-22 12:49 - 2014-10-30 22:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2014-11-22 12:49 - 2014-10-30 22:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-11-22 12:49 - 2014-10-30 22:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-22 12:49 - 2014-10-30 22:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-22 12:49 - 2014-10-30 22:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-22 12:49 - 2014-10-30 21:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-22 12:49 - 2014-10-30 21:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-22 12:49 - 2014-10-30 21:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2014-11-22 12:49 - 2014-10-30 21:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-22 12:49 - 2014-10-30 21:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-22 12:49 - 2014-10-30 21:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-11-22 12:49 - 2014-10-30 21:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-22 12:49 - 2014-10-30 21:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-22 12:49 - 2014-10-30 21:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-22 12:49 - 2014-10-30 21:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
    2014-11-22 12:49 - 2014-10-30 21:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-11-22 12:49 - 2014-10-30 21:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-22 12:49 - 2014-10-30 21:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-22 12:49 - 2014-10-30 20:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-22 12:49 - 2014-10-30 20:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-22 12:49 - 2014-10-30 20:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2014-11-22 12:49 - 2014-10-30 20:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-11-22 12:49 - 2014-10-30 20:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-22 12:49 - 2014-10-30 20:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-22 12:49 - 2014-10-30 20:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-22 12:49 - 2014-10-30 20:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-22 12:49 - 2014-10-30 20:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-22 12:49 - 2014-10-30 20:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-22 12:49 - 2014-10-30 20:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-22 12:48 - 2014-10-30 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
    2014-11-22 12:48 - 2014-10-30 23:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
    2014-11-22 12:48 - 2014-10-30 23:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
    2014-11-22 12:48 - 2014-10-30 23:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
    2014-11-22 12:48 - 2014-10-30 23:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
    2014-11-22 12:48 - 2014-10-30 23:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll
    2014-11-22 12:48 - 2014-10-30 23:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-22 12:48 - 2014-10-30 23:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-22 12:48 - 2014-10-30 23:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-11-22 12:48 - 2014-10-30 23:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-22 12:48 - 2014-10-30 22:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-22 12:48 - 2014-10-30 22:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-22 12:48 - 2014-10-30 22:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
    2014-11-22 12:48 - 2014-10-30 22:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-22 12:48 - 2014-10-30 22:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-22 12:48 - 2014-10-30 22:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
    2014-11-22 12:48 - 2014-10-30 22:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 12:48 - 2014-10-30 22:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-11-22 12:48 - 2014-10-30 22:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2014-11-22 12:48 - 2014-10-30 22:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2014-11-22 12:48 - 2014-10-30 22:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-22 12:48 - 2014-10-30 22:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-22 12:48 - 2014-10-30 22:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
    2014-11-22 12:48 - 2014-10-30 22:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-11-22 12:48 - 2014-10-30 22:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2014-11-22 12:48 - 2014-10-30 22:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-22 12:48 - 2014-10-30 21:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
    2014-11-22 12:48 - 2014-10-30 21:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
    2014-11-22 12:48 - 2014-10-30 21:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
    2014-11-22 12:48 - 2014-10-30 21:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
    2014-11-22 12:48 - 2014-10-30 21:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
    2014-11-22 12:48 - 2014-10-30 21:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
    2014-11-22 12:48 - 2014-10-30 21:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
    2014-11-22 12:48 - 2014-10-30 21:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-22 12:48 - 2014-10-30 21:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-22 12:48 - 2014-10-30 21:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-22 12:48 - 2014-10-30 21:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-22 12:48 - 2014-10-30 21:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-22 12:48 - 2014-10-30 21:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
    2014-11-22 12:48 - 2014-10-30 21:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-22 12:48 - 2014-10-30 21:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
    2014-11-22 12:48 - 2014-10-30 20:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
    2014-11-22 12:48 - 2014-10-30 20:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-22 12:48 - 2014-10-30 20:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
    2014-11-22 12:48 - 2014-10-30 20:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-22 12:48 - 2014-10-30 20:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-11-22 12:48 - 2014-10-30 20:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2014-11-22 12:48 - 2014-10-30 20:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2014-11-22 12:48 - 2014-10-30 20:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
    2014-11-22 12:47 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-22 12:47 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-22 12:47 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-22 12:47 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-22 12:47 - 2014-11-04 17:38 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-22 12:47 - 2014-11-03 18:10 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-22 12:47 - 2014-10-30 22:53 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-11-22 12:47 - 2014-10-30 22:49 - 00537088 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-22 12:47 - 2014-10-30 22:24 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-11-22 12:47 - 2014-10-22 23:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-22 12:47 - 2014-10-22 23:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-22 12:47 - 2014-10-07 00:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2014-11-22 12:47 - 2014-10-07 00:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-22 12:47 - 2014-10-06 21:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-22 12:47 - 2014-10-06 21:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-22 12:47 - 2014-10-06 21:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-22 12:47 - 2014-10-06 21:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-22 12:47 - 2014-10-06 19:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2014-11-22 12:47 - 2014-10-06 19:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-22 12:47 - 2014-08-22 23:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-22 12:47 - 2014-08-22 23:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-22 12:46 - 2014-09-10 00:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-11-22 12:46 - 2014-09-07 21:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-11-22 12:46 - 2014-09-07 21:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2014-11-22 12:46 - 2014-09-07 16:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
    2014-11-22 12:46 - 2014-09-04 16:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2014-11-22 12:46 - 2014-09-04 16:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2014-11-22 12:46 - 2014-09-03 21:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
    2014-11-22 12:46 - 2014-09-03 20:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
    2014-11-22 12:46 - 2014-09-03 19:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
    2014-11-22 12:46 - 2014-09-03 18:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
    2014-11-22 12:46 - 2014-08-30 18:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
    2014-11-22 12:46 - 2014-08-30 18:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-11-22 12:46 - 2014-08-30 16:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-11-22 12:46 - 2014-08-30 16:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
    2014-11-22 12:46 - 2014-08-30 15:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
    2014-11-22 12:46 - 2014-08-30 15:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
    2014-11-22 12:46 - 2014-08-30 14:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
    2014-11-22 12:46 - 2014-08-30 14:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
    2014-11-22 12:46 - 2014-08-27 20:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-11-22 12:46 - 2014-08-27 18:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-11-22 12:46 - 2014-08-27 18:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-11-22 12:46 - 2014-08-22 23:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2014-11-22 12:46 - 2014-08-22 23:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2014-11-22 12:46 - 2014-08-22 22:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
    2014-11-22 12:46 - 2014-08-01 18:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
    2014-11-22 12:46 - 2014-08-01 18:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
    2014-11-13 22:26 - 2014-11-22 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Nitro PDF
    2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\LSC
    2014-11-13 21:09 - 2014-10-30 05:25 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-06 20:03 - 2014-11-06 20:04 - 71648048 _____ (Apple Inc.) C:\Users\cpaulson12\Downloads\iCloudSetup.exe
    2014-11-06 19:51 - 2014-11-06 19:51 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-11-06 19:51 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-06 19:50 - 2014-11-06 19:50 - 00000000 ____D () C:\Program Files\iPod
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-02 21:42 - 2013-10-07 12:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-02 21:40 - 2014-10-21 20:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-02 21:40 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
    2014-12-02 19:54 - 2014-02-15 20:47 - 01824118 _____ () C:\windows\WindowsUpdate.log
    2014-12-02 19:51 - 2014-07-10 03:19 - 00003970 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{745A42CE-EB87-47C1-8067-C57D29127740}
    2014-12-02 19:51 - 2014-07-10 03:18 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-185766733-1824046107-1153005522-1002
    2014-12-02 19:45 - 2014-07-09 20:10 - 00002256 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-02 19:45 - 2014-07-09 17:15 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\ID Vault
    2014-12-02 19:45 - 2014-07-09 13:59 - 00000000 ___RD () C:\Users\cpaulson12\Google Drive
    2014-12-02 19:44 - 2014-07-09 13:54 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-02 19:43 - 2014-02-15 21:41 - 00002560 _____ () C:\windows\system32\VfService.trf
    2014-12-02 19:43 - 2013-10-07 12:23 - 00468456 _____ () C:\windows\PFRO.log
    2014-12-02 19:43 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Registration
    2014-12-02 19:43 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-02 11:30 - 2014-07-24 21:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-12-02 10:59 - 2014-07-09 13:54 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-02 10:39 - 2014-10-21 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-02 10:39 - 2014-10-21 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-02 10:24 - 2013-08-22 08:46 - 00026264 _____ () C:\windows\setupact.log
    2014-12-02 10:22 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-12-02 10:13 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Pokki
    2014-12-02 10:13 - 2014-07-09 21:06 - 00002135 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
    2014-12-02 10:08 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-11-27 22:30 - 2014-07-24 21:50 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-27 22:01 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12
    2014-11-27 21:34 - 2014-07-10 03:16 - 00002306 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2014-11-27 21:32 - 2014-02-15 21:19 - 00000000 ____D () C:\ProgramData\McAfee
    2014-11-27 21:29 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-11-27 21:25 - 2013-08-22 09:36 - 00000000 ___HD () C:\windows\ELAMBKUP
    2014-11-27 21:23 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-11-22 16:29 - 2013-08-22 08:44 - 00492512 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-22 16:28 - 2014-07-09 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-22 16:24 - 2014-07-14 17:44 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
    2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2014-11-22 13:10 - 2014-07-09 20:26 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-22 13:00 - 2014-07-09 20:26 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-22 12:27 - 2014-07-09 17:16 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\ID Vault
    2014-11-22 12:14 - 2014-07-09 19:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-13 22:06 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\vpnplugins
    2014-11-13 21:46 - 2014-07-21 23:37 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\CrashDumps
    2014-11-06 20:02 - 2014-07-09 20:06 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Apple Computer
    2014-11-06 19:50 - 2014-07-09 20:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-11-06 19:50 - 2014-07-09 20:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
     
    Some content of TEMP:
    ====================
    C:\Users\cpaulson12\AppData\Local\Temp\air4444.exe
    C:\Users\cpaulson12\AppData\Local\Temp\air7885.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airC2FC.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airEBD4.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airFFF7.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\cpaulson12\AppData\Local\Temp\octC212.tmp.exe
    C:\Users\cpaulson12\AppData\Local\Temp\octED6B.tmp.exe
    C:\Users\cpaulson12\AppData\Local\Temp\optprosetup.exe
    C:\Users\cpaulson12\AppData\Local\Temp\ose00000.exe
    C:\Users\cpaulson12\AppData\Local\Temp\PCFixSpeedSetup.exe
    C:\Users\cpaulson12\AppData\Local\Temp\Quarantine.exe
    C:\Users\cpaulson12\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-11-22 12:48
     
    ==================== End Of Log ============================
     
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
    Ran by cpaulson12 at 2014-12-02 21:46:16
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
    AMD Catalyst Install Manager (HKLM\...\{49717648-68B0-3342-F28B-7DF710E1EBF4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
    Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.188.0 - Conexant Systems)
    Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
    Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
    Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
    Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
    Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
    Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
    Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
    OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Start Menu (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    TicTaCoupon (HKLM-x32\...\{E370F69F-ED3F-925F-31FC-14D1329A713B}) (Version:  - "") <==== ATTENTION
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
    UserGuide (x32 Version: 1.0.0.17 - Lenovo) Hidden
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{288799CB-E38C-44A0-A9FA-40D150FFE081}\InprocServer32 -> C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
     
    ==================== Restore Points  =========================
     
    07-11-2014 02:28:54 Scheduled Checkpoint
    22-11-2014 18:48:43 Windows Update
    28-11-2014 03:28:16 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {217B0A99-6E4B-469B-8778-0099F25A6E07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-11-22] (Microsoft Corporation)
    Task: {2209DCE6-3563-48C7-9C36-180BBA71445B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
    Task: {2387F1B2-9135-4078-846E-F5233CADE335} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
    Task: {2BCA6A4B-EF5E-4A4D-A7F9-E4F6DA45DE13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {2FF2D58D-E35A-41A0-BBCC-A2B3967A3B8D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {3CE885C6-DED7-4AC4-8126-7FB38E024F73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
    Task: {4808CEBA-CD6B-4595-A16B-E2504A3EF9A6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
    Task: {786AF07E-C139-440E-B4C6-B7DDE97F43A4} - \TidyNetwork Update No Task File <==== ATTENTION
    Task: {96F6A4DC-6956-437C-92FF-E8E587EBD3E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {9CC9985E-1A1F-4856-9ADA-DABF527D53D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
    Task: {9DB6C33C-90C5-486F-A357-1FCE20B64D2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
    Task: {B75A126B-9EDF-4CB7-8F21-D3ABAC67005A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
    Task: {C88CEF1D-40E3-4307-AD13-5B50EE12FCFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
    Task: {E3B7B63A-DACE-434F-A25F-5F3D56B74610} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {F8E4C8B8-A751-4F59-9B70-B46D7A3F38AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2013-09-11 00:25 - 2013-09-11 00:25 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-07-11 06:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-02-15 21:27 - 2012-04-24 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2014-02-15 21:41 - 2014-02-15 21:41 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2014-02-15 21:41 - 2014-02-15 21:41 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2014-11-22 12:12 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-09-25 05:04 - 2013-09-25 05:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-09-25 05:01 - 2013-09-25 05:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-09-25 05:08 - 2013-09-25 05:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    2014-11-27 21:50 - 2014-11-27 21:50 - 03995136 _____ () c:\Program Files (x86)\CouponGenie\BuyPractical.dll
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-22 16:41 - 2014-11-22 16:41 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
    2014-11-22 16:41 - 2014-11-22 16:41 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
    2014-09-22 14:30 - 2014-09-22 14:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
    2014-12-02 19:44 - 2014-12-02 19:44 - 00098816 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32api.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00110080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pywintypes27.dll
    2014-12-02 19:44 - 2014-12-02 19:44 - 00364544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pythoncom27.dll
    2014-12-02 19:44 - 2014-12-02 19:44 - 00045568 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_socket.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01160704 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_ssl.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00320512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32com.shell.shell.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00713216 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_hashlib.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01175040 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._core_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00805888 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._gdi_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00811008 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._windows_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01062400 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._controls_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00735232 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._misc_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00128512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_elementtree.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00127488 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pyexpat.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00557056 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pysqlite2._sqlite.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00007168 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\hashobjs_ext.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00087552 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_ctypes.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00119808 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32file.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00108544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32security.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00018432 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32event.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00038912 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32inet.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00070656 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._html2.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00167936 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32gui.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00011264 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32crypt.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00027136 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_multiprocessing.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00686080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\unicodedata.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00122368 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._wizard.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00010240 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\select.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00024064 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32pipe.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00025600 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32pdh.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00525640 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\windows._lib_cacheinvalidation.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00035840 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32process.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00017408 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32profile.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00022528 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32ts.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00078336 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._animate.pyd
    2014-08-15 18:04 - 2014-08-06 21:20 - 00718152 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\libglesv2.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 00126280 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\libegl.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 08537928 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\pdf.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 00353096 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 01732936 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\ffmpegsumo.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 14669128 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-185766733-1824046107-1153005522-500 - Administrator - Disabled)
    cpaulson12 (S-1-5-21-185766733-1824046107-1153005522-1002 - Administrator - Enabled) => C:\Users\cpaulson12
    Guest (S-1-5-21-185766733-1824046107-1153005522-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:42:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 27961141
     
     
    System errors:
    =============
    Error: (12/02/2014 11:00:43 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (12/02/2014 10:41:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:41:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:40:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:40:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:39:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:39:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:38:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:42:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 27961141
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-12-02 19:42:34.205
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 19:42:33.985
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.880
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.739
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.556
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.412
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.265
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.133
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.001
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:28.870
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
    Percentage of memory in use: 36%
    Total physical RAM: 5327.26 MB
    Available physical RAM: 3371.18 MB
    Total Pagefile: 10703.26 MB
    Available Pagefile: 8364.92 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.85 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows8_OS) (Fixed) (Total:893.13 GB) (Free:767.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.48 GB) NTFS
    Drive e: ('11 - '13 cabin) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: F91D03FF)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================
     
     
     
    Thanks!!


    #6 paudusd

    paudusd

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 02 December 2014 - 09:49 PM

    Sure.

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 12/2/2014
    Scan Time: 10:40:53 AM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.12.02.05
    Rootkit Database: v2014.12.02.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: cpaulson12
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 333271
    Time Elapsed: 17 min, 29 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 1
    PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{346101c4}, Quarantined, [937a8fcff28ab5818146ec72ac578878], 
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 4
    PUP.Optional.SmartSec, C:\Users\cpaulson12\Downloads\Setup (1).exe, Quarantined, [09049cc23e3ef83e049f0ae55da406fa], 
    PUP.Optional.ReMarkable.A, C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [41ccd28ca7d571c5c522cbf2c341de22], 
    PUP.Optional.ReMarkable.A, C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [53ba570790ecda5c5e89615ccc389967], 
    PUP.Optional.TidyNetwork.A, C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "file:///C:\\Users\\cpaulson12\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm");), Replaced,[b55879e5027a9e989502cacb20e5956b]
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
    Ran by cpaulson12 (administrator) on CHRISTI-LAPTOP on 02-12-2014 21:44:54
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Loaded Profile: cpaulson12 (Available profiles: cpaulson12)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-07] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-15] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-15] (Lenovo(beijing) Limited)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #3] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #1] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A74F766D-718E-4A04-A80F-7ADAB7E811B6} URL = http://search.yahoo....petb&type=10741
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: TicTaCoupon -> {49c19184-e770-4a09-8161-0eca8b669385} -> C:\ProgramData\TicTaCoupon\9pXorjQgjxDmqM.x64.dll ()
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: TicTaCoupon -> {49c19184-e770-4a09-8161-0eca8b669385} -> C:\ProgramData\TicTaCoupon\9pXorjQgjxDmqM.dll ()
    BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Toolbar: HKLM - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport.dll No File
    Toolbar: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A7F7E4CA-068A-4E43-8A44-69A72B3FD351}: [NameServer] 75.75.75.75,75.75.76.76
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
    FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\idvaultaddon@whitesky [2014-10-25]
    FF Extension: No Name - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\temp [2014-07-09]
    FF Extension: RooyalShoppeRAApp - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\yoe.93h7@qrxs-.edu [2014-09-08]
    FF Extension: FindWide Toolbar - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\toolbar10741@findwide.com.xpi [2014-08-03]
    FF HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
     
    Chrome: 
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09]
    CHR Extension: (Google Drive) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
    CHR Extension: (YouTube) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09]
    CHR Extension: (Google Search) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09]
    CHR Extension: (Accessibility Developer Tools) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkknkljclfencbdbgkenhalefipecmb [2014-12-02]
    CHR Extension: (Full Screen) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-19]
    CHR Extension: (Savings com DealFinder) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap [2014-11-13]
    CHR Extension: (Chromium Updater) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmicnfbmcjhlbdohdmdhfjlbigkcddl [2014-08-26]
    CHR Extension: (Ask the Gooru) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffimodjajkloehmbfgeiclolgbebec [2014-11-05]
    CHR Extension: (Google Wallet) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09]
    CHR Extension: (Shut Up) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfoejikkmejobodofaimigojomlfim [2014-09-28]
    CHR Extension: (Rotten Tomato) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\peokdhcembipiholieikfdloegjagplb [2014-08-26]
    CHR Extension: (Gmail) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09]
    CHR Extension: (Klip Pal) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkoehejbnbinjafeopgalokcmjdgkkhe [2014-10-01]
    CHR Extension: (Beautify for Trello) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmoihbfiilgkkgcogbblhhanjjaocil [2014-09-08]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 346101c4; c:\Program Files (x86)\CouponGenie\BuyPractical.dll [3995136 2014-11-27] () [File not signed]
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-15] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-02 21:42 - 2014-12-02 21:43 - 00000000 ____D () C:\ProgramData\TicTaCoupon
    2014-12-02 21:42 - 2014-12-02 21:43 - 00000000 ____D () C:\ProgramData\c3e08c6694ad16e5
    2014-12-02 10:39 - 2014-12-02 10:39 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-02 10:38 - 2014-12-02 10:23 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\cpaulson12\Desktop\mbam-setup-2.0.3.1025 (2).exe
    2014-12-02 10:37 - 2014-12-02 10:37 - 00000955 _____ () C:\Users\cpaulson12\Desktop\JRT.txt
    2014-12-02 10:34 - 2014-12-02 10:34 - 00000000 ____D () C:\windows\ERUNT
    2014-12-02 10:33 - 2014-12-02 10:21 - 01707646 _____ (Thisisu) C:\Users\cpaulson12\Desktop\JRT.exe
    2014-12-02 10:25 - 2014-12-02 10:30 - 00000000 ____D () C:\AdwCleaner
    2014-12-02 10:25 - 2014-12-02 10:20 - 02154496 _____ () C:\Users\cpaulson12\Desktop\AdwCleaner.exe
    2014-12-02 10:22 - 2014-12-02 10:23 - 00000000 ___RD () C:\Users\cpaulson12\Desktop\putback
    2014-11-27 22:30 - 2014-11-27 22:30 - 04443312 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2014-11-27 22:00 - 2014-11-27 22:01 - 00281392 _____ () C:\windows\Minidump\112714-33546-01.dmp
    2014-11-27 22:00 - 2014-11-27 22:00 - 547900009 _____ () C:\windows\MEMORY.DMP
    2014-11-27 22:00 - 2014-11-27 22:00 - 00000000 ____D () C:\windows\Minidump
    2014-11-27 21:50 - 2014-11-27 21:50 - 00000000 ____D () C:\Program Files (x86)\CouponGenie
    2014-11-27 21:45 - 2014-12-02 21:44 - 00000000 ____D () C:\FRST
    2014-11-27 21:43 - 2014-11-27 21:43 - 02117632 _____ (Farbar) C:\Users\cpaulson12\Downloads\FRST64 (1).exe
    2014-11-27 21:35 - 2014-12-02 21:44 - 00000000 ____D () C:\Users\cpaulson12\Desktop\COMP FIX
    2014-11-27 21:18 - 2014-11-27 21:18 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Zemana
    2014-11-22 16:30 - 2014-11-20 14:51 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-22 16:30 - 2014-11-20 14:51 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-22 12:54 - 2014-09-27 01:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
    2014-11-22 12:54 - 2014-09-26 23:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
    2014-11-22 12:54 - 2014-09-26 21:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-22 12:54 - 2014-09-26 21:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
    2014-11-22 12:54 - 2014-09-26 21:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-22 12:53 - 2014-10-18 03:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-11-22 12:53 - 2014-10-18 02:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-11-22 12:53 - 2014-10-18 02:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2014-11-22 12:53 - 2014-10-18 01:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-11-22 12:53 - 2014-10-18 00:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
    2014-11-22 12:53 - 2014-10-18 00:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-11-22 12:53 - 2014-10-18 00:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-11-22 12:53 - 2014-10-18 00:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-11-22 12:53 - 2014-10-18 00:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2014-11-22 12:53 - 2014-10-18 00:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-11-22 12:53 - 2014-10-18 00:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-11-22 12:53 - 2014-10-18 00:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-11-22 12:53 - 2014-10-18 00:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-11-22 12:53 - 2014-10-18 00:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-11-22 12:53 - 2014-10-18 00:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-11-22 12:53 - 2014-10-18 00:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-11-22 12:53 - 2014-10-17 01:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-22 12:53 - 2014-10-17 00:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-22 12:53 - 2014-10-12 20:33 - 00116032 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2014-11-22 12:53 - 2014-10-10 18:58 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-22 12:53 - 2014-10-10 18:53 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-22 12:53 - 2014-10-09 19:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-22 12:53 - 2014-10-09 19:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
    2014-11-22 12:53 - 2014-10-09 19:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2014-11-22 12:53 - 2014-10-08 01:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-22 12:53 - 2014-10-08 01:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-22 12:53 - 2014-10-08 01:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
    2014-11-22 12:53 - 2014-10-08 01:30 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2014-11-22 12:53 - 2014-10-08 01:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
    2014-11-22 12:53 - 2014-10-08 01:09 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2014-11-22 12:53 - 2014-10-08 00:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2014-11-22 12:53 - 2014-10-08 00:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-22 12:53 - 2014-10-08 00:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-22 12:53 - 2014-10-08 00:27 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2014-11-22 12:53 - 2014-10-08 00:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2014-11-22 12:53 - 2014-10-08 00:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-22 12:53 - 2014-10-07 23:32 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-11-22 12:53 - 2014-10-07 23:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-11-22 12:53 - 2014-10-07 23:19 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-11-22 12:52 - 2014-09-21 22:38 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
    2014-11-22 12:52 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2014-11-22 12:52 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
    2014-11-22 12:52 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2014-11-22 12:52 - 2014-09-18 18:16 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
    2014-11-22 12:52 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
    2014-11-22 12:52 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
    2014-11-22 12:51 - 2014-10-30 23:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-22 12:51 - 2014-10-30 21:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-22 12:49 - 2014-10-30 23:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-22 12:49 - 2014-10-30 23:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-22 12:49 - 2014-10-30 22:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-22 12:49 - 2014-10-30 22:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
    2014-11-22 12:49 - 2014-10-30 22:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-11-22 12:49 - 2014-10-30 22:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-22 12:49 - 2014-10-30 22:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-22 12:49 - 2014-10-30 22:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-22 12:49 - 2014-10-30 22:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-22 12:49 - 2014-10-30 22:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2014-11-22 12:49 - 2014-10-30 22:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-11-22 12:49 - 2014-10-30 22:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-22 12:49 - 2014-10-30 22:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-22 12:49 - 2014-10-30 22:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-22 12:49 - 2014-10-30 21:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-22 12:49 - 2014-10-30 21:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-22 12:49 - 2014-10-30 21:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2014-11-22 12:49 - 2014-10-30 21:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-22 12:49 - 2014-10-30 21:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-22 12:49 - 2014-10-30 21:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-11-22 12:49 - 2014-10-30 21:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-22 12:49 - 2014-10-30 21:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-22 12:49 - 2014-10-30 21:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-22 12:49 - 2014-10-30 21:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
    2014-11-22 12:49 - 2014-10-30 21:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-11-22 12:49 - 2014-10-30 21:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-22 12:49 - 2014-10-30 21:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-22 12:49 - 2014-10-30 20:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-22 12:49 - 2014-10-30 20:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-22 12:49 - 2014-10-30 20:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2014-11-22 12:49 - 2014-10-30 20:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-11-22 12:49 - 2014-10-30 20:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-22 12:49 - 2014-10-30 20:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-22 12:49 - 2014-10-30 20:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-22 12:49 - 2014-10-30 20:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-22 12:49 - 2014-10-30 20:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-22 12:49 - 2014-10-30 20:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-22 12:49 - 2014-10-30 20:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-22 12:48 - 2014-10-30 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
    2014-11-22 12:48 - 2014-10-30 23:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
    2014-11-22 12:48 - 2014-10-30 23:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
    2014-11-22 12:48 - 2014-10-30 23:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
    2014-11-22 12:48 - 2014-10-30 23:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
    2014-11-22 12:48 - 2014-10-30 23:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll
    2014-11-22 12:48 - 2014-10-30 23:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-22 12:48 - 2014-10-30 23:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-22 12:48 - 2014-10-30 23:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-11-22 12:48 - 2014-10-30 23:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-22 12:48 - 2014-10-30 22:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-22 12:48 - 2014-10-30 22:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-22 12:48 - 2014-10-30 22:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
    2014-11-22 12:48 - 2014-10-30 22:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-22 12:48 - 2014-10-30 22:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-22 12:48 - 2014-10-30 22:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
    2014-11-22 12:48 - 2014-10-30 22:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 12:48 - 2014-10-30 22:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-11-22 12:48 - 2014-10-30 22:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2014-11-22 12:48 - 2014-10-30 22:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2014-11-22 12:48 - 2014-10-30 22:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-22 12:48 - 2014-10-30 22:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-22 12:48 - 2014-10-30 22:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
    2014-11-22 12:48 - 2014-10-30 22:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-11-22 12:48 - 2014-10-30 22:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2014-11-22 12:48 - 2014-10-30 22:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-22 12:48 - 2014-10-30 21:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
    2014-11-22 12:48 - 2014-10-30 21:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
    2014-11-22 12:48 - 2014-10-30 21:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
    2014-11-22 12:48 - 2014-10-30 21:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
    2014-11-22 12:48 - 2014-10-30 21:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
    2014-11-22 12:48 - 2014-10-30 21:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
    2014-11-22 12:48 - 2014-10-30 21:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
    2014-11-22 12:48 - 2014-10-30 21:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-22 12:48 - 2014-10-30 21:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-22 12:48 - 2014-10-30 21:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-22 12:48 - 2014-10-30 21:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-22 12:48 - 2014-10-30 21:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-22 12:48 - 2014-10-30 21:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
    2014-11-22 12:48 - 2014-10-30 21:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-22 12:48 - 2014-10-30 21:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
    2014-11-22 12:48 - 2014-10-30 20:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
    2014-11-22 12:48 - 2014-10-30 20:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-22 12:48 - 2014-10-30 20:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
    2014-11-22 12:48 - 2014-10-30 20:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-22 12:48 - 2014-10-30 20:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-11-22 12:48 - 2014-10-30 20:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2014-11-22 12:48 - 2014-10-30 20:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2014-11-22 12:48 - 2014-10-30 20:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
    2014-11-22 12:47 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-22 12:47 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-22 12:47 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-22 12:47 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-22 12:47 - 2014-11-04 17:38 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-22 12:47 - 2014-11-03 18:10 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-22 12:47 - 2014-10-30 22:53 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-11-22 12:47 - 2014-10-30 22:49 - 00537088 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-22 12:47 - 2014-10-30 22:24 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-11-22 12:47 - 2014-10-22 23:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-22 12:47 - 2014-10-22 23:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-22 12:47 - 2014-10-07 00:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2014-11-22 12:47 - 2014-10-07 00:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-22 12:47 - 2014-10-06 21:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-22 12:47 - 2014-10-06 21:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-22 12:47 - 2014-10-06 21:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-22 12:47 - 2014-10-06 21:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-22 12:47 - 2014-10-06 19:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2014-11-22 12:47 - 2014-10-06 19:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-22 12:47 - 2014-08-22 23:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-22 12:47 - 2014-08-22 23:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-22 12:46 - 2014-09-10 00:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-11-22 12:46 - 2014-09-07 21:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-11-22 12:46 - 2014-09-07 21:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2014-11-22 12:46 - 2014-09-07 16:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
    2014-11-22 12:46 - 2014-09-04 16:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2014-11-22 12:46 - 2014-09-04 16:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2014-11-22 12:46 - 2014-09-03 21:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
    2014-11-22 12:46 - 2014-09-03 20:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
    2014-11-22 12:46 - 2014-09-03 19:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
    2014-11-22 12:46 - 2014-09-03 18:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
    2014-11-22 12:46 - 2014-08-30 18:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
    2014-11-22 12:46 - 2014-08-30 18:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-11-22 12:46 - 2014-08-30 16:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-11-22 12:46 - 2014-08-30 16:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
    2014-11-22 12:46 - 2014-08-30 15:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
    2014-11-22 12:46 - 2014-08-30 15:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
    2014-11-22 12:46 - 2014-08-30 14:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
    2014-11-22 12:46 - 2014-08-30 14:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
    2014-11-22 12:46 - 2014-08-27 20:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-11-22 12:46 - 2014-08-27 18:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-11-22 12:46 - 2014-08-27 18:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-11-22 12:46 - 2014-08-22 23:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2014-11-22 12:46 - 2014-08-22 23:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2014-11-22 12:46 - 2014-08-22 22:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
    2014-11-22 12:46 - 2014-08-01 18:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
    2014-11-22 12:46 - 2014-08-01 18:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
    2014-11-13 22:26 - 2014-11-22 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Nitro PDF
    2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\LSC
    2014-11-13 21:09 - 2014-10-30 05:25 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-06 20:03 - 2014-11-06 20:04 - 71648048 _____ (Apple Inc.) C:\Users\cpaulson12\Downloads\iCloudSetup.exe
    2014-11-06 19:51 - 2014-11-06 19:51 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-11-06 19:51 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-06 19:50 - 2014-11-06 19:50 - 00000000 ____D () C:\Program Files\iPod
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-02 21:42 - 2013-10-07 12:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-02 21:40 - 2014-10-21 20:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-02 21:40 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
    2014-12-02 19:54 - 2014-02-15 20:47 - 01824118 _____ () C:\windows\WindowsUpdate.log
    2014-12-02 19:51 - 2014-07-10 03:19 - 00003970 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{745A42CE-EB87-47C1-8067-C57D29127740}
    2014-12-02 19:51 - 2014-07-10 03:18 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-185766733-1824046107-1153005522-1002
    2014-12-02 19:45 - 2014-07-09 20:10 - 00002256 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-02 19:45 - 2014-07-09 17:15 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\ID Vault
    2014-12-02 19:45 - 2014-07-09 13:59 - 00000000 ___RD () C:\Users\cpaulson12\Google Drive
    2014-12-02 19:44 - 2014-07-09 13:54 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-02 19:43 - 2014-02-15 21:41 - 00002560 _____ () C:\windows\system32\VfService.trf
    2014-12-02 19:43 - 2013-10-07 12:23 - 00468456 _____ () C:\windows\PFRO.log
    2014-12-02 19:43 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Registration
    2014-12-02 19:43 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-02 11:30 - 2014-07-24 21:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-12-02 10:59 - 2014-07-09 13:54 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-02 10:39 - 2014-10-21 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-02 10:39 - 2014-10-21 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-02 10:24 - 2013-08-22 08:46 - 00026264 _____ () C:\windows\setupact.log
    2014-12-02 10:22 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-12-02 10:13 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Pokki
    2014-12-02 10:13 - 2014-07-09 21:06 - 00002135 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
    2014-12-02 10:08 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-11-27 22:30 - 2014-07-24 21:50 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-27 22:01 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12
    2014-11-27 21:34 - 2014-07-10 03:16 - 00002306 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2014-11-27 21:32 - 2014-02-15 21:19 - 00000000 ____D () C:\ProgramData\McAfee
    2014-11-27 21:29 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-11-27 21:25 - 2013-08-22 09:36 - 00000000 ___HD () C:\windows\ELAMBKUP
    2014-11-27 21:23 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-11-22 16:29 - 2013-08-22 08:44 - 00492512 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-22 16:28 - 2014-07-09 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-22 16:24 - 2014-07-14 17:44 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
    2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2014-11-22 13:10 - 2014-07-09 20:26 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-22 13:00 - 2014-07-09 20:26 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-22 12:27 - 2014-07-09 17:16 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\ID Vault
    2014-11-22 12:14 - 2014-07-09 19:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-13 22:06 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\vpnplugins
    2014-11-13 21:46 - 2014-07-21 23:37 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\CrashDumps
    2014-11-06 20:02 - 2014-07-09 20:06 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Apple Computer
    2014-11-06 19:50 - 2014-07-09 20:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-11-06 19:50 - 2014-07-09 20:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
     
    Some content of TEMP:
    ====================
    C:\Users\cpaulson12\AppData\Local\Temp\air4444.exe
    C:\Users\cpaulson12\AppData\Local\Temp\air7885.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airC2FC.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airEBD4.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airFFF7.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\cpaulson12\AppData\Local\Temp\octC212.tmp.exe
    C:\Users\cpaulson12\AppData\Local\Temp\octED6B.tmp.exe
    C:\Users\cpaulson12\AppData\Local\Temp\optprosetup.exe
    C:\Users\cpaulson12\AppData\Local\Temp\ose00000.exe
    C:\Users\cpaulson12\AppData\Local\Temp\PCFixSpeedSetup.exe
    C:\Users\cpaulson12\AppData\Local\Temp\Quarantine.exe
    C:\Users\cpaulson12\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-11-22 12:48
     
    ==================== End Of Log ============================
     
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
    Ran by cpaulson12 at 2014-12-02 21:46:16
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
    AMD Catalyst Install Manager (HKLM\...\{49717648-68B0-3342-F28B-7DF710E1EBF4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
    Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.188.0 - Conexant Systems)
    Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
    Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
    Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
    Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
    Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
    Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
    Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
    OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Start Menu (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    TicTaCoupon (HKLM-x32\...\{E370F69F-ED3F-925F-31FC-14D1329A713B}) (Version:  - "") <==== ATTENTION
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
    UserGuide (x32 Version: 1.0.0.17 - Lenovo) Hidden
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{288799CB-E38C-44A0-A9FA-40D150FFE081}\InprocServer32 -> C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
     
    ==================== Restore Points  =========================
     
    07-11-2014 02:28:54 Scheduled Checkpoint
    22-11-2014 18:48:43 Windows Update
    28-11-2014 03:28:16 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {217B0A99-6E4B-469B-8778-0099F25A6E07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-11-22] (Microsoft Corporation)
    Task: {2209DCE6-3563-48C7-9C36-180BBA71445B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
    Task: {2387F1B2-9135-4078-846E-F5233CADE335} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
    Task: {2BCA6A4B-EF5E-4A4D-A7F9-E4F6DA45DE13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {2FF2D58D-E35A-41A0-BBCC-A2B3967A3B8D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {3CE885C6-DED7-4AC4-8126-7FB38E024F73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
    Task: {4808CEBA-CD6B-4595-A16B-E2504A3EF9A6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
    Task: {786AF07E-C139-440E-B4C6-B7DDE97F43A4} - \TidyNetwork Update No Task File <==== ATTENTION
    Task: {96F6A4DC-6956-437C-92FF-E8E587EBD3E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {9CC9985E-1A1F-4856-9ADA-DABF527D53D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
    Task: {9DB6C33C-90C5-486F-A357-1FCE20B64D2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
    Task: {B75A126B-9EDF-4CB7-8F21-D3ABAC67005A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
    Task: {C88CEF1D-40E3-4307-AD13-5B50EE12FCFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
    Task: {E3B7B63A-DACE-434F-A25F-5F3D56B74610} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {F8E4C8B8-A751-4F59-9B70-B46D7A3F38AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2013-09-11 00:25 - 2013-09-11 00:25 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-07-11 06:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-02-15 21:27 - 2012-04-24 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2014-02-15 21:41 - 2014-02-15 21:41 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2014-02-15 21:41 - 2014-02-15 21:41 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2014-11-22 12:12 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-09-25 05:04 - 2013-09-25 05:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-09-25 05:01 - 2013-09-25 05:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-09-25 05:08 - 2013-09-25 05:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    2014-11-27 21:50 - 2014-11-27 21:50 - 03995136 _____ () c:\Program Files (x86)\CouponGenie\BuyPractical.dll
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-22 16:41 - 2014-11-22 16:41 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
    2014-11-22 16:41 - 2014-11-22 16:41 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
    2014-09-22 14:30 - 2014-09-22 14:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
    2014-12-02 19:44 - 2014-12-02 19:44 - 00098816 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32api.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00110080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pywintypes27.dll
    2014-12-02 19:44 - 2014-12-02 19:44 - 00364544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pythoncom27.dll
    2014-12-02 19:44 - 2014-12-02 19:44 - 00045568 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_socket.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01160704 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_ssl.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00320512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32com.shell.shell.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00713216 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_hashlib.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01175040 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._core_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00805888 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._gdi_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00811008 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._windows_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01062400 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._controls_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00735232 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._misc_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00128512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_elementtree.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00127488 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pyexpat.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00557056 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pysqlite2._sqlite.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00007168 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\hashobjs_ext.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00087552 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_ctypes.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00119808 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32file.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00108544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32security.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00018432 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32event.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00038912 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32inet.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00070656 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._html2.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00167936 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32gui.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00011264 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32crypt.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00027136 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_multiprocessing.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00686080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\unicodedata.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00122368 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._wizard.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00010240 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\select.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00024064 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32pipe.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00025600 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32pdh.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00525640 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\windows._lib_cacheinvalidation.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00035840 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32process.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00017408 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32profile.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00022528 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32ts.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00078336 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._animate.pyd
    2014-08-15 18:04 - 2014-08-06 21:20 - 00718152 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\libglesv2.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 00126280 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\libegl.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 08537928 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\pdf.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 00353096 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 01732936 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\ffmpegsumo.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 14669128 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-185766733-1824046107-1153005522-500 - Administrator - Disabled)
    cpaulson12 (S-1-5-21-185766733-1824046107-1153005522-1002 - Administrator - Enabled) => C:\Users\cpaulson12
    Guest (S-1-5-21-185766733-1824046107-1153005522-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:42:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 27961141
     
     
    System errors:
    =============
    Error: (12/02/2014 11:00:43 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (12/02/2014 10:41:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:41:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:40:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:40:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:39:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:39:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:38:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:42:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 27961141
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-12-02 19:42:34.205
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 19:42:33.985
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.880
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.739
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.556
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.412
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.265
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.133
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.001
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:28.870
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
    Percentage of memory in use: 36%
    Total physical RAM: 5327.26 MB
    Available physical RAM: 3371.18 MB
    Total Pagefile: 10703.26 MB
    Available Pagefile: 8364.92 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.85 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows8_OS) (Fixed) (Total:893.13 GB) (Free:767.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.48 GB) NTFS
    Drive e: ('11 - '13 cabin) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: F91D03FF)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================
     
     
     
    Thanks!!


    #7 paudusd

    paudusd

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 02 December 2014 - 09:49 PM

    Sure.

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 12/2/2014
    Scan Time: 10:40:53 AM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.12.02.05
    Rootkit Database: v2014.12.02.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: cpaulson12
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 333271
    Time Elapsed: 17 min, 29 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 1
    PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{346101c4}, Quarantined, [937a8fcff28ab5818146ec72ac578878], 
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 4
    PUP.Optional.SmartSec, C:\Users\cpaulson12\Downloads\Setup (1).exe, Quarantined, [09049cc23e3ef83e049f0ae55da406fa], 
    PUP.Optional.ReMarkable.A, C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [41ccd28ca7d571c5c522cbf2c341de22], 
    PUP.Optional.ReMarkable.A, C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [53ba570790ecda5c5e89615ccc389967], 
    PUP.Optional.TidyNetwork.A, C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "file:///C:\\Users\\cpaulson12\\AppData\\Local\\TNT2\\Common\\pinnedSearch.htm");), Replaced,[b55879e5027a9e989502cacb20e5956b]
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
    Ran by cpaulson12 (administrator) on CHRISTI-LAPTOP on 02-12-2014 21:44:54
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Loaded Profile: cpaulson12 (Available profiles: cpaulson12)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-07] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-15] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-15] (Lenovo(beijing) Limited)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #3] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #1] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A74F766D-718E-4A04-A80F-7ADAB7E811B6} URL = http://search.yahoo....petb&type=10741
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: TicTaCoupon -> {49c19184-e770-4a09-8161-0eca8b669385} -> C:\ProgramData\TicTaCoupon\9pXorjQgjxDmqM.x64.dll ()
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: TicTaCoupon -> {49c19184-e770-4a09-8161-0eca8b669385} -> C:\ProgramData\TicTaCoupon\9pXorjQgjxDmqM.dll ()
    BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Toolbar: HKLM - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport.dll No File
    Toolbar: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A7F7E4CA-068A-4E43-8A44-69A72B3FD351}: [NameServer] 75.75.75.75,75.75.76.76
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
    FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\idvaultaddon@whitesky [2014-10-25]
    FF Extension: No Name - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\temp [2014-07-09]
    FF Extension: RooyalShoppeRAApp - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\yoe.93h7@qrxs-.edu [2014-09-08]
    FF Extension: FindWide Toolbar - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\toolbar10741@findwide.com.xpi [2014-08-03]
    FF HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
     
    Chrome: 
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09]
    CHR Extension: (Google Drive) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
    CHR Extension: (YouTube) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09]
    CHR Extension: (Google Search) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09]
    CHR Extension: (Accessibility Developer Tools) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkknkljclfencbdbgkenhalefipecmb [2014-12-02]
    CHR Extension: (Full Screen) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-19]
    CHR Extension: (Savings com DealFinder) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap [2014-11-13]
    CHR Extension: (Chromium Updater) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmicnfbmcjhlbdohdmdhfjlbigkcddl [2014-08-26]
    CHR Extension: (Ask the Gooru) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffimodjajkloehmbfgeiclolgbebec [2014-11-05]
    CHR Extension: (Google Wallet) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09]
    CHR Extension: (Shut Up) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfoejikkmejobodofaimigojomlfim [2014-09-28]
    CHR Extension: (Rotten Tomato) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\peokdhcembipiholieikfdloegjagplb [2014-08-26]
    CHR Extension: (Gmail) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09]
    CHR Extension: (Klip Pal) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkoehejbnbinjafeopgalokcmjdgkkhe [2014-10-01]
    CHR Extension: (Beautify for Trello) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmoihbfiilgkkgcogbblhhanjjaocil [2014-09-08]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 346101c4; c:\Program Files (x86)\CouponGenie\BuyPractical.dll [3995136 2014-11-27] () [File not signed]
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-15] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-02 21:42 - 2014-12-02 21:43 - 00000000 ____D () C:\ProgramData\TicTaCoupon
    2014-12-02 21:42 - 2014-12-02 21:43 - 00000000 ____D () C:\ProgramData\c3e08c6694ad16e5
    2014-12-02 10:39 - 2014-12-02 10:39 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-02 10:38 - 2014-12-02 10:23 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\cpaulson12\Desktop\mbam-setup-2.0.3.1025 (2).exe
    2014-12-02 10:37 - 2014-12-02 10:37 - 00000955 _____ () C:\Users\cpaulson12\Desktop\JRT.txt
    2014-12-02 10:34 - 2014-12-02 10:34 - 00000000 ____D () C:\windows\ERUNT
    2014-12-02 10:33 - 2014-12-02 10:21 - 01707646 _____ (Thisisu) C:\Users\cpaulson12\Desktop\JRT.exe
    2014-12-02 10:25 - 2014-12-02 10:30 - 00000000 ____D () C:\AdwCleaner
    2014-12-02 10:25 - 2014-12-02 10:20 - 02154496 _____ () C:\Users\cpaulson12\Desktop\AdwCleaner.exe
    2014-12-02 10:22 - 2014-12-02 10:23 - 00000000 ___RD () C:\Users\cpaulson12\Desktop\putback
    2014-11-27 22:30 - 2014-11-27 22:30 - 04443312 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2014-11-27 22:00 - 2014-11-27 22:01 - 00281392 _____ () C:\windows\Minidump\112714-33546-01.dmp
    2014-11-27 22:00 - 2014-11-27 22:00 - 547900009 _____ () C:\windows\MEMORY.DMP
    2014-11-27 22:00 - 2014-11-27 22:00 - 00000000 ____D () C:\windows\Minidump
    2014-11-27 21:50 - 2014-11-27 21:50 - 00000000 ____D () C:\Program Files (x86)\CouponGenie
    2014-11-27 21:45 - 2014-12-02 21:44 - 00000000 ____D () C:\FRST
    2014-11-27 21:43 - 2014-11-27 21:43 - 02117632 _____ (Farbar) C:\Users\cpaulson12\Downloads\FRST64 (1).exe
    2014-11-27 21:35 - 2014-12-02 21:44 - 00000000 ____D () C:\Users\cpaulson12\Desktop\COMP FIX
    2014-11-27 21:18 - 2014-11-27 21:18 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Zemana
    2014-11-22 16:30 - 2014-11-20 14:51 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-22 16:30 - 2014-11-20 14:51 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-22 12:54 - 2014-09-27 01:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
    2014-11-22 12:54 - 2014-09-26 23:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
    2014-11-22 12:54 - 2014-09-26 21:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-22 12:54 - 2014-09-26 21:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
    2014-11-22 12:54 - 2014-09-26 21:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-22 12:53 - 2014-10-18 03:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-11-22 12:53 - 2014-10-18 02:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-11-22 12:53 - 2014-10-18 02:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2014-11-22 12:53 - 2014-10-18 01:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-11-22 12:53 - 2014-10-18 00:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
    2014-11-22 12:53 - 2014-10-18 00:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-11-22 12:53 - 2014-10-18 00:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-11-22 12:53 - 2014-10-18 00:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-11-22 12:53 - 2014-10-18 00:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2014-11-22 12:53 - 2014-10-18 00:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-11-22 12:53 - 2014-10-18 00:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-11-22 12:53 - 2014-10-18 00:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-11-22 12:53 - 2014-10-18 00:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-11-22 12:53 - 2014-10-18 00:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-11-22 12:53 - 2014-10-18 00:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-11-22 12:53 - 2014-10-18 00:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-11-22 12:53 - 2014-10-17 01:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-22 12:53 - 2014-10-17 00:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-22 12:53 - 2014-10-12 20:33 - 00116032 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2014-11-22 12:53 - 2014-10-10 18:58 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-22 12:53 - 2014-10-10 18:53 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-22 12:53 - 2014-10-09 19:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-22 12:53 - 2014-10-09 19:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
    2014-11-22 12:53 - 2014-10-09 19:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2014-11-22 12:53 - 2014-10-08 01:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-22 12:53 - 2014-10-08 01:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-22 12:53 - 2014-10-08 01:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
    2014-11-22 12:53 - 2014-10-08 01:30 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2014-11-22 12:53 - 2014-10-08 01:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
    2014-11-22 12:53 - 2014-10-08 01:09 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2014-11-22 12:53 - 2014-10-08 00:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2014-11-22 12:53 - 2014-10-08 00:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-22 12:53 - 2014-10-08 00:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-22 12:53 - 2014-10-08 00:27 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2014-11-22 12:53 - 2014-10-08 00:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2014-11-22 12:53 - 2014-10-08 00:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-22 12:53 - 2014-10-07 23:32 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-11-22 12:53 - 2014-10-07 23:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-11-22 12:53 - 2014-10-07 23:19 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-11-22 12:52 - 2014-09-21 22:38 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
    2014-11-22 12:52 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2014-11-22 12:52 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
    2014-11-22 12:52 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2014-11-22 12:52 - 2014-09-18 18:16 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
    2014-11-22 12:52 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
    2014-11-22 12:52 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
    2014-11-22 12:51 - 2014-10-30 23:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-22 12:51 - 2014-10-30 21:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-22 12:49 - 2014-10-30 23:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-22 12:49 - 2014-10-30 23:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-22 12:49 - 2014-10-30 22:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-22 12:49 - 2014-10-30 22:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
    2014-11-22 12:49 - 2014-10-30 22:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-11-22 12:49 - 2014-10-30 22:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-22 12:49 - 2014-10-30 22:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-22 12:49 - 2014-10-30 22:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-22 12:49 - 2014-10-30 22:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-22 12:49 - 2014-10-30 22:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2014-11-22 12:49 - 2014-10-30 22:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-11-22 12:49 - 2014-10-30 22:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-22 12:49 - 2014-10-30 22:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-22 12:49 - 2014-10-30 22:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-22 12:49 - 2014-10-30 21:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-22 12:49 - 2014-10-30 21:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-22 12:49 - 2014-10-30 21:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2014-11-22 12:49 - 2014-10-30 21:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-22 12:49 - 2014-10-30 21:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-22 12:49 - 2014-10-30 21:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-11-22 12:49 - 2014-10-30 21:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-22 12:49 - 2014-10-30 21:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-22 12:49 - 2014-10-30 21:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-22 12:49 - 2014-10-30 21:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
    2014-11-22 12:49 - 2014-10-30 21:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-11-22 12:49 - 2014-10-30 21:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-22 12:49 - 2014-10-30 21:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-22 12:49 - 2014-10-30 20:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-22 12:49 - 2014-10-30 20:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-22 12:49 - 2014-10-30 20:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2014-11-22 12:49 - 2014-10-30 20:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-11-22 12:49 - 2014-10-30 20:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-22 12:49 - 2014-10-30 20:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-22 12:49 - 2014-10-30 20:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-22 12:49 - 2014-10-30 20:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-22 12:49 - 2014-10-30 20:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-22 12:49 - 2014-10-30 20:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-22 12:49 - 2014-10-30 20:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-22 12:48 - 2014-10-30 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
    2014-11-22 12:48 - 2014-10-30 23:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
    2014-11-22 12:48 - 2014-10-30 23:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
    2014-11-22 12:48 - 2014-10-30 23:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
    2014-11-22 12:48 - 2014-10-30 23:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
    2014-11-22 12:48 - 2014-10-30 23:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll
    2014-11-22 12:48 - 2014-10-30 23:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-22 12:48 - 2014-10-30 23:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-22 12:48 - 2014-10-30 23:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-11-22 12:48 - 2014-10-30 23:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-22 12:48 - 2014-10-30 22:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-22 12:48 - 2014-10-30 22:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-22 12:48 - 2014-10-30 22:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
    2014-11-22 12:48 - 2014-10-30 22:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-22 12:48 - 2014-10-30 22:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-22 12:48 - 2014-10-30 22:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
    2014-11-22 12:48 - 2014-10-30 22:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 12:48 - 2014-10-30 22:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-11-22 12:48 - 2014-10-30 22:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2014-11-22 12:48 - 2014-10-30 22:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2014-11-22 12:48 - 2014-10-30 22:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-22 12:48 - 2014-10-30 22:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-22 12:48 - 2014-10-30 22:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
    2014-11-22 12:48 - 2014-10-30 22:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-11-22 12:48 - 2014-10-30 22:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2014-11-22 12:48 - 2014-10-30 22:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-22 12:48 - 2014-10-30 21:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
    2014-11-22 12:48 - 2014-10-30 21:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
    2014-11-22 12:48 - 2014-10-30 21:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
    2014-11-22 12:48 - 2014-10-30 21:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
    2014-11-22 12:48 - 2014-10-30 21:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
    2014-11-22 12:48 - 2014-10-30 21:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
    2014-11-22 12:48 - 2014-10-30 21:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
    2014-11-22 12:48 - 2014-10-30 21:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-22 12:48 - 2014-10-30 21:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-22 12:48 - 2014-10-30 21:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-22 12:48 - 2014-10-30 21:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-22 12:48 - 2014-10-30 21:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-22 12:48 - 2014-10-30 21:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
    2014-11-22 12:48 - 2014-10-30 21:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-22 12:48 - 2014-10-30 21:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
    2014-11-22 12:48 - 2014-10-30 20:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
    2014-11-22 12:48 - 2014-10-30 20:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-22 12:48 - 2014-10-30 20:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
    2014-11-22 12:48 - 2014-10-30 20:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-22 12:48 - 2014-10-30 20:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-11-22 12:48 - 2014-10-30 20:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2014-11-22 12:48 - 2014-10-30 20:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2014-11-22 12:48 - 2014-10-30 20:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
    2014-11-22 12:47 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-22 12:47 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-22 12:47 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-22 12:47 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-22 12:47 - 2014-11-04 17:38 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-22 12:47 - 2014-11-03 18:10 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-22 12:47 - 2014-10-30 22:53 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-11-22 12:47 - 2014-10-30 22:49 - 00537088 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-22 12:47 - 2014-10-30 22:24 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-11-22 12:47 - 2014-10-22 23:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-22 12:47 - 2014-10-22 23:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-22 12:47 - 2014-10-07 00:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2014-11-22 12:47 - 2014-10-07 00:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-22 12:47 - 2014-10-06 21:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-22 12:47 - 2014-10-06 21:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-22 12:47 - 2014-10-06 21:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-22 12:47 - 2014-10-06 21:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-22 12:47 - 2014-10-06 19:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2014-11-22 12:47 - 2014-10-06 19:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-22 12:47 - 2014-08-22 23:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-22 12:47 - 2014-08-22 23:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-22 12:46 - 2014-09-10 00:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-11-22 12:46 - 2014-09-07 21:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-11-22 12:46 - 2014-09-07 21:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2014-11-22 12:46 - 2014-09-07 16:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
    2014-11-22 12:46 - 2014-09-04 16:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2014-11-22 12:46 - 2014-09-04 16:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2014-11-22 12:46 - 2014-09-03 21:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
    2014-11-22 12:46 - 2014-09-03 20:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
    2014-11-22 12:46 - 2014-09-03 19:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
    2014-11-22 12:46 - 2014-09-03 18:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
    2014-11-22 12:46 - 2014-08-30 18:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
    2014-11-22 12:46 - 2014-08-30 18:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-11-22 12:46 - 2014-08-30 16:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-11-22 12:46 - 2014-08-30 16:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
    2014-11-22 12:46 - 2014-08-30 15:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
    2014-11-22 12:46 - 2014-08-30 15:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
    2014-11-22 12:46 - 2014-08-30 14:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
    2014-11-22 12:46 - 2014-08-30 14:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
    2014-11-22 12:46 - 2014-08-27 20:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-11-22 12:46 - 2014-08-27 18:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-11-22 12:46 - 2014-08-27 18:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-11-22 12:46 - 2014-08-22 23:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2014-11-22 12:46 - 2014-08-22 23:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2014-11-22 12:46 - 2014-08-22 22:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
    2014-11-22 12:46 - 2014-08-01 18:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
    2014-11-22 12:46 - 2014-08-01 18:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
    2014-11-13 22:26 - 2014-11-22 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Nitro PDF
    2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\LSC
    2014-11-13 21:09 - 2014-10-30 05:25 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-06 20:03 - 2014-11-06 20:04 - 71648048 _____ (Apple Inc.) C:\Users\cpaulson12\Downloads\iCloudSetup.exe
    2014-11-06 19:51 - 2014-11-06 19:51 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-11-06 19:51 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-06 19:50 - 2014-11-06 19:50 - 00000000 ____D () C:\Program Files\iPod
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-02 21:42 - 2013-10-07 12:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-02 21:40 - 2014-10-21 20:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-02 21:40 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
    2014-12-02 19:54 - 2014-02-15 20:47 - 01824118 _____ () C:\windows\WindowsUpdate.log
    2014-12-02 19:51 - 2014-07-10 03:19 - 00003970 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{745A42CE-EB87-47C1-8067-C57D29127740}
    2014-12-02 19:51 - 2014-07-10 03:18 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-185766733-1824046107-1153005522-1002
    2014-12-02 19:45 - 2014-07-09 20:10 - 00002256 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-02 19:45 - 2014-07-09 17:15 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\ID Vault
    2014-12-02 19:45 - 2014-07-09 13:59 - 00000000 ___RD () C:\Users\cpaulson12\Google Drive
    2014-12-02 19:44 - 2014-07-09 13:54 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-02 19:43 - 2014-02-15 21:41 - 00002560 _____ () C:\windows\system32\VfService.trf
    2014-12-02 19:43 - 2013-10-07 12:23 - 00468456 _____ () C:\windows\PFRO.log
    2014-12-02 19:43 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Registration
    2014-12-02 19:43 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-02 11:30 - 2014-07-24 21:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-12-02 10:59 - 2014-07-09 13:54 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-02 10:39 - 2014-10-21 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-02 10:39 - 2014-10-21 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-02 10:24 - 2013-08-22 08:46 - 00026264 _____ () C:\windows\setupact.log
    2014-12-02 10:22 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-12-02 10:13 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Pokki
    2014-12-02 10:13 - 2014-07-09 21:06 - 00002135 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
    2014-12-02 10:08 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-11-27 22:30 - 2014-07-24 21:50 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-27 22:01 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12
    2014-11-27 21:34 - 2014-07-10 03:16 - 00002306 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2014-11-27 21:32 - 2014-02-15 21:19 - 00000000 ____D () C:\ProgramData\McAfee
    2014-11-27 21:29 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-11-27 21:25 - 2013-08-22 09:36 - 00000000 ___HD () C:\windows\ELAMBKUP
    2014-11-27 21:23 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-11-22 16:29 - 2013-08-22 08:44 - 00492512 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-22 16:28 - 2014-07-09 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-22 16:24 - 2014-07-14 17:44 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
    2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2014-11-22 13:10 - 2014-07-09 20:26 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-22 13:00 - 2014-07-09 20:26 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-22 12:27 - 2014-07-09 17:16 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\ID Vault
    2014-11-22 12:14 - 2014-07-09 19:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-13 22:06 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\vpnplugins
    2014-11-13 21:46 - 2014-07-21 23:37 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\CrashDumps
    2014-11-06 20:02 - 2014-07-09 20:06 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Apple Computer
    2014-11-06 19:50 - 2014-07-09 20:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-11-06 19:50 - 2014-07-09 20:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
     
    Some content of TEMP:
    ====================
    C:\Users\cpaulson12\AppData\Local\Temp\air4444.exe
    C:\Users\cpaulson12\AppData\Local\Temp\air7885.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airC2FC.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airEBD4.exe
    C:\Users\cpaulson12\AppData\Local\Temp\airFFF7.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\cpaulson12\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\cpaulson12\AppData\Local\Temp\octC212.tmp.exe
    C:\Users\cpaulson12\AppData\Local\Temp\octED6B.tmp.exe
    C:\Users\cpaulson12\AppData\Local\Temp\optprosetup.exe
    C:\Users\cpaulson12\AppData\Local\Temp\ose00000.exe
    C:\Users\cpaulson12\AppData\Local\Temp\PCFixSpeedSetup.exe
    C:\Users\cpaulson12\AppData\Local\Temp\Quarantine.exe
    C:\Users\cpaulson12\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-11-22 12:48
     
    ==================== End Of Log ============================
     
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
    Ran by cpaulson12 at 2014-12-02 21:46:16
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
    AMD Catalyst Install Manager (HKLM\...\{49717648-68B0-3342-F28B-7DF710E1EBF4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
    Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.188.0 - Conexant Systems)
    Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
    Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
    Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
    Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
    Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
    Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
    Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
    OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Start Menu (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    TicTaCoupon (HKLM-x32\...\{E370F69F-ED3F-925F-31FC-14D1329A713B}) (Version:  - "") <==== ATTENTION
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
    UserGuide (x32 Version: 1.0.0.17 - Lenovo) Hidden
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{288799CB-E38C-44A0-A9FA-40D150FFE081}\InprocServer32 -> C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
     
    ==================== Restore Points  =========================
     
    07-11-2014 02:28:54 Scheduled Checkpoint
    22-11-2014 18:48:43 Windows Update
    28-11-2014 03:28:16 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {217B0A99-6E4B-469B-8778-0099F25A6E07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-11-22] (Microsoft Corporation)
    Task: {2209DCE6-3563-48C7-9C36-180BBA71445B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
    Task: {2387F1B2-9135-4078-846E-F5233CADE335} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
    Task: {2BCA6A4B-EF5E-4A4D-A7F9-E4F6DA45DE13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {2FF2D58D-E35A-41A0-BBCC-A2B3967A3B8D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {3CE885C6-DED7-4AC4-8126-7FB38E024F73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
    Task: {4808CEBA-CD6B-4595-A16B-E2504A3EF9A6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
    Task: {786AF07E-C139-440E-B4C6-B7DDE97F43A4} - \TidyNetwork Update No Task File <==== ATTENTION
    Task: {96F6A4DC-6956-437C-92FF-E8E587EBD3E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {9CC9985E-1A1F-4856-9ADA-DABF527D53D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
    Task: {9DB6C33C-90C5-486F-A357-1FCE20B64D2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
    Task: {B75A126B-9EDF-4CB7-8F21-D3ABAC67005A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
    Task: {C88CEF1D-40E3-4307-AD13-5B50EE12FCFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
    Task: {E3B7B63A-DACE-434F-A25F-5F3D56B74610} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {F8E4C8B8-A751-4F59-9B70-B46D7A3F38AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2013-09-11 00:25 - 2013-09-11 00:25 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-07-11 06:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-02-15 21:27 - 2012-04-24 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2014-02-15 21:41 - 2014-02-15 21:41 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2014-02-15 21:41 - 2014-02-15 21:41 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2014-11-22 12:12 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-09-25 05:04 - 2013-09-25 05:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-09-25 05:01 - 2013-09-25 05:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-09-25 05:08 - 2013-09-25 05:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    2014-11-27 21:50 - 2014-11-27 21:50 - 03995136 _____ () c:\Program Files (x86)\CouponGenie\BuyPractical.dll
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-22 16:41 - 2014-11-22 16:41 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
    2014-11-22 16:41 - 2014-11-22 16:41 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
    2014-09-22 14:30 - 2014-09-22 14:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
    2014-12-02 19:44 - 2014-12-02 19:44 - 00098816 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32api.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00110080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pywintypes27.dll
    2014-12-02 19:44 - 2014-12-02 19:44 - 00364544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pythoncom27.dll
    2014-12-02 19:44 - 2014-12-02 19:44 - 00045568 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_socket.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01160704 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_ssl.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00320512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32com.shell.shell.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00713216 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_hashlib.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01175040 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._core_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00805888 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._gdi_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00811008 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._windows_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 01062400 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._controls_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00735232 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._misc_.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00128512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_elementtree.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00127488 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pyexpat.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00557056 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\pysqlite2._sqlite.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00007168 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\hashobjs_ext.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00087552 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_ctypes.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00119808 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32file.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00108544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32security.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00018432 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32event.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00038912 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32inet.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00070656 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._html2.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00167936 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32gui.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00011264 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32crypt.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00027136 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\_multiprocessing.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00686080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\unicodedata.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00122368 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._wizard.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00010240 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\select.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00024064 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32pipe.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00025600 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32pdh.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00525640 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\windows._lib_cacheinvalidation.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00035840 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32process.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00017408 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32profile.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00022528 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\win32ts.pyd
    2014-12-02 19:44 - 2014-12-02 19:44 - 00078336 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI38402\wx._animate.pyd
    2014-08-15 18:04 - 2014-08-06 21:20 - 00718152 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\libglesv2.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 00126280 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\libegl.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 08537928 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\pdf.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 00353096 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 01732936 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\ffmpegsumo.dll
    2014-08-15 18:04 - 2014-08-06 21:20 - 14669128 _____ () c:\program files (x86)\google\chrome\application\36.0.1985.143\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-185766733-1824046107-1153005522-500 - Administrator - Disabled)
    cpaulson12 (S-1-5-21-185766733-1824046107-1153005522-1002 - Administrator - Enabled) => C:\Users\cpaulson12
    Guest (S-1-5-21-185766733-1824046107-1153005522-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:42:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 27961141
     
     
    System errors:
    =============
    Error: (12/02/2014 11:00:43 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (12/02/2014 10:41:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:41:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:40:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:40:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:39:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:39:17 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (12/02/2014 10:38:47 AM) (Source: DCOM) (EventID: 10010) (User: Christi-laptop)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2953
     
    Error: (12/02/2014 07:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1422
     
    Error: (12/02/2014 07:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 07:42:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 27961141
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-12-02 19:42:34.205
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 19:42:33.985
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.880
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.739
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.556
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.412
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.265
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.133
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.001
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:28.870
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
    Percentage of memory in use: 36%
    Total physical RAM: 5327.26 MB
    Available physical RAM: 3371.18 MB
    Total Pagefile: 10703.26 MB
    Available Pagefile: 8364.92 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.85 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows8_OS) (Fixed) (Total:893.13 GB) (Free:767.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.48 GB) NTFS
    Drive e: ('11 - '13 cabin) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: F91D03FF)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================
     
     
     
    Thanks!!


    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 02 December 2014 - 10:34 PM

    I am attaching a fix log named Fixlist.txt, you need to download it to the same directory that you have FRST64 or the fix wont work.

     

    After you download it open up FRST64 and click on FIX, it will reboot your system and will create a fixlog in the same directory as FRST64, post it please and let me know how your system is behaving now

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 paudusd

    paudusd

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 03 December 2014 - 09:02 AM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2014
    Ran by cpaulson12 at 2014-12-03 08:47:29 Run:1
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Loaded Profile: cpaulson12 (Available profiles: cpaulson12)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #3] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\RunOnce: [Application Restart #1] => C:\Users\cpaulson12\AppData\Local\Pokki\Engine\HostAppService.exe [7794504 2014-11-14] (Pokki)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = 
    BHO: TicTaCoupon -> {49c19184-e770-4a09-8161-0eca8b669385} -> C:\ProgramData\TicTaCoupon\9pXorjQgjxDmqM.x64.dll ()
    BHO-x32: TicTaCoupon -> {49c19184-e770-4a09-8161-0eca8b669385} -> C:\ProgramData\TicTaCoupon\9pXorjQgjxDmqM.dll ()
    C:\ProgramData\TicTaCoupon
    Toolbar: HKLM - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport.dll No File
    Toolbar: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> FindWide Toolbar - {288799CB-E38C-44A0-A9FA-40D150FFE081} - C:\Users\cpaulson12\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    FF Extension: No Name - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\temp [2014-07-09]
    FF Extension: RooyalShoppeRAApp - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\yoe.93h7@qrxs-.edu [2014-09-08]
    FF Extension: FindWide Toolbar - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\toolbar10741@findwide.com.xpi [2014-08-03]
    CHR Extension: (Savings com DealFinder) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap [2014-11-13]
    CHR Extension: (Klip Pal) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkoehejbnbinjafeopgalokcmjdgkkhe [2014-10-01]
    2014-12-02 21:42 - 2014-12-02 21:43 - 00000000 ____D () C:\ProgramData\TicTaCoupon
    2014-12-02 10:13 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Pokki
    Task: {786AF07E-C139-440E-B4C6-B7DDE97F43A4} - \TidyNetwork Update No Task File <==== ATTENTION
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************
     
    Processes closed successfully.
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3 => value deleted successfully.
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value deleted successfully.
    C:\windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-185766733-1824046107-1153005522-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A90A3198-80B1-4AE3-8B57-6F7FA26DB44E}" => Key deleted successfully.
    "HKCR\CLSID\{A90A3198-80B1-4AE3-8B57-6F7FA26DB44E}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49c19184-e770-4a09-8161-0eca8b669385}" => Key deleted successfully.
    "HKCR\CLSID\{49c19184-e770-4a09-8161-0eca8b669385}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49c19184-e770-4a09-8161-0eca8b669385}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{49c19184-e770-4a09-8161-0eca8b669385}" => Key deleted successfully.
    C:\ProgramData\TicTaCoupon => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{288799CB-E38C-44A0-A9FA-40D150FFE081} => value deleted successfully.
    "HKCR\CLSID\{288799CB-E38C-44A0-A9FA-40D150FFE081}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{288799CB-E38C-44A0-A9FA-40D150FFE081} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{288799CB-E38C-44A0-A9FA-40D150FFE081}" => Key deleted successfully.
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{288799CB-E38C-44A0-A9FA-40D150FFE081} => value deleted successfully.
    "HKCR\CLSID\{288799CB-E38C-44A0-A9FA-40D150FFE081}" => Key not found.
    C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\temp => Moved successfully.
    C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\yoe.93h7@qrxs-.edu => Moved successfully.
    C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\toolbar10741@findwide.com.xpi => Moved successfully.
    C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap => Moved successfully.
    C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkoehejbnbinjafeopgalokcmjdgkkhe => Moved successfully.
    "C:\ProgramData\TicTaCoupon" => File/Directory not found.
    C:\Users\cpaulson12\AppData\Local\Pokki => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{786AF07E-C139-440E-B4C6-B7DDE97F43A4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{786AF07E-C139-440E-B4C6-B7DDE97F43A4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
     
    =========  ipconfig /flushdns =========
     
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========= End of CMD: =========
     
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 2.3 GB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog ====
     
     
     
     
    It still seems to be running about the same as it was before.  pretty slow and still tons of web popups if I have a browser open.  Thanks


    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 December 2014 - 09:50 AM

    Looks like we will have to dig deeper

     

    Download AVAST BROWSER CLEANUP to your desktop
     
  • There is nothing to  install, just right click on it and Run As Adminstrator
  • When its finished scanning it will list Browser Add ONs
  • If if finds Kilp Pal or any other bogus toolbars
  • Just high light them and select REMOVE
  • Click on the ? on the left and click on Log
  • You can copy and paste the log back in this forum for me to see
  • Close out the program
  • Reboot your system and test your browsers
  •  
     
    Then run a new scan with FRST, checkmark Additions and post both new logs


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 paudusd

    paudusd

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 03 December 2014 - 12:33 PM

    03.12.2014 12:20:41 (TID: 6708)
    ProductVersion: 9.0.0.224
    Mozilla Firefox Browser
    Install Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Version: 33.0.3
    Profile Path: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\
    Mozilla Firefox Profiles
    Name: default Path: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default
    Google Chrome Browser
    Version: 36.0.1985.143
    Install Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Profile Path: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\
    Google Chrome Profiles
    Name: Default Path: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default
    Opera Browser
    Opera Warning: Failed to find install path
    Apple Safari Browser
    Apple Safari Warning: Failed to access Safari
    Google Chrome
    Extensions
    ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs
    ID: apdfllckaahabafndbhieahigkjlhalf Name: Google Drive
    ID: bepbmhgboaologfdajaanbcjmnhjmhfn Name: Google Voice Search Hotword (Beta)
    ID: blpcfgokakmgnkcojhhkbfbldkacnbeo Name: YouTube
    ID: coobgpohoikkiipiblmjeljniedjpjpf Name: Google Search
    ID: eibhgnpocflidkjpcgjafalpiffkpice Name: Chinese English Dictionary
    ID: fpkknkljclfencbdbgkenhalefipecmb Name: Accessibility Developer Tools
    ID: gmimocjjppdelmhpcmpkhekmpoddgima Name: Full Screen
    ID: gncemjbbfkgdhfiigkdebleebbhlelap Name: Savings com DealFinder
    ID: hcmicnfbmcjhlbdohdmdhfjlbigkcddl Name: Chromium Updater
    ID: kkffimodjajkloehmbfgeiclolgbebec Name: Ask the Gooru
    ID: nmmhkkegccagdldgiimedpiccmgmieda Name: Google Wallet
    ID: oklfoejikkmejobodofaimigojomlfim Name: Shut Up
    ID: peokdhcembipiholieikfdloegjagplb Name: Rotten Tomato
    ID: pjkljhegncpnkpknbcohdijeoejaedia Name: Gmail
    ID: pkoehejbnbinjafeopgalokcmjdgkkhe Name: Klip Pal
    ID: ppmoihbfiilgkkgcogbblhhanjjaocil Name: Beautify for Trello
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Mozilla Firefox
    Extensions
    ID: toolbar10741@findwide.com Name: FindWide Toolbar
    ID: ysi9gtz@qbd-ii.net Name: shoppndruop
    ID: yoe.93h7@qrxs-.edu Name: RooyalShoppeRAApp
    ID: tu@f.org Name: SSAlEsCheccker
    ID: {e4f94d1e-2f53-401e-8885-681602c0ddd8} Name: McAfee Security Scan Plus
    ID: n@hz.com Name: TicTaCaoiupon
    ID: idvaultaddon@whitesky Name: XFINITY Constant Guard Protection Suite
    ID: y@rgeb.com Name: surfkeepit
    ID: zen@l.net Name: LuckyCoupon
    Homepages
    URL: 
    Search Engines
    Name: Google
    Microsoft IE
    Extensions
    ID: {25336920-03f9-11cf-8fd0-00aa00686f13} Name: HTML Document
    ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Name: Lync Browser Helper
    ID: {b84cdbe7-1b46-494b-a188-01d4c52deb61} Name: Constant Guard Protection Suite
    ID: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} Name: Microsoft SkyDrive Pro Browser Helper
    ID: {d27cdb6e-ae6d-11cf-96b8-444553540000} Name: Shockwave Flash Object
    ID: {f5078f32-c551-11d3-89b9-0000f81fe221} Name: XML DOM Document 3.0
    ID: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} Name: XML HTTP
    Homepages
    HKCU: about:blank
    Microsoft IE Warning: default search engine not set (DefaultScope is empty)
    Search Engines
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Homepages
    URL: 
    Search Engines
    Name: Google
    Homepages
    HKCU: about:blank
    Microsoft IE Warning: default search engine not set (DefaultScope is empty)
    Search Engines
    BCURequest:
    os_language : en-us
    location: en-us
    osType: 6.2
    browser: chrome is_default: 0
    id: aohghmighlieiainnegkcijnfilokake name: Google Docs
    id: apdfllckaahabafndbhieahigkjlhalf name: Google Drive
    id: bepbmhgboaologfdajaanbcjmnhjmhfn name: Google Voice Search Hotword (Beta)
    id: blpcfgokakmgnkcojhhkbfbldkacnbeo name: YouTube
    id: coobgpohoikkiipiblmjeljniedjpjpf name: Google Search
    id: eibhgnpocflidkjpcgjafalpiffkpice name: Chinese English Dictionary
    id: fpkknkljclfencbdbgkenhalefipecmb name: Accessibility Developer Tools
    id: gmimocjjppdelmhpcmpkhekmpoddgima name: Full Screen
    id: gncemjbbfkgdhfiigkdebleebbhlelap name: Savings com DealFinder
    id: hcmicnfbmcjhlbdohdmdhfjlbigkcddl name: Chromium Updater
    id: kkffimodjajkloehmbfgeiclolgbebec name: Ask the Gooru
    id: nmmhkkegccagdldgiimedpiccmgmieda name: Google Wallet
    id: oklfoejikkmejobodofaimigojomlfim name: Shut Up
    id: peokdhcembipiholieikfdloegjagplb name: Rotten Tomato
    id: pjkljhegncpnkpknbcohdijeoejaedia name: Gmail
    id: pkoehejbnbinjafeopgalokcmjdgkkhe name: Klip Pal
    id: ppmoihbfiilgkkgcogbblhhanjjaocil name: Beautify for Trello
    browser: firefox is_default: 1
    id: toolbar10741@findwide.com name: FindWide Toolbar
    id: ysi9gtz@qbd-ii.net name: shoppndruop
    id: yoe.93h7@qrxs-.edu name: RooyalShoppeRAApp
    id: tu@f.org name: SSAlEsCheccker
    id: {e4f94d1e-2f53-401e-8885-681602c0ddd8} name: McAfee Security Scan Plus
    id: n@hz.com name: TicTaCaoiupon
    id: idvaultaddon@whitesky name: XFINITY Constant Guard Protection Suite
    id: y@rgeb.com name: surfkeepit
    id: zen@l.net name: LuckyCoupon
    browser: iexplorer is_default: 0
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} name: HTML Document
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} name: Lync Browser Helper
    id: {b84cdbe7-1b46-494b-a188-01d4c52deb61} name: Constant Guard Protection Suite
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} name: Microsoft SkyDrive Pro Browser Helper
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} name: Shockwave Flash Object
    id: {f5078f32-c551-11d3-89b9-0000f81fe221} name: XML DOM Document 3.0
    id: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} name: XML HTTP
    BCUResponse:
    Browser: chrome provider_modified: 0
    id: aohghmighlieiainnegkcijnfilokake intarnal_id: 1 rating: 5
    id: apdfllckaahabafndbhieahigkjlhalf intarnal_id: 5027 rating: 4
    id: bepbmhgboaologfdajaanbcjmnhjmhfn intarnal_id: 5200 rating: 5
    id: blpcfgokakmgnkcojhhkbfbldkacnbeo intarnal_id: 5040 rating: 5
    id: coobgpohoikkiipiblmjeljniedjpjpf intarnal_id: 1 rating: 5
    id: eibhgnpocflidkjpcgjafalpiffkpice intarnal_id: 8000 rating: 5
    id: fpkknkljclfencbdbgkenhalefipecmb intarnal_id: 8000 rating: 5
    id: gmimocjjppdelmhpcmpkhekmpoddgima intarnal_id: 8000 rating: 5
    id: gncemjbbfkgdhfiigkdebleebbhlelap intarnal_id: 8000 rating: 5
    id: hcmicnfbmcjhlbdohdmdhfjlbigkcddl intarnal_id: 8000 rating: 5
    id: kkffimodjajkloehmbfgeiclolgbebec intarnal_id: 8000 rating: 5
    id: nmmhkkegccagdldgiimedpiccmgmieda intarnal_id: 5200 rating: 5
    id: oklfoejikkmejobodofaimigojomlfim intarnal_id: 8000 rating: 5
    id: peokdhcembipiholieikfdloegjagplb intarnal_id: 8000 rating: 5
    id: pjkljhegncpnkpknbcohdijeoejaedia intarnal_id: 8000 rating: 5
    id: pkoehejbnbinjafeopgalokcmjdgkkhe intarnal_id: 751 rating: 1
    id: ppmoihbfiilgkkgcogbblhhanjjaocil intarnal_id: 8000 rating: 4
    Browser: firefox provider_modified: 0
    id: toolbar10741@findwide.com intarnal_id: 1 rating: 1
    id: ysi9gtz@qbd-ii.net intarnal_id: 1851 rating: 1
    id: yoe.93h7@qrxs-.edu intarnal_id: 2044 rating: 1
    id: tu@f.org intarnal_id: 2217 rating: 1
    id: {e4f94d1e-2f53-401e-8885-681602c0ddd8} intarnal_id: 8000 rating: 4
    id: n@hz.com intarnal_id: 65 rating: 2
    id: idvaultaddon@whitesky intarnal_id: 113 rating: 3
    id: y@rgeb.com intarnal_id: 2217 rating: 1
    id: zen@l.net intarnal_id: 2217 rating: 1
    Browser: iexplorer provider_modified: 1
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} intarnal_id: 8000 rating: 5
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} intarnal_id: 5210 rating: 4
    id: {b84cdbe7-1b46-494b-a188-01d4c52deb61} intarnal_id: 8000 rating: 5
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} intarnal_id: 5200 rating: 5
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} intarnal_id: 8000 rating: 5
    id: {f5078f32-c551-11d3-89b9-0000f81fe221} intarnal_id: 8000 rating: 5
    id: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} intarnal_id: 8000 rating: 5
    Detected a potential browser protector: {
       "Services" : {
          "Description" : "constant guard protection suite process monitoring service.",
          "DisplayName" : "cgps service",
          "FileInfo" : {
             "Path" : "\"c:\\program files (x86)\\constant guard protection suite\\idvaultsvc.exe\"",
             "md5" : ""
          },
          "Name" : "IDVaultSvc"
       },
       "runningProcess" : {
          "IDVault.exe" : {
             "CompanyName" : "White Sky, Inc.",
             "FileDescription" : "Constant Guard Protection Suite",
             "FileVersion" : "1.14.922.1",
             "Path" : "c:\\program files (x86)\\constant guard protection suite\\idvault.exe",
             "ProductVersion" : "1.14.922.1",
             "md5" : "6C4F17118CC7ED25D6D468E8D6FFA505"
          },
          "IDVaultSvc.exe" : {
             "CompanyName" : "White Sky, Inc.",
             "FileDescription" : "Constant Guard Protection Suite",
             "FileVersion" : "1.14.922.1",
             "Path" : "c:\\program files (x86)\\constant guard protection suite\\idvaultsvc.exe",
             "ProductVersion" : "1.14.922.1",
             "md5" : "053FA8AB3ACF75D5BFA08BB44B1DEB35"
          }
       },
       "uninstallInfo" : {
          "ID Vault" : {
             "DisplayName" : "Constant Guard Protection Suite",
             "Publisher" : "Comcast",
             "UninstallString" : "\"c:\\program files (x86)\\constant guard protection suite\\uninstall.exe\" \"/u:c:\\program files (x86)\\constant guard protection suite\\uninstall.xml\""
          }
       }
    }
    Detected a potential browser protector: {
       "Services" : {
          "Description" : "@%programfiles%\\windows defender\\mpasdesc.dll,-242",
          "DisplayName" : "@%programfiles%\\windows defender\\mpasdesc.dll,-320",
          "FileInfo" : {
             "Path" : "\"c:\\program files (x86)\\windows defender\\nissrv.exe\"",
             "md5" : ""
          },
          "Name" : "WdNisSvc"
       }
    }
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Homepages
    URL: 
    Search Engines
    Name: Google
    Homepages
    HKCU: about:blank
    Microsoft IE Warning: default search engine not set (DefaultScope is empty)
    Search Engines
    execute: /remove="<x><751><c>pkoehejbnbinjafeopgalokcmjdgkkhe</c></751></x>" /resetsettings="<x><i><sp_id>TPL_YAHOO9_US</sp_id></i></x>"  /user=S-1-5-21-185766733-1824046107-1153005522-1002
    Google Chrome
    Extensions
    ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs
    ID: apdfllckaahabafndbhieahigkjlhalf Name: Google Drive
    ID: bepbmhgboaologfdajaanbcjmnhjmhfn Name: Google Voice Search Hotword (Beta)
    ID: blpcfgokakmgnkcojhhkbfbldkacnbeo Name: YouTube
    ID: coobgpohoikkiipiblmjeljniedjpjpf Name: Google Search
    ID: eibhgnpocflidkjpcgjafalpiffkpice Name: Chinese English Dictionary
    ID: fpkknkljclfencbdbgkenhalefipecmb Name: Accessibility Developer Tools
    ID: gmimocjjppdelmhpcmpkhekmpoddgima Name: Full Screen
    ID: gncemjbbfkgdhfiigkdebleebbhlelap Name: Savings com DealFinder
    ID: hcmicnfbmcjhlbdohdmdhfjlbigkcddl Name: Chromium Updater
    ID: kkffimodjajkloehmbfgeiclolgbebec Name: Ask the Gooru
    ID: nmmhkkegccagdldgiimedpiccmgmieda Name: Google Wallet
    ID: oklfoejikkmejobodofaimigojomlfim Name: Shut Up
    ID: peokdhcembipiholieikfdloegjagplb Name: Rotten Tomato
    ID: pjkljhegncpnkpknbcohdijeoejaedia Name: Gmail
    ID: ppmoihbfiilgkkgcogbblhhanjjaocil Name: Beautify for Trello
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Mozilla Firefox
    Extensions
    ID: toolbar10741@findwide.com Name: FindWide Toolbar
    ID: ysi9gtz@qbd-ii.net Name: shoppndruop
    ID: yoe.93h7@qrxs-.edu Name: RooyalShoppeRAApp
    ID: tu@f.org Name: SSAlEsCheccker
    ID: {e4f94d1e-2f53-401e-8885-681602c0ddd8} Name: McAfee Security Scan Plus
    ID: n@hz.com Name: TicTaCaoiupon
    ID: idvaultaddon@whitesky Name: XFINITY Constant Guard Protection Suite
    ID: y@rgeb.com Name: surfkeepit
    ID: zen@l.net Name: LuckyCoupon
    Homepages
    URL: 
    Search Engines
    Name: Google
    Microsoft IE
    Extensions
    ID: {25336920-03f9-11cf-8fd0-00aa00686f13} Name: HTML Document
    ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Name: Lync Browser Helper
    ID: {b84cdbe7-1b46-494b-a188-01d4c52deb61} Name: Constant Guard Protection Suite
    ID: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} Name: Microsoft SkyDrive Pro Browser Helper
    ID: {d27cdb6e-ae6d-11cf-96b8-444553540000} Name: Shockwave Flash Object
    ID: {f5078f32-c551-11d3-89b9-0000f81fe221} Name: XML DOM Document 3.0
    ID: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} Name: XML HTTP
    Homepages
    Search Engines
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Homepages
    URL: 
    Search Engines
    Name: Google
    Homepages
    Search Engines
    BCURequest:
    os_language : en-us
    location: en-us
    osType: 6.2
    browser: chrome is_default: 0
    id: aohghmighlieiainnegkcijnfilokake name: Google Docs
    id: apdfllckaahabafndbhieahigkjlhalf name: Google Drive
    id: bepbmhgboaologfdajaanbcjmnhjmhfn name: Google Voice Search Hotword (Beta)
    id: blpcfgokakmgnkcojhhkbfbldkacnbeo name: YouTube
    id: coobgpohoikkiipiblmjeljniedjpjpf name: Google Search
    id: eibhgnpocflidkjpcgjafalpiffkpice name: Chinese English Dictionary
    id: fpkknkljclfencbdbgkenhalefipecmb name: Accessibility Developer Tools
    id: gmimocjjppdelmhpcmpkhekmpoddgima name: Full Screen
    id: gncemjbbfkgdhfiigkdebleebbhlelap name: Savings com DealFinder
    id: hcmicnfbmcjhlbdohdmdhfjlbigkcddl name: Chromium Updater
    id: kkffimodjajkloehmbfgeiclolgbebec name: Ask the Gooru
    id: nmmhkkegccagdldgiimedpiccmgmieda name: Google Wallet
    id: oklfoejikkmejobodofaimigojomlfim name: Shut Up
    id: peokdhcembipiholieikfdloegjagplb name: Rotten Tomato
    id: pjkljhegncpnkpknbcohdijeoejaedia name: Gmail
    id: ppmoihbfiilgkkgcogbblhhanjjaocil name: Beautify for Trello
    browser: firefox is_default: 1
    id: toolbar10741@findwide.com name: FindWide Toolbar
    id: ysi9gtz@qbd-ii.net name: shoppndruop
    id: yoe.93h7@qrxs-.edu name: RooyalShoppeRAApp
    id: tu@f.org name: SSAlEsCheccker
    id: {e4f94d1e-2f53-401e-8885-681602c0ddd8} name: McAfee Security Scan Plus
    id: n@hz.com name: TicTaCaoiupon
    id: idvaultaddon@whitesky name: XFINITY Constant Guard Protection Suite
    id: y@rgeb.com name: surfkeepit
    id: zen@l.net name: LuckyCoupon
    browser: iexplorer is_default: 0
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} name: HTML Document
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} name: Lync Browser Helper
    id: {b84cdbe7-1b46-494b-a188-01d4c52deb61} name: Constant Guard Protection Suite
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} name: Microsoft SkyDrive Pro Browser Helper
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} name: Shockwave Flash Object
    id: {f5078f32-c551-11d3-89b9-0000f81fe221} name: XML DOM Document 3.0
    id: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} name: XML HTTP
    BCUResponse:
    Browser: chrome provider_modified: 0
    id: aohghmighlieiainnegkcijnfilokake intarnal_id: 1 rating: 5
    id: apdfllckaahabafndbhieahigkjlhalf intarnal_id: 5027 rating: 4
    id: bepbmhgboaologfdajaanbcjmnhjmhfn intarnal_id: 5200 rating: 5
    id: blpcfgokakmgnkcojhhkbfbldkacnbeo intarnal_id: 5040 rating: 5
    id: coobgpohoikkiipiblmjeljniedjpjpf intarnal_id: 1 rating: 5
    id: eibhgnpocflidkjpcgjafalpiffkpice intarnal_id: 8000 rating: 5
    id: fpkknkljclfencbdbgkenhalefipecmb intarnal_id: 8000 rating: 5
    id: gmimocjjppdelmhpcmpkhekmpoddgima intarnal_id: 8000 rating: 5
    id: gncemjbbfkgdhfiigkdebleebbhlelap intarnal_id: 8000 rating: 5
    id: hcmicnfbmcjhlbdohdmdhfjlbigkcddl intarnal_id: 8000 rating: 5
    id: kkffimodjajkloehmbfgeiclolgbebec intarnal_id: 8000 rating: 5
    id: nmmhkkegccagdldgiimedpiccmgmieda intarnal_id: 5200 rating: 5
    id: oklfoejikkmejobodofaimigojomlfim intarnal_id: 8000 rating: 5
    id: peokdhcembipiholieikfdloegjagplb intarnal_id: 8000 rating: 5
    id: pjkljhegncpnkpknbcohdijeoejaedia intarnal_id: 8000 rating: 5
    id: ppmoihbfiilgkkgcogbblhhanjjaocil intarnal_id: 8000 rating: 4
    Browser: firefox provider_modified: 0
    id: toolbar10741@findwide.com intarnal_id: 1 rating: 1
    id: ysi9gtz@qbd-ii.net intarnal_id: 1851 rating: 1
    id: yoe.93h7@qrxs-.edu intarnal_id: 2044 rating: 1
    id: tu@f.org intarnal_id: 2217 rating: 1
    id: {e4f94d1e-2f53-401e-8885-681602c0ddd8} intarnal_id: 8000 rating: 4
    id: n@hz.com intarnal_id: 65 rating: 2
    id: idvaultaddon@whitesky intarnal_id: 113 rating: 3
    id: y@rgeb.com intarnal_id: 2217 rating: 1
    id: zen@l.net intarnal_id: 2217 rating: 1
    Browser: iexplorer provider_modified: 0
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} intarnal_id: 8000 rating: 5
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} intarnal_id: 5210 rating: 4
    id: {b84cdbe7-1b46-494b-a188-01d4c52deb61} intarnal_id: 8000 rating: 5
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} intarnal_id: 5200 rating: 5
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} intarnal_id: 8000 rating: 5
    id: {f5078f32-c551-11d3-89b9-0000f81fe221} intarnal_id: 8000 rating: 5
    id: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} intarnal_id: 8000 rating: 5
    execute: /remove="<x><1><f>toolbar10741@findwide.com</f></1></x>" /resetsettings="<x></x>"  /user=S-1-5-21-185766733-1824046107-1153005522-1002
    Google Chrome
    Extensions
    ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs
    ID: apdfllckaahabafndbhieahigkjlhalf Name: Google Drive
    ID: bepbmhgboaologfdajaanbcjmnhjmhfn Name: Google Voice Search Hotword (Beta)
    ID: blpcfgokakmgnkcojhhkbfbldkacnbeo Name: YouTube
    ID: coobgpohoikkiipiblmjeljniedjpjpf Name: Google Search
    ID: eibhgnpocflidkjpcgjafalpiffkpice Name: Chinese English Dictionary
    ID: fpkknkljclfencbdbgkenhalefipecmb Name: Accessibility Developer Tools
    ID: gmimocjjppdelmhpcmpkhekmpoddgima Name: Full Screen
    ID: gncemjbbfkgdhfiigkdebleebbhlelap Name: Savings com DealFinder
    ID: hcmicnfbmcjhlbdohdmdhfjlbigkcddl Name: Chromium Updater
    ID: kkffimodjajkloehmbfgeiclolgbebec Name: Ask the Gooru
    ID: nmmhkkegccagdldgiimedpiccmgmieda Name: Google Wallet
    ID: oklfoejikkmejobodofaimigojomlfim Name: Shut Up
    ID: peokdhcembipiholieikfdloegjagplb Name: Rotten Tomato
    ID: pjkljhegncpnkpknbcohdijeoejaedia Name: Gmail
    ID: ppmoihbfiilgkkgcogbblhhanjjaocil Name: Beautify for Trello
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Mozilla Firefox
    Extensions
    ID: ysi9gtz@qbd-ii.net Name: shoppndruop
    ID: yoe.93h7@qrxs-.edu Name: RooyalShoppeRAApp
    ID: tu@f.org Name: SSAlEsCheccker
    ID: {e4f94d1e-2f53-401e-8885-681602c0ddd8} Name: McAfee Security Scan Plus
    ID: n@hz.com Name: TicTaCaoiupon
    ID: idvaultaddon@whitesky Name: XFINITY Constant Guard Protection Suite
    ID: y@rgeb.com Name: surfkeepit
    ID: zen@l.net Name: LuckyCoupon
    Homepages
    URL: 
    Search Engines
    Name: Google
    Microsoft IE
    Extensions
    ID: {25336920-03f9-11cf-8fd0-00aa00686f13} Name: HTML Document
    ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Name: Lync Browser Helper
    ID: {b84cdbe7-1b46-494b-a188-01d4c52deb61} Name: Constant Guard Protection Suite
    ID: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} Name: Microsoft SkyDrive Pro Browser Helper
    ID: {d27cdb6e-ae6d-11cf-96b8-444553540000} Name: Shockwave Flash Object
    ID: {f5078f32-c551-11d3-89b9-0000f81fe221} Name: XML DOM Document 3.0
    ID: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} Name: XML HTTP
    Homepages
    Search Engines
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Homepages
    URL: 
    Search Engines
    Name: Google
    Homepages
    Search Engines
    BCURequest:
    os_language : en-us
    location: en-us
    osType: 6.2
    browser: chrome is_default: 0
    id: aohghmighlieiainnegkcijnfilokake name: Google Docs
    id: apdfllckaahabafndbhieahigkjlhalf name: Google Drive
    id: bepbmhgboaologfdajaanbcjmnhjmhfn name: Google Voice Search Hotword (Beta)
    id: blpcfgokakmgnkcojhhkbfbldkacnbeo name: YouTube
    id: coobgpohoikkiipiblmjeljniedjpjpf name: Google Search
    id: eibhgnpocflidkjpcgjafalpiffkpice name: Chinese English Dictionary
    id: fpkknkljclfencbdbgkenhalefipecmb name: Accessibility Developer Tools
    id: gmimocjjppdelmhpcmpkhekmpoddgima name: Full Screen
    id: gncemjbbfkgdhfiigkdebleebbhlelap name: Savings com DealFinder
    id: hcmicnfbmcjhlbdohdmdhfjlbigkcddl name: Chromium Updater
    id: kkffimodjajkloehmbfgeiclolgbebec name: Ask the Gooru
    id: nmmhkkegccagdldgiimedpiccmgmieda name: Google Wallet
    id: oklfoejikkmejobodofaimigojomlfim name: Shut Up
    id: peokdhcembipiholieikfdloegjagplb name: Rotten Tomato
    id: pjkljhegncpnkpknbcohdijeoejaedia name: Gmail
    id: ppmoihbfiilgkkgcogbblhhanjjaocil name: Beautify for Trello
    browser: firefox is_default: 1
    id: ysi9gtz@qbd-ii.net name: shoppndruop
    id: yoe.93h7@qrxs-.edu name: RooyalShoppeRAApp
    id: tu@f.org name: SSAlEsCheccker
    id: {e4f94d1e-2f53-401e-8885-681602c0ddd8} name: McAfee Security Scan Plus
    id: n@hz.com name: TicTaCaoiupon
    id: idvaultaddon@whitesky name: XFINITY Constant Guard Protection Suite
    id: y@rgeb.com name: surfkeepit
    id: zen@l.net name: LuckyCoupon
    browser: iexplorer is_default: 0
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} name: HTML Document
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} name: Lync Browser Helper
    id: {b84cdbe7-1b46-494b-a188-01d4c52deb61} name: Constant Guard Protection Suite
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} name: Microsoft SkyDrive Pro Browser Helper
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} name: Shockwave Flash Object
    id: {f5078f32-c551-11d3-89b9-0000f81fe221} name: XML DOM Document 3.0
    id: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} name: XML HTTP
    BCUResponse:
    Browser: chrome provider_modified: 0
    id: aohghmighlieiainnegkcijnfilokake intarnal_id: 1 rating: 5
    id: apdfllckaahabafndbhieahigkjlhalf intarnal_id: 5027 rating: 4
    id: bepbmhgboaologfdajaanbcjmnhjmhfn intarnal_id: 5200 rating: 5
    id: blpcfgokakmgnkcojhhkbfbldkacnbeo intarnal_id: 5040 rating: 5
    id: coobgpohoikkiipiblmjeljniedjpjpf intarnal_id: 1 rating: 5
    id: eibhgnpocflidkjpcgjafalpiffkpice intarnal_id: 8000 rating: 5
    id: fpkknkljclfencbdbgkenhalefipecmb intarnal_id: 8000 rating: 5
    id: gmimocjjppdelmhpcmpkhekmpoddgima intarnal_id: 8000 rating: 5
    id: gncemjbbfkgdhfiigkdebleebbhlelap intarnal_id: 8000 rating: 5
    id: hcmicnfbmcjhlbdohdmdhfjlbigkcddl intarnal_id: 8000 rating: 5
    id: kkffimodjajkloehmbfgeiclolgbebec intarnal_id: 8000 rating: 5
    id: nmmhkkegccagdldgiimedpiccmgmieda intarnal_id: 5200 rating: 5
    id: oklfoejikkmejobodofaimigojomlfim intarnal_id: 8000 rating: 5
    id: peokdhcembipiholieikfdloegjagplb intarnal_id: 8000 rating: 5
    id: pjkljhegncpnkpknbcohdijeoejaedia intarnal_id: 8000 rating: 5
    id: ppmoihbfiilgkkgcogbblhhanjjaocil intarnal_id: 8000 rating: 4
    Browser: firefox provider_modified: 0
    id: ysi9gtz@qbd-ii.net intarnal_id: 1851 rating: 1
    id: yoe.93h7@qrxs-.edu intarnal_id: 2044 rating: 1
    id: tu@f.org intarnal_id: 2217 rating: 1
    id: {e4f94d1e-2f53-401e-8885-681602c0ddd8} intarnal_id: 8000 rating: 4
    id: n@hz.com intarnal_id: 65 rating: 2
    id: idvaultaddon@whitesky intarnal_id: 113 rating: 3
    id: y@rgeb.com intarnal_id: 2217 rating: 1
    id: zen@l.net intarnal_id: 2217 rating: 1
    Browser: iexplorer provider_modified: 0
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} intarnal_id: 8000 rating: 5
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} intarnal_id: 5210 rating: 4
    id: {b84cdbe7-1b46-494b-a188-01d4c52deb61} intarnal_id: 8000 rating: 5
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} intarnal_id: 5200 rating: 5
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} intarnal_id: 8000 rating: 5
    id: {f5078f32-c551-11d3-89b9-0000f81fe221} intarnal_id: 8000 rating: 5
    id: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} intarnal_id: 8000 rating: 5
    execute: /remove="<x><1851><f>ysi9gtz@qbd-ii.net</f></1851><2044><f>yoe.93h7@qrxs-.edu</f></2044><2217><f>tu@f.org</f><f>y@rgeb.com</f><f>zen@l.net</f></2217><65><f>n@hz.com</f></65></x>" /resetsettings="<x></x>"  /user=S-1-5-21-185766733-1824046107-1153005522-1002
    Google Chrome
    Extensions
    ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs
    ID: apdfllckaahabafndbhieahigkjlhalf Name: Google Drive
    ID: bepbmhgboaologfdajaanbcjmnhjmhfn Name: Google Voice Search Hotword (Beta)
    ID: blpcfgokakmgnkcojhhkbfbldkacnbeo Name: YouTube
    ID: coobgpohoikkiipiblmjeljniedjpjpf Name: Google Search
    ID: eibhgnpocflidkjpcgjafalpiffkpice Name: Chinese English Dictionary
    ID: fpkknkljclfencbdbgkenhalefipecmb Name: Accessibility Developer Tools
    ID: gmimocjjppdelmhpcmpkhekmpoddgima Name: Full Screen
    ID: gncemjbbfkgdhfiigkdebleebbhlelap Name: Savings com DealFinder
    ID: hcmicnfbmcjhlbdohdmdhfjlbigkcddl Name: Chromium Updater
    ID: kkffimodjajkloehmbfgeiclolgbebec Name: Ask the Gooru
    ID: nmmhkkegccagdldgiimedpiccmgmieda Name: Google Wallet
    ID: oklfoejikkmejobodofaimigojomlfim Name: Shut Up
    ID: peokdhcembipiholieikfdloegjagplb Name: Rotten Tomato
    ID: pjkljhegncpnkpknbcohdijeoejaedia Name: Gmail
    ID: ppmoihbfiilgkkgcogbblhhanjjaocil Name: Beautify for Trello
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Mozilla Firefox
    Extensions
    ID: {e4f94d1e-2f53-401e-8885-681602c0ddd8} Name: McAfee Security Scan Plus
    ID: idvaultaddon@whitesky Name: XFINITY Constant Guard Protection Suite
    Homepages
    URL: 
    Search Engines
    Name: Google
    Microsoft IE
    Extensions
    ID: {25336920-03f9-11cf-8fd0-00aa00686f13} Name: HTML Document
    ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Name: Lync Browser Helper
    ID: {b84cdbe7-1b46-494b-a188-01d4c52deb61} Name: Constant Guard Protection Suite
    ID: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} Name: Microsoft SkyDrive Pro Browser Helper
    ID: {d27cdb6e-ae6d-11cf-96b8-444553540000} Name: Shockwave Flash Object
    ID: {f5078f32-c551-11d3-89b9-0000f81fe221} Name: XML DOM Document 3.0
    ID: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} Name: XML HTTP
    Homepages
    Search Engines
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    Homepages
    URL: 
    Search Engines
    Name: Google
    Homepages
    Search Engines
    BCURequest:
    os_language : en-us
    location: en-us
    osType: 6.2
    browser: chrome is_default: 0
    id: aohghmighlieiainnegkcijnfilokake name: Google Docs
    id: apdfllckaahabafndbhieahigkjlhalf name: Google Drive
    id: bepbmhgboaologfdajaanbcjmnhjmhfn name: Google Voice Search Hotword (Beta)
    id: blpcfgokakmgnkcojhhkbfbldkacnbeo name: YouTube
    id: coobgpohoikkiipiblmjeljniedjpjpf name: Google Search
    id: eibhgnpocflidkjpcgjafalpiffkpice name: Chinese English Dictionary
    id: fpkknkljclfencbdbgkenhalefipecmb name: Accessibility Developer Tools
    id: gmimocjjppdelmhpcmpkhekmpoddgima name: Full Screen
    id: gncemjbbfkgdhfiigkdebleebbhlelap name: Savings com DealFinder
    id: hcmicnfbmcjhlbdohdmdhfjlbigkcddl name: Chromium Updater
    id: kkffimodjajkloehmbfgeiclolgbebec name: Ask the Gooru
    id: nmmhkkegccagdldgiimedpiccmgmieda name: Google Wallet
    id: oklfoejikkmejobodofaimigojomlfim name: Shut Up
    id: peokdhcembipiholieikfdloegjagplb name: Rotten Tomato
    id: pjkljhegncpnkpknbcohdijeoejaedia name: Gmail
    id: ppmoihbfiilgkkgcogbblhhanjjaocil name: Beautify for Trello
    browser: firefox is_default: 1
    id: {e4f94d1e-2f53-401e-8885-681602c0ddd8} name: McAfee Security Scan Plus
    id: idvaultaddon@whitesky name: XFINITY Constant Guard Protection Suite
    browser: iexplorer is_default: 0
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} name: HTML Document
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} name: Lync Browser Helper
    id: {b84cdbe7-1b46-494b-a188-01d4c52deb61} name: Constant Guard Protection Suite
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} name: Microsoft SkyDrive Pro Browser Helper
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} name: Shockwave Flash Object
    id: {f5078f32-c551-11d3-89b9-0000f81fe221} name: XML DOM Document 3.0
    id: {f6d90f16-9c73-11d3-b32e-00c04f990bb4} name: XML HTTP
    BCUResponse:
    Browser: chrome provider_modified: 0
    id: aohghmighlieiainnegkcijnfilokake intarnal_id: 1 rating: 5
    id: apdfllckaahabafndbhieahigkjlhalf intarnal_id: 5027 rating: 4
    id: bepbmhgboaologfdajaanbcjmnhjmhfn intarnal_id: 5200 rating: 5
    id: blpcfgokakmgnkcojhhkbfbldkacnbeo intarnal_id: 5040 rating: 5
    id: coobgpohoikkiipiblmjeljniedjpjpf intarnal_id: 1 rating: 5
    id: eibhgnpocflidkjpcgjafalpiffkpice intarnal_id: 8000 rating: 5
    id: fpkknkljclfencbdbgkenhalefipecmb intarnal_id: 8000 rating: 5
    id: gmimocjjppdelmhpcmpkhekmpoddgima intarnal_id: 8000 rating: 5
    id: gncemjbbfkgdhfiigkdebleebbhlelap intarnal_id: 8000 rating: 5
    id: hcmicnfbmcjhlbdohdmdhfjlbigkcddl intarnal_id: 8000 rating: 5
    id: kkffimodjajkloehmbfgeiclolgbebec intarnal_id: 8000 rating: 5
    id: nmmhkkegccagdldgiimedpiccmgmieda intarnal_id: 5200 rating: 5
    id: oklfoejikkmejobodofaimigojomlfim intarnal_id: 8000 rating: 5
    id: peokdhcembipiholieikfdloegjagplb intarnal_id: 8000 rating: 5
    id: pjkljhegncpnkpknbcohdijeoejaedia intarnal_id: 8000 rating: 5
    id: ppmoihbfiilgkkgcogbblhhanjjaocil intarnal_id: 8000 rating: 4
    Browser: firefox provider_modified: 0
    id: {e4f94d1e-2f53-401e-8885-681602c0ddd8} intarnal_id: 8000 rating: 4
    id: idvaultaddon@whitesky intarnal_id: 113 rating: 3
    Browser: iexplorer provider_modified: 0
    id: {25336920-03f9-11cf-8fd0-00aa00686f13} intarnal_id: 8000 rating: 5
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} intarnal_id: 5210 rating: 4
    id: {b84c
     
     
     
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
    Ran by cpaulson12 at 2014-12-03 12:28:14
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
    AMD Catalyst Install Manager (HKLM\...\{49717648-68B0-3342-F28B-7DF710E1EBF4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BetterPriceChec (HKLM-x32\...\{4E5FE462-1A84-47B4-3411-C72434AAD86C}) (Version:  - "") <==== ATTENTION
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
    Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.188.0 - Conexant Systems)
    Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
    Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
    GetDiscountApp (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - GetDiscountApp) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
    Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
    Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
    Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
    Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
    OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Start Menu (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    TicTaCoupon (HKLM-x32\...\{E370F69F-ED3F-925F-31FC-14D1329A713B}) (Version:  - "") <==== ATTENTION
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
    UserGuide (x32 Version: 1.0.0.17 - Lenovo) Hidden
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
     
    ==================== Restore Points  =========================
     
    07-11-2014 02:28:54 Scheduled Checkpoint
    22-11-2014 18:48:43 Windows Update
    28-11-2014 03:28:16 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 07:25 - 2014-12-03 08:48 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {217B0A99-6E4B-469B-8778-0099F25A6E07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-11-22] (Microsoft Corporation)
    Task: {2209DCE6-3563-48C7-9C36-180BBA71445B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
    Task: {2387F1B2-9135-4078-846E-F5233CADE335} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
    Task: {2BCA6A4B-EF5E-4A4D-A7F9-E4F6DA45DE13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {2FF2D58D-E35A-41A0-BBCC-A2B3967A3B8D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {3CE885C6-DED7-4AC4-8126-7FB38E024F73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
    Task: {4808CEBA-CD6B-4595-A16B-E2504A3EF9A6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
    Task: {96F6A4DC-6956-437C-92FF-E8E587EBD3E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {9CC9985E-1A1F-4856-9ADA-DABF527D53D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
    Task: {9DB6C33C-90C5-486F-A357-1FCE20B64D2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
    Task: {B75A126B-9EDF-4CB7-8F21-D3ABAC67005A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
    Task: {C88CEF1D-40E3-4307-AD13-5B50EE12FCFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
    Task: {E3B7B63A-DACE-434F-A25F-5F3D56B74610} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {F8E4C8B8-A751-4F59-9B70-B46D7A3F38AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2013-09-11 00:25 - 2013-09-11 00:25 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-07-11 06:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-02-15 21:27 - 2012-04-24 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2014-02-15 21:41 - 2014-02-15 21:41 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2014-02-15 21:41 - 2014-02-15 21:41 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2014-11-22 12:12 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-09-25 05:04 - 2013-09-25 05:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-09-25 05:01 - 2013-09-25 05:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-09-25 05:08 - 2013-09-25 05:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    2014-11-27 21:50 - 2014-11-27 21:50 - 03995136 _____ () c:\Program Files (x86)\CouponGenie\BuyPractical.dll
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-22 16:41 - 2014-11-22 16:41 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
    2014-11-22 16:41 - 2014-11-22 16:41 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
    2014-12-03 12:25 - 2014-12-03 12:25 - 00098816 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32api.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00110080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\pywintypes27.dll
    2014-12-03 12:25 - 2014-12-03 12:25 - 00364544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\pythoncom27.dll
    2014-12-03 12:25 - 2014-12-03 12:25 - 00045568 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\_socket.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 01160704 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\_ssl.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00320512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32com.shell.shell.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00713216 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\_hashlib.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 01175040 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\wx._core_.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00805888 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\wx._gdi_.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00811008 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\wx._windows_.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 01062400 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\wx._controls_.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00735232 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\wx._misc_.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00128512 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\_elementtree.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00127488 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\pyexpat.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00557056 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\pysqlite2._sqlite.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00087552 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\_ctypes.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00119808 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32file.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00108544 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32security.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00007168 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\hashobjs_ext.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00167936 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32gui.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00018432 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32event.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00038912 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32inet.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00011264 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32crypt.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00070656 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\wx._html2.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00027136 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\_multiprocessing.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00035840 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32process.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00686080 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\unicodedata.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00122368 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\wx._wizard.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00024064 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32pipe.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00025600 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32pdh.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00525640 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\windows._lib_cacheinvalidation.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00010240 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\select.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00017408 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32profile.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00022528 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\win32ts.pyd
    2014-12-03 12:25 - 2014-12-03 12:25 - 00078336 _____ () C:\Users\cpaulson12\AppData\Local\Temp\_MEI35002\wx._animate.pyd
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-185766733-1824046107-1153005522-500 - Administrator - Disabled)
    cpaulson12 (S-1-5-21-185766733-1824046107-1153005522-1002 - Administrator - Enabled) => C:\Users\cpaulson12
    Guest (S-1-5-21-185766733-1824046107-1153005522-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (12/03/2014 00:20:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
    Faulting module name: chrome.dll, version: 36.0.1985.143, time stamp: 0x53e2e1c7
    Exception code: 0xc0000005
    Fault offset: 0x000630df
    Faulting process id: 0x1a7c
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3
    Faulting package full name: chrome.exe4
    Faulting package-relative application ID: chrome.exe5
     
    Error: (12/03/2014 09:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1516
     
    Error: (12/03/2014 09:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1516
     
    Error: (12/03/2014 09:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/03/2014 08:58:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 784
     
    Start Time: 01d00f095e9cd870
     
    Termination Time: 4294967295
     
    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    Report Id: cc86e0a1-7afc-11e4-826b-40f02fd7fdda
     
    Faulting package full name: 
     
    Faulting package-relative application ID:
     
    Error: (12/03/2014 08:44:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 39225594
     
    Error: (12/03/2014 08:44:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 39225594
     
    Error: (12/03/2014 08:44:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6174969
     
     
    System errors:
    =============
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NitroPDFDriverCreatorReadSpool8 service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The CGPS Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Conexant SmartAudio service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VeriFaceSrv service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The ZAtheros Bt and Wlan Coex Agent service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Nalpeiron Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (12/03/2014 08:47:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/03/2014 00:20:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe36.0.1985.14353e2e515chrome.dll36.0.1985.14353e2e1c7c0000005000630df1a7c01d00f25dc00df30c:\program files (x86)\google\chrome\application\chrome.exec:\program files (x86)\google\chrome\application\36.0.1985.143\chrome.dll1ae7aabe-7b19-11e4-826b-40f02fd7fdda
     
    Error: (12/03/2014 09:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1516
     
    Error: (12/03/2014 09:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1516
     
    Error: (12/03/2014 09:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/03/2014 08:58:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: chrome.exe36.0.1985.14378401d00f095e9cd8704294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.execc86e0a1-7afc-11e4-826b-40f02fd7fdda
     
    Error: (12/03/2014 08:44:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 39225594
     
    Error: (12/03/2014 08:44:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 39225594
     
    Error: (12/03/2014 08:44:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6174969
     
    Error: (12/02/2014 09:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6174969
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-12-03 08:50:13.141
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-03 08:50:12.922
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-03 08:50:12.734
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-03 08:50:12.391
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-03 08:50:12.203
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 19:42:34.205
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 19:42:33.985
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.880
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.739
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2014-12-02 11:56:29.556
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
    Percentage of memory in use: 22%
    Total physical RAM: 5327.26 MB
    Available physical RAM: 4103.54 MB
    Total Pagefile: 10703.26 MB
    Available Pagefile: 9392.18 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.85 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows8_OS) (Fixed) (Total:893.13 GB) (Free:776.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.48 GB) NTFS
    Drive e: ('11 - '13 cabin) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: F91D03FF)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================
     
     
     
     
     
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
    Ran by cpaulson12 (administrator) on CHRISTI-LAPTOP on 03-12-2014 12:26:49
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Loaded Profile: cpaulson12 (Available profiles: cpaulson12)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-07] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-15] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-15] (Lenovo(beijing) Limited)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-185766733-1824046107-1153005522-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=agc511
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=agc511
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=agc511
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A74F766D-718E-4A04-A80F-7ADAB7E811B6} URL = http://search.yahoo....petb&type=10741
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: BetterPriceChec -> {88e9a618-56f3-4a7e-aaaa-0b6b83306eee} -> C:\ProgramData\BetterPriceChec\6BNe1JmhBd1jqW.x64.dll ()
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: BetterPriceChec -> {88e9a618-56f3-4a7e-aaaa-0b6b83306eee} -> C:\ProgramData\BetterPriceChec\6BNe1JmhBd1jqW.dll ()
    BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A7F7E4CA-068A-4E43-8A44-69A72B3FD351}: [NameServer] 75.75.75.75,75.75.76.76
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
    FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\3hli1wif.default\Extensions\idvaultaddon@whitesky [2014-10-25]
    FF HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
     
    Chrome: 
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09]
    CHR Extension: (Google Drive) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
    CHR Extension: (YouTube) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09]
    CHR Extension: (Google Search) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09]
    CHR Extension: (Chinese English Dictionary) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibhgnpocflidkjpcgjafalpiffkpice [2014-12-03]
    CHR Extension: (Accessibility Developer Tools) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkknkljclfencbdbgkenhalefipecmb [2014-12-02]
    CHR Extension: (Full Screen) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-19]
    CHR Extension: (Chromium Updater) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmicnfbmcjhlbdohdmdhfjlbigkcddl [2014-08-26]
    CHR Extension: (Ask the Gooru) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffimodjajkloehmbfgeiclolgbebec [2014-11-05]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-03]
    CHR Extension: (Google Wallet) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09]
    CHR Extension: (Shut Up) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfoejikkmejobodofaimigojomlfim [2014-09-28]
    CHR Extension: (Rotten Tomato) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\peokdhcembipiholieikfdloegjagplb [2014-08-26]
    CHR Extension: (Gmail) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09]
    CHR Extension: (Beautify for Trello) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmoihbfiilgkkgcogbblhhanjjaocil [2014-09-08]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 346101c4; c:\Program Files (x86)\CouponGenie\BuyPractical.dll [3995136 2014-11-27] () [File not signed]
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-15] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-03 12:20 - 2014-12-03 12:20 - 00000000 ____D () C:\ProgramData\GetDiscountApp
    2014-12-03 08:47 - 2014-12-03 08:47 - 00000000 ____D () C:\ProgramData\BetterPriceChec
    2014-12-02 21:42 - 2014-12-03 12:20 - 00000000 ____D () C:\ProgramData\c3e08c6694ad16e5
    2014-12-02 10:39 - 2014-12-02 10:39 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-02 10:38 - 2014-12-02 10:23 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\cpaulson12\Desktop\mbam-setup-2.0.3.1025 (2).exe
    2014-12-02 10:37 - 2014-12-02 10:37 - 00000955 _____ () C:\Users\cpaulson12\Desktop\JRT.txt
    2014-12-02 10:34 - 2014-12-02 10:34 - 00000000 ____D () C:\windows\ERUNT
    2014-12-02 10:33 - 2014-12-02 10:21 - 01707646 _____ (Thisisu) C:\Users\cpaulson12\Desktop\JRT.exe
    2014-12-02 10:25 - 2014-12-02 10:30 - 00000000 ____D () C:\AdwCleaner
    2014-12-02 10:25 - 2014-12-02 10:20 - 02154496 _____ () C:\Users\cpaulson12\Desktop\AdwCleaner.exe
    2014-12-02 10:22 - 2014-12-02 10:23 - 00000000 ___RD () C:\Users\cpaulson12\Desktop\putback
    2014-11-27 22:30 - 2014-11-27 22:30 - 04443312 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2014-11-27 22:00 - 2014-11-27 22:01 - 00281392 _____ () C:\windows\Minidump\112714-33546-01.dmp
    2014-11-27 22:00 - 2014-11-27 22:00 - 547900009 _____ () C:\windows\MEMORY.DMP
    2014-11-27 22:00 - 2014-11-27 22:00 - 00000000 ____D () C:\windows\Minidump
    2014-11-27 21:50 - 2014-11-27 21:50 - 00000000 ____D () C:\Program Files (x86)\CouponGenie
    2014-11-27 21:45 - 2014-12-03 12:26 - 00000000 ____D () C:\FRST
    2014-11-27 21:43 - 2014-11-27 21:43 - 02117632 _____ (Farbar) C:\Users\cpaulson12\Downloads\FRST64 (1).exe
    2014-11-27 21:35 - 2014-12-03 12:26 - 00000000 ____D () C:\Users\cpaulson12\Desktop\COMP FIX
    2014-11-27 21:18 - 2014-11-27 21:18 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\Zemana
    2014-11-22 16:30 - 2014-11-20 14:51 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-22 16:30 - 2014-11-20 14:51 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-22 12:54 - 2014-09-27 01:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
    2014-11-22 12:54 - 2014-09-26 23:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
    2014-11-22 12:54 - 2014-09-26 21:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-22 12:54 - 2014-09-26 21:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
    2014-11-22 12:54 - 2014-09-26 21:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-22 12:53 - 2014-10-18 03:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-11-22 12:53 - 2014-10-18 02:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-11-22 12:53 - 2014-10-18 02:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2014-11-22 12:53 - 2014-10-18 01:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-11-22 12:53 - 2014-10-18 00:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
    2014-11-22 12:53 - 2014-10-18 00:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-11-22 12:53 - 2014-10-18 00:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-11-22 12:53 - 2014-10-18 00:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-11-22 12:53 - 2014-10-18 00:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2014-11-22 12:53 - 2014-10-18 00:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-11-22 12:53 - 2014-10-18 00:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-11-22 12:53 - 2014-10-18 00:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-11-22 12:53 - 2014-10-18 00:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-11-22 12:53 - 2014-10-18 00:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-11-22 12:53 - 2014-10-18 00:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-11-22 12:53 - 2014-10-18 00:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-11-22 12:53 - 2014-10-17 01:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-22 12:53 - 2014-10-17 00:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-22 12:53 - 2014-10-12 20:33 - 00116032 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2014-11-22 12:53 - 2014-10-10 18:58 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-22 12:53 - 2014-10-10 18:53 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-22 12:53 - 2014-10-09 19:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-22 12:53 - 2014-10-09 19:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
    2014-11-22 12:53 - 2014-10-09 19:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2014-11-22 12:53 - 2014-10-08 01:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-22 12:53 - 2014-10-08 01:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-22 12:53 - 2014-10-08 01:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
    2014-11-22 12:53 - 2014-10-08 01:30 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2014-11-22 12:53 - 2014-10-08 01:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
    2014-11-22 12:53 - 2014-10-08 01:09 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2014-11-22 12:53 - 2014-10-08 00:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2014-11-22 12:53 - 2014-10-08 00:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-22 12:53 - 2014-10-08 00:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-22 12:53 - 2014-10-08 00:27 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2014-11-22 12:53 - 2014-10-08 00:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2014-11-22 12:53 - 2014-10-08 00:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-22 12:53 - 2014-10-07 23:32 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-11-22 12:53 - 2014-10-07 23:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-11-22 12:53 - 2014-10-07 23:19 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-11-22 12:52 - 2014-09-21 22:38 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
    2014-11-22 12:52 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2014-11-22 12:52 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
    2014-11-22 12:52 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2014-11-22 12:52 - 2014-09-18 18:16 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
    2014-11-22 12:52 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
    2014-11-22 12:52 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
    2014-11-22 12:51 - 2014-10-30 23:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-22 12:51 - 2014-10-30 21:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-22 12:49 - 2014-10-30 23:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-22 12:49 - 2014-10-30 23:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-22 12:49 - 2014-10-30 22:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-22 12:49 - 2014-10-30 22:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
    2014-11-22 12:49 - 2014-10-30 22:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-11-22 12:49 - 2014-10-30 22:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-22 12:49 - 2014-10-30 22:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-22 12:49 - 2014-10-30 22:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-22 12:49 - 2014-10-30 22:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-22 12:49 - 2014-10-30 22:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2014-11-22 12:49 - 2014-10-30 22:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-11-22 12:49 - 2014-10-30 22:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-22 12:49 - 2014-10-30 22:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-22 12:49 - 2014-10-30 22:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-22 12:49 - 2014-10-30 21:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-22 12:49 - 2014-10-30 21:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-22 12:49 - 2014-10-30 21:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2014-11-22 12:49 - 2014-10-30 21:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-22 12:49 - 2014-10-30 21:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-22 12:49 - 2014-10-30 21:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-11-22 12:49 - 2014-10-30 21:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-22 12:49 - 2014-10-30 21:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-22 12:49 - 2014-10-30 21:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-22 12:49 - 2014-10-30 21:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
    2014-11-22 12:49 - 2014-10-30 21:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-11-22 12:49 - 2014-10-30 21:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-22 12:49 - 2014-10-30 21:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-22 12:49 - 2014-10-30 20:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-22 12:49 - 2014-10-30 20:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-22 12:49 - 2014-10-30 20:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2014-11-22 12:49 - 2014-10-30 20:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-11-22 12:49 - 2014-10-30 20:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-22 12:49 - 2014-10-30 20:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-22 12:49 - 2014-10-30 20:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-22 12:49 - 2014-10-30 20:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-22 12:49 - 2014-10-30 20:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-22 12:49 - 2014-10-30 20:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-22 12:49 - 2014-10-30 20:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-22 12:48 - 2014-10-30 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
    2014-11-22 12:48 - 2014-10-30 23:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
    2014-11-22 12:48 - 2014-10-30 23:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
    2014-11-22 12:48 - 2014-10-30 23:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
    2014-11-22 12:48 - 2014-10-30 23:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
    2014-11-22 12:48 - 2014-10-30 23:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll
    2014-11-22 12:48 - 2014-10-30 23:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-22 12:48 - 2014-10-30 23:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-22 12:48 - 2014-10-30 23:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-11-22 12:48 - 2014-10-30 23:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-22 12:48 - 2014-10-30 22:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-22 12:48 - 2014-10-30 22:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-22 12:48 - 2014-10-30 22:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
    2014-11-22 12:48 - 2014-10-30 22:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-22 12:48 - 2014-10-30 22:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-22 12:48 - 2014-10-30 22:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
    2014-11-22 12:48 - 2014-10-30 22:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 12:48 - 2014-10-30 22:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-11-22 12:48 - 2014-10-30 22:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2014-11-22 12:48 - 2014-10-30 22:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2014-11-22 12:48 - 2014-10-30 22:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-22 12:48 - 2014-10-30 22:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-22 12:48 - 2014-10-30 22:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
    2014-11-22 12:48 - 2014-10-30 22:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-11-22 12:48 - 2014-10-30 22:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2014-11-22 12:48 - 2014-10-30 22:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-22 12:48 - 2014-10-30 21:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
    2014-11-22 12:48 - 2014-10-30 21:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
    2014-11-22 12:48 - 2014-10-30 21:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
    2014-11-22 12:48 - 2014-10-30 21:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
    2014-11-22 12:48 - 2014-10-30 21:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
    2014-11-22 12:48 - 2014-10-30 21:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
    2014-11-22 12:48 - 2014-10-30 21:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
    2014-11-22 12:48 - 2014-10-30 21:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-22 12:48 - 2014-10-30 21:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-22 12:48 - 2014-10-30 21:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-22 12:48 - 2014-10-30 21:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-22 12:48 - 2014-10-30 21:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-22 12:48 - 2014-10-30 21:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
    2014-11-22 12:48 - 2014-10-30 21:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-22 12:48 - 2014-10-30 21:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
    2014-11-22 12:48 - 2014-10-30 20:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-11-22 12:48 - 2014-10-30 20:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
    2014-11-22 12:48 - 2014-10-30 20:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-22 12:48 - 2014-10-30 20:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
    2014-11-22 12:48 - 2014-10-30 20:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-22 12:48 - 2014-10-30 20:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-11-22 12:48 - 2014-10-30 20:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2014-11-22 12:48 - 2014-10-30 20:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2014-11-22 12:48 - 2014-10-30 20:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
    2014-11-22 12:47 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-22 12:47 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-22 12:47 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-22 12:47 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-22 12:47 - 2014-11-04 17:38 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-22 12:47 - 2014-11-03 18:10 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-22 12:47 - 2014-10-30 22:53 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-11-22 12:47 - 2014-10-30 22:49 - 00537088 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-22 12:47 - 2014-10-30 22:24 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-11-22 12:47 - 2014-10-22 23:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-22 12:47 - 2014-10-22 23:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-22 12:47 - 2014-10-07 00:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-22 12:47 - 2014-10-07 00:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2014-11-22 12:47 - 2014-10-07 00:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-22 12:47 - 2014-10-06 21:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-22 12:47 - 2014-10-06 21:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-22 12:47 - 2014-10-06 21:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-22 12:47 - 2014-10-06 21:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-22 12:47 - 2014-10-06 19:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2014-11-22 12:47 - 2014-10-06 19:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-22 12:47 - 2014-08-22 23:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-22 12:47 - 2014-08-22 23:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-22 12:46 - 2014-09-10 00:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-11-22 12:46 - 2014-09-07 21:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-11-22 12:46 - 2014-09-07 21:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2014-11-22 12:46 - 2014-09-07 16:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
    2014-11-22 12:46 - 2014-09-04 16:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2014-11-22 12:46 - 2014-09-04 16:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2014-11-22 12:46 - 2014-09-03 21:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
    2014-11-22 12:46 - 2014-09-03 20:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
    2014-11-22 12:46 - 2014-09-03 19:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
    2014-11-22 12:46 - 2014-09-03 18:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
    2014-11-22 12:46 - 2014-08-30 18:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
    2014-11-22 12:46 - 2014-08-30 18:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-11-22 12:46 - 2014-08-30 16:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-11-22 12:46 - 2014-08-30 16:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
    2014-11-22 12:46 - 2014-08-30 15:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
    2014-11-22 12:46 - 2014-08-30 15:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
    2014-11-22 12:46 - 2014-08-30 14:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
    2014-11-22 12:46 - 2014-08-30 14:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
    2014-11-22 12:46 - 2014-08-27 20:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-11-22 12:46 - 2014-08-27 18:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-11-22 12:46 - 2014-08-27 18:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-11-22 12:46 - 2014-08-22 23:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2014-11-22 12:46 - 2014-08-22 23:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2014-11-22 12:46 - 2014-08-22 22:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
    2014-11-22 12:46 - 2014-08-01 18:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
    2014-11-22 12:46 - 2014-08-01 18:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
    2014-11-13 22:26 - 2014-11-22 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Nitro PDF
    2014-11-13 21:17 - 2014-11-13 21:17 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\LSC
    2014-11-13 21:09 - 2014-10-30 05:25 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-06 20:03 - 2014-11-06 20:04 - 71648048 _____ (Apple Inc.) C:\Users\cpaulson12\Downloads\iCloudSetup.exe
    2014-11-06 19:51 - 2014-11-06 19:51 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-11-06 19:51 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-06 19:50 - 2014-11-06 19:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-06 19:50 - 2014-11-06 19:50 - 00000000 ____D () C:\Program Files\iPod
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-03 12:26 - 2014-07-09 17:15 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\ID Vault
    2014-12-03 12:26 - 2014-07-09 13:59 - 00000000 ___RD () C:\Users\cpaulson12\Google Drive
    2014-12-03 12:26 - 2014-07-09 13:54 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-03 12:24 - 2014-02-15 20:47 - 01942109 _____ () C:\windows\WindowsUpdate.log
    2014-12-03 12:24 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-03 12:23 - 2014-07-09 20:10 - 00002256 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-03 12:23 - 2014-07-09 13:54 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-03 12:23 - 2014-02-15 21:41 - 00004608 _____ () C:\windows\system32\VfService.trf
    2014-12-03 12:21 - 2014-07-09 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-12-03 12:21 - 2013-10-07 12:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-03 12:20 - 2014-07-21 23:37 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\CrashDumps
    2014-12-03 12:19 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
    2014-12-03 08:59 - 2014-07-10 03:18 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-185766733-1824046107-1153005522-1002
    2014-12-03 08:57 - 2014-07-09 13:54 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-12-03 08:57 - 2014-07-09 13:54 - 00003672 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-12-03 08:54 - 2014-10-21 21:02 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2014-12-03 08:54 - 2013-10-07 12:23 - 00469366 _____ () C:\windows\PFRO.log
    2014-12-03 08:47 - 2014-07-10 03:19 - 00003970 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{745A42CE-EB87-47C1-8067-C57D29127740}
    2014-12-03 08:47 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\GroupPolicy
    2014-12-02 21:40 - 2014-10-21 20:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-02 19:43 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Registration
    2014-12-02 11:30 - 2014-07-24 21:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-12-02 10:39 - 2014-10-21 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-02 10:39 - 2014-10-21 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-02 10:24 - 2013-08-22 08:46 - 00026264 _____ () C:\windows\setupact.log
    2014-12-02 10:22 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-12-02 10:13 - 2014-07-09 21:06 - 00002135 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
    2014-12-02 10:08 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-11-27 22:30 - 2014-07-24 21:50 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-27 22:01 - 2014-07-10 03:12 - 00000000 ____D () C:\Users\cpaulson12
    2014-11-27 21:34 - 2014-07-10 03:16 - 00002306 _____ () C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2014-11-27 21:32 - 2014-02-15 21:19 - 00000000 ____D () C:\ProgramData\McAfee
    2014-11-27 21:29 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-11-27 21:25 - 2013-08-22 09:36 - 00000000 ___HD () C:\windows\ELAMBKUP
    2014-11-27 21:23 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-11-22 16:29 - 2013-08-22 08:44 - 00492512 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-22 16:28 - 2014-07-09 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-22 16:25 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-22 16:24 - 2014-07-14 17:44 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
    2014-11-22 16:24 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2014-11-22 13:10 - 2014-07-09 20:26 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-22 13:00 - 2014-07-09 20:26 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-22 12:27 - 2014-07-09 17:16 - 00000000 ____D () C:\Users\cpaulson12\AppData\Local\ID Vault
    2014-11-22 12:14 - 2014-07-09 19:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-13 22:06 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\vpnplugins
    2014-11-06 20:02 - 2014-07-09 20:06 - 00000000 ____D () C:\Users\cpaulson12\AppData\Roaming\Apple Computer
    2014-11-06 19:50 - 2014-07-09 20:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-11-06 19:50 - 2014-07-09 20:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-11-22 12:48
     
    ==================== End Of Log ============================
     
     
     
     
     
    Still seems to be about the same.  Still pretty slow and lots of popups.  Thanks


    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 December 2014 - 12:50 PM

    See if your able to uninstall both these programs 

    BetterPriceChec
    TicTaCoupon
     
     
    Did you remove anything with Avast Browser Cleanup ??
     
    Here is a new Fixlist, be sure to download it to the same directory as FRST64, post the Fixlog when its done
     
     
    If still no joy there are other programs we can run
     
     

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 paudusd

    paudusd

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 03 December 2014 - 11:25 PM

    Alright.  I tried to remove those 2 programs through the ad/remove programs in the control panel.  The first one (Betterpricechec) just disappeared when I clicked uninstall.  (No uninstall panel came up.)  The 2nd one (TicTaCoupon) gave me an error when I clicked uninstalled saying that it appears to have already been uninstalled and click ok to remove it from the list which I did.

     

    Yeah The Browser cleanup came up with several items (maybe 10ish) that I had it remove. Did I miss posting a log about that?  So many logs files to keep track of :)

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
    Ran by cpaulson12 at 2014-12-03 23:12:56 Run:2
    Running from C:\Users\cpaulson12\Desktop\COMP FIX
    Loaded Profile: cpaulson12 (Available profiles: cpaulson12)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    BetterPriceChec (HKLM-x32\...\{4E5FE462-1A84-47B4-3411-C72434AAD86C}) (Version:  - "") <==== ATTENTION
    TicTaCoupon (HKLM-x32\...\{E370F69F-ED3F-925F-31FC-14D1329A713B}) (Version:  - "") <==== ATTENTION
    CHR HKU\S-1-5-21-185766733-1824046107-1153005522-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    BHO: BetterPriceChec -> {88e9a618-56f3-4a7e-aaaa-0b6b83306eee} -> C:\ProgramData\BetterPriceChec\6BNe1JmhBd1jqW.x64.dll ()
    BHO-x32: BetterPriceChec -> {88e9a618-56f3-4a7e-aaaa-0b6b83306eee} -> C:\ProgramData\BetterPriceChec\6BNe1JmhBd1jqW.dll ()
    R2 346101c4; c:\Program Files (x86)\CouponGenie\BuyPractical.dll [3995136 2014-11-27] () [File not signed]
    2014-12-03 12:20 - 2014-12-03 12:20 - 00000000 ____D () C:\ProgramData\GetDiscountApp
    2014-12-03 08:47 - 2014-12-03 08:47 - 00000000 ____D () C:\ProgramData\BetterPriceChec
    2014-11-27 21:50 - 2014-11-27 21:50 - 00000000 ____D () C:\Program Files (x86)\CouponGenie
    EmptyTemp:
    End
     
     
     
    *****************
     
    Processes closed successfully.
    BetterPriceChec (HKLM-x32\...\{4E5FE462-1A84-47B4-3411-C72434AAD86C}) (Version:  - "") <==== ATTENTION => Error: No automatic fix found for this entry.
    TicTaCoupon (HKLM-x32\...\{E370F69F-ED3F-925F-31FC-14D1329A713B}) (Version:  - "") <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKU\S-1-5-21-185766733-1824046107-1153005522-1002\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88e9a618-56f3-4a7e-aaaa-0b6b83306eee}" => Key not found.
    "HKCR\CLSID\{88e9a618-56f3-4a7e-aaaa-0b6b83306eee}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88e9a618-56f3-4a7e-aaaa-0b6b83306eee}" => Key not found.
    "HKCR\Wow6432Node\CLSID\{88e9a618-56f3-4a7e-aaaa-0b6b83306eee}" => Key deleted successfully.
    346101c4 => Service deleted successfully.
    C:\ProgramData\GetDiscountApp => Moved successfully.
    C:\ProgramData\BetterPriceChec => Moved successfully.
    C:\Program Files (x86)\CouponGenie => Moved successfully.
    EmptyTemp: => Removed 151.4 MB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog ====
     
     
     
    Still seems to be about the same.  Still slow and popups when I use any internet browser.  Thanks


    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 04 December 2014 - 06:52 AM

    First lets set all your browsers back to defaults and see if it makes a difference if not than we will need to run a few more tools

     

     

     
  • Open IE
  • Go to Tools> Internet Options > Advanced Tab
  • Reset Internet Explorer Setting
  • Reset
  • This will take a few seconds
  • Close IE and then reopen it and see if it helped
  •  
     
     
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Down on the bottom you will see an option for RESET BROWSER SETTINGS
  • Click on it and it will set Chome back to defaults
  •  
     
     
  • Open Firefox
  • Click on Help > Troubleshooting Information > Reset Firefox to its default state


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 paudusd

    paudusd

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 04 December 2014 - 08:58 AM

    Alright.  That seems to have done the trick.  my computer seems to be running at normal speeds and have yet to have a popup.  I only tested it for about 5-10 before heading off to work..  So I'll try to use it more later today and see if it's still running smoothly.  Thanks!!!


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users