Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 IE11, browser starts with proxy server enabled


  • This topic is locked This topic is locked
12 replies to this topic

#1 Paul Garcia

Paul Garcia

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 26 September 2014 - 07:04 AM

Good morning,

 

After noticing that random websites were failing to load consistently, I looked through my IE11 settings and saw that the option to use a proxy server was checked. If I uncheck the proxy server option:

  • The proxy server option sometimes will be enabled again when restarting IE11
  • New tabs I open during the same session of IE11 will again have that Proxy Server option enabled
  • Occasionally, the same tab will revert back to having the Proxy Server option enabled

The proxy server address field remains blank through all of this (there was a value in there some time ago, but clearing it out once eliminated that issue. I have tried the following in addition to manually clearing the proxy server check box and address field:

  • Malwarebytes
  • CCleaner
  • Adware Cleaner

Significant malware and adware was cleaned up by these programs. With regard to this issue, the only improvement was that sometimes (but not always) the first tab only has the proxy server box unchecked when opening my IE11.

 

I am using this computer at home. I have never knowingly used a proxy server.

 

Please help. Thank you!



BC AdBot (Login to Remove)

 


#2 Paul Garcia

Paul Garcia
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 26 September 2014 - 07:14 AM

I cannot run DDS on my PC. I can download it, but running it gives an error that DDS will not run in Compatibility mode.

 

Not sure if this blocking of DDS is part of my issue.

 

Please advise.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 AM

Posted 30 September 2014 - 06:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

If this key exists and the value is 0 that is the issue with your proxy.
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxySettingsPerUser"= 0x0000000000 (0)


Lets find out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 Paul Garcia

Paul Garcia
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 03 October 2014 - 12:39 AM

The results of the 64-bit System Look scan are:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 22:36 on 02/10/2014 by Paul
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
(No values found)

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
(No values found)

-= EOF =-



#5 Paul Garcia

Paul Garcia
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 03 October 2014 - 12:49 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Paul (administrator) on GARCIA_PC on 02-10-2014 22:46:12
Running from C:\Users\Paul\Desktop
Loaded Profile: Paul (Available profiles: Paul)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files (x86)\Jsip\Jsip.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-25] (Realtek Semiconductor)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-02-19] (Symantec Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-447564194-2685222056-786185505-1001\...\RunOnce: [Application Restart #1] => C:\Users\Paul\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters).
HKU\S-1-5-21-447564194-2685222056-786185505-1001\...\MountPoints2: {403e959f-e704-11e3-8266-485ab68fdd35} - "G:\VerizonSWUpgradeAssistantLauncher.exe"
HKU\S-1-5-21-447564194-2685222056-786185505-1001\...\MountPoints2: {a82fc01e-daa6-11e3-8264-c03fd50b6a53} - "G:\TL_Bootstrap.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13091;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_37_ie&cd=2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDtD0ByC0AyDtA0ByDtD0DtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0C0DtD0DtAtG0B0EyDtCtGyCyE0E0EtG0ByBzz0FtGyEtD0DyByDzz0Azz0B0EyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0D0A0CyC0CyByEtG0B0DtD0DtGyEtDyE0DtG0ByCyD0EtG0CyE0BtB0BtA0Dzz0C0A0BtA2Q&cr=1213279907&ir=
SearchScopes: HKLM-x32 - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {D323496D-A5B2-4E5C-9877-272CC9C22E0D} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.10.3.34&apn_uid=2D5E2C6D-697B-4F95-94AC-EF1682E5511E&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.16384&doi=2014-03-01&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_37_ie&cd=2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDtD0ByC0AyDtA0ByDtD0DtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0C0DtD0DtAtG0B0EyDtCtGyCyE0E0EtG0ByBzz0FtGyEtD0DyByDzz0Azz0B0EyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0D0A0CyC0CyByEtG0B0DtD0DtGyEtDyE0DtG0ByCyD0EtG0CyE0BtB0BtA0Dzz0C0A0BtA2Q&cr=1213279907&ir=
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn [2014-09-24]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-24]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "Jsip" service was unlocked successfully. <===== ATTENTION

S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 Jsip; C:\Program Files (x86)\Jsip\Jsip.exe [390144 2014-06-06] () [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-07-16] (LENOVO INCORPORATED.)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-13] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-05] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20141002.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20141002.018\ENG64.SYS [129752 2014-08-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20141002.018\EX64.SYS [2137304 2014-08-20] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 22:46 - 2014-10-02 22:46 - 00019324 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-10-02 22:43 - 2014-10-02 22:46 - 00000000 ____D () C:\FRST
2014-10-02 22:41 - 2014-10-02 22:41 - 02109440 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-10-02 22:36 - 2014-10-02 22:36 - 00000782 _____ () C:\Users\Paul\Desktop\SystemLook.txt
2014-10-02 22:32 - 2014-10-02 22:32 - 00165376 _____ () C:\Users\Paul\Desktop\SystemLook_x64.exe
2014-09-26 19:00 - 2014-10-02 22:23 - 00055390 _____ () C:\windows\SysWOW64\AppLog.log
2014-09-25 22:41 - 2014-09-25 22:41 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-09-24 20:43 - 2014-09-24 20:43 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-09-24 20:43 - 2014-09-24 20:43 - 00002532 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-09-24 20:43 - 2014-09-24 20:43 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-09-21 23:12 - 2014-09-22 18:19 - 00000000 ____D () C:\AdwCleaner
2014-09-21 22:32 - 2014-09-21 22:32 - 00002770 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-21 22:32 - 2014-09-21 22:32 - 00000847 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-21 22:32 - 2014-09-21 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-21 22:32 - 2014-09-21 22:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-21 08:32 - 2014-09-21 08:31 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-21 08:31 - 2014-09-21 08:31 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-21 08:31 - 2014-09-21 08:31 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-21 08:31 - 2014-09-21 08:31 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-21 08:28 - 2014-09-21 08:28 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-09-21 08:28 - 2014-09-21 08:28 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-09-21 08:28 - 2014-09-21 08:28 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-09-21 08:28 - 2014-09-21 08:28 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-09-21 08:28 - 2014-09-21 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-21 08:28 - 2014-09-21 08:28 - 00000000 ____D () C:\Program Files\Java
2014-09-14 03:23 - 2014-08-14 17:36 - 00146752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-09-13 19:26 - 2014-09-13 19:26 - 00002306 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-09-13 19:26 - 2014-09-13 19:26 - 00000000 ____D () C:\Users\Paul\AppData\Local\WinZip
2014-09-13 19:26 - 2014-09-13 19:26 - 00000000 ____D () C:\ProgramData\WinZip
2014-09-13 19:26 - 2014-09-13 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-09-13 19:26 - 2014-09-13 19:26 - 00000000 ____D () C:\Program Files\WinZip
2014-09-13 19:25 - 2014-09-13 19:25 - 00000000 ____D () C:\Program Files\File Association Helper
2014-09-13 08:40 - 2014-09-02 13:06 - 00706016 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-13 08:40 - 2014-09-02 13:06 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 07:07 - 2014-08-15 18:56 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-11 07:07 - 2014-08-15 18:54 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-11 07:07 - 2014-08-15 18:43 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-11 07:07 - 2014-08-15 18:32 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-11 07:07 - 2014-08-15 18:25 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 07:07 - 2014-08-15 18:22 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-11 07:07 - 2014-08-15 18:20 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-11 07:07 - 2014-08-15 18:19 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-11 07:07 - 2014-08-15 18:18 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-11 07:07 - 2014-08-15 18:06 - 00359424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-11 07:07 - 2014-08-15 18:05 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-11 07:07 - 2014-08-15 18:05 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-11 07:07 - 2014-08-15 18:03 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-11 07:07 - 2014-08-15 17:53 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-11 07:07 - 2014-08-15 17:53 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-11 07:07 - 2014-08-15 17:44 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-11 07:07 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-11 07:07 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-11 07:07 - 2014-02-06 04:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-11 07:07 - 2014-02-06 04:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-11 07:07 - 2014-02-06 04:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-11 07:07 - 2014-02-06 03:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-11 07:07 - 2014-02-06 03:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-11 07:07 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-11 07:07 - 2014-02-06 03:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-11 07:07 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-11 07:07 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-11 07:07 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-11 07:07 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-11 07:06 - 2014-08-15 19:40 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-11 07:06 - 2014-08-15 19:04 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-11 07:06 - 2014-08-15 19:00 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-11 07:06 - 2014-08-15 19:00 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-11 07:06 - 2014-08-15 18:45 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-11 07:06 - 2014-08-15 18:18 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-11 07:06 - 2014-08-15 18:11 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-11 07:06 - 2014-08-15 18:03 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-11 07:06 - 2014-08-15 17:58 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 07:06 - 2014-08-15 17:56 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-11 07:06 - 2014-08-15 17:53 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-11 07:06 - 2014-08-15 17:51 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-11 07:06 - 2014-08-15 17:45 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-11 07:06 - 2014-08-15 17:44 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-11 07:06 - 2014-08-15 17:34 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-11 07:06 - 2014-08-15 17:20 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-11 07:06 - 2014-08-15 17:18 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-11 07:06 - 2014-08-15 17:14 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-11 07:06 - 2014-08-15 17:12 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-11 07:06 - 2014-02-06 04:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-11 07:06 - 2014-02-06 03:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-11 07:06 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-11 06:55 - 2014-09-04 19:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-09-11 06:55 - 2014-09-04 19:31 - 00527360 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-11 06:55 - 2014-09-04 17:48 - 00738816 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-11 06:55 - 2014-08-01 17:18 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-09-11 06:55 - 2014-07-23 20:20 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2014-09-11 06:55 - 2014-07-23 20:20 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2014-09-06 13:24 - 2014-09-21 22:42 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 13:23 - 2014-09-06 13:23 - 00001141 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 13:23 - 2014-09-06 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 13:23 - 2014-09-06 13:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 13:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-06 13:23 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-06 13:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 22:35 - 2014-02-18 21:26 - 01050367 _____ () C:\windows\WindowsUpdate.log
2014-10-02 22:34 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\AppReadiness
2014-10-02 22:30 - 2014-05-09 21:38 - 00025088 ___SH () C:\Users\Paul\Downloads\Thumbs.db
2014-10-02 22:25 - 2014-02-18 21:39 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6F732C57-CC6B-4012-925C-56892A9358EF}
2014-10-02 22:24 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sru
2014-10-02 22:23 - 2014-02-19 13:53 - 00000298 _____ () C:\windows\Tasks\NUSchedule.job
2014-10-02 22:23 - 2014-01-03 11:08 - 00000000 ____D () C:\ProgramData\Temp
2014-09-27 23:31 - 2013-08-22 08:20 - 00000000 ____D () C:\windows\CbsTemp
2014-09-27 23:30 - 2014-02-18 21:37 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-447564194-2685222056-786185505-1001
2014-09-26 22:49 - 2014-06-07 18:59 - 00000000 ____D () C:\Program Files (x86)\Jsip
2014-09-25 22:46 - 2014-03-22 21:40 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Nitro PDF
2014-09-25 22:21 - 2014-03-22 18:55 - 00000410 _____ () C:\windows\BRWMARK.INI
2014-09-25 22:21 - 2014-03-22 18:55 - 00000034 _____ () C:\windows\SysWOW64\BD7820N.DAT
2014-09-24 20:43 - 2014-07-09 22:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-24 20:43 - 2014-02-19 13:27 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-09-24 20:43 - 2013-08-22 08:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-09-24 03:42 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\rescache
2014-09-22 18:21 - 2014-02-19 13:53 - 00000306 _____ () C:\windows\Tasks\NUAutoUpdate.job
2014-09-22 18:21 - 2014-02-18 21:36 - 00000000 ___DO () C:\Users\Paul\SkyDrive
2014-09-22 18:21 - 2014-02-18 21:32 - 00000280 _____ () C:\Users\Paul\AppData\Local\RegisteredPackageInformation.xml
2014-09-22 18:21 - 2013-08-22 07:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-22 18:20 - 2013-08-22 06:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-09-21 23:01 - 2013-08-22 06:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-09-21 22:34 - 2014-03-01 08:01 - 00000000 ____D () C:\Users\Paul\AppData\Local\CrashDumps
2014-09-21 22:34 - 2013-08-31 09:36 - 00000000 ____D () C:\windows\Panther
2014-09-21 15:55 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\NDF
2014-09-21 08:32 - 2014-02-28 23:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-14 00:26 - 2014-02-28 23:50 - 00000086 _____ () C:\Users\Paul\AppData\Roaming\WB.CFG
2014-09-13 20:04 - 2014-02-28 23:39 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\.minecraft
2014-09-13 08:39 - 2013-08-22 07:44 - 00492656 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-13 08:37 - 2014-07-13 09:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-11 07:08 - 2014-02-18 22:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 07:06 - 2014-02-23 11:21 - 00000000 ____D () C:\windows\system32\MRT
2014-09-11 07:04 - 2014-02-23 11:21 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-06 13:23 - 2014-02-22 15:20 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-09-06 13:23 - 2014-02-22 15:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 13:23 - 2014-02-22 15:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-06 01:03 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\LiveKernelReports

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-27 23:26

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Paul at 2014-10-02 22:46:51
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Jsip (HKLM-x32\...\Jsip) (Version:  - )
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.6.11.0 - Lenovo Group Limited)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Technic Launcher Packages (HKCU\...\Technic Launcher Packages) (Version:  - ) <==== ATTENTION
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.26.89 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zoo Tycoon Demo (HKLM-x32\...\Zoo Tycoon Demo 1.0) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-447564194-2685222056-786185505-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-447564194-2685222056-786185505-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Restore Points  =========================

13-09-2014 13:52:15 Windows Update
18-09-2014 10:59:57 Windows Update
21-09-2014 15:28:26 Installed Java 7 Update 67 (64-bit)
25-09-2014 12:07:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {014774BD-118D-4186-B42B-130E6DF10DD9} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05553595-F3CF-44D3-A130-4962BFAA63A7} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\SystemAgent\AutoUpdate.exe [2013-07-16] ()
Task: {0A137683-C89B-4C08-8316-7FCEFB0BDC2B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1967B0F7-939D-4231-8D1C-1195DE23AED9} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {1A358D73-858F-49CC-AD0E-6F77AB559D12} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2914DEFA-DA6B-4BE2-B11A-0399F22F3BB8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54AAFB71-B933-4847-8908-8E30F4F992E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5D7C2B7C-FCA6-4E8C-AD8D-21BEB356CA70} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {65F38D09-2434-4AD5-9568-474B3D2779A9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AD5F43D-8AF3-4793-967D-7CF31DFB12CD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7876870B-48AC-4129-B600-E1912423AE12} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {7DD41233-4BBF-4BD8-BDA3-5D629C34257F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7EB52BCF-59C5-497E-A5F8-0DE2ACEFDD0D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C70EF61-C033-437F-A013-C5D8345C8054} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-07-16] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9E37E663-BAF4-4089-8774-2DB5DE039EF2} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B0171709-EA18-4EF6-805E-2AD38F9BA625} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: {C7E5C048-E788-4F14-B072-69B7D2EE3C72} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {CB80BEFB-FC81-4151-B72B-DBF255367022} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2014-02-19] (Symantec)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E1F07BFC-3CDA-44E4-9EDD-F5A8D10254E1} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2014-02-19] (Symantec)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF2AFFC3-7066-4840-8EF9-AD0CE1715269} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe

==================== Loaded Modules (whitelisted) =============

2014-01-03 10:56 - 2011-08-16 21:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-06-06 06:07 - 2014-06-06 06:07 - 00390144 _____ () C:\Program Files (x86)\Jsip\Jsip.exe
2014-01-03 11:10 - 2013-05-14 11:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-01-03 10:56 - 2013-10-25 02:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2014-01-03 10:56 - 2011-08-16 21:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-03 10:56 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-01-03 10:55 - 2013-09-12 02:39 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\Users\Paul\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-447564194-2685222056-786185505-500 - Administrator - Disabled)
Guest (S-1-5-21-447564194-2685222056-786185505-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-447564194-2685222056-786185505-1003 - Limited - Enabled)
Paul (S-1-5-21-447564194-2685222056-786185505-1001 - Administrator - Enabled) => C:\Users\Paul

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2014 11:07:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b3c

Start Time: 01cfd6f044a1e8ce

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 0032f23c-43b1-11e4-8273-c03fd50b6a53

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/21/2014 10:58:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Jsip.exe, version: 0.0.0.0, time stamp: 0x5391bd1e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x977c
Faulting application start time: 0xJsip.exe0
Faulting application path: Jsip.exe1
Faulting module path: Jsip.exe2
Report Id: Jsip.exe3
Faulting package full name: Jsip.exe4
Faulting package-relative application ID: Jsip.exe5

Error: (09/21/2014 03:18:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Jsip.exe, version: 0.0.0.0, time stamp: 0x5391bd1e
Faulting module name: Jsip.exe, version: 0.0.0.0, time stamp: 0x5391bd1e
Exception code: 0xc0000409
Fault offset: 0x000487fe
Faulting process id: 0xad88
Faulting application start time: 0xJsip.exe0
Faulting application path: Jsip.exe1
Faulting module path: Jsip.exe2
Report Id: Jsip.exe3
Faulting package full name: Jsip.exe4
Faulting package-relative application ID: Jsip.exe5

Error: (09/21/2014 00:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17278 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 191c

Start Time: 01cfd5b15009e49f

Termination Time: 88

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 92e76e47-41c7-11e4-8271-c03fd50b6a53

Faulting package full name:

Faulting package-relative application ID:

Error: (09/21/2014 09:47:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Jsip.exe, version: 0.0.0.0, time stamp: 0x5391bd1e
Faulting module name: Jsip.exe, version: 0.0.0.0, time stamp: 0x5391bd1e
Exception code: 0xc0000005
Fault offset: 0x00034478
Faulting process id: 0x5fc
Faulting application start time: 0xJsip.exe0
Faulting application path: Jsip.exe1
Faulting module path: Jsip.exe2
Report Id: Jsip.exe3
Faulting package full name: Jsip.exe4
Faulting package-relative application ID: Jsip.exe5

Error: (09/21/2014 07:06:06 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (09/21/2014 00:23:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17278, time stamp: 0x53eea0c3
Faulting module name: igd10iumd32.dll, version: 10.18.10.3345, time stamp: 0x526ede04
Exception code: 0xc0000005
Fault offset: 0x0005fec7
Faulting process id: 0x4114
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (09/13/2014 06:56:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5cc8

Start Time: 01cfcf59dba54cf1

Termination Time: 4294967295

Application Path: C:\windows\syswow64\backgroundTaskHost.exe

Report Id: d070a3bf-3b4d-11e4-826f-c03fd50b6a53

Faulting package full name: E046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8

Faulting package-relative application ID: App

Error: (09/06/2014 01:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46812

Error: (09/06/2014 01:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46812

System errors:
=============
Error: (09/27/2014 11:25:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 8.1 for x64-based Systems (KB2971850).

Error: (09/25/2014 11:11:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 8.1 for x64-based Systems (KB2971850).

Error: (09/25/2014 10:43:51 PM) (Source: volsnap) (EventID: 29) (User: )
Description: The shadow copies of volume E: were aborted during detection.

Error: (09/25/2014 05:10:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 8.1 for x64-based Systems (KB2975719).

Error: (09/25/2014 05:08:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 8.1 for x64-based Systems (KB2971850).

Error: (09/24/2014 03:23:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 8.1 for x64-based Systems (KB2975719).

Error: (09/24/2014 03:19:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 8.1 for x64-based Systems (KB2971850).

Error: (09/23/2014 11:11:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 8.1 for x64-based Systems (KB2975719).

Error: (09/23/2014 11:10:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows 8.1 for x64-based Systems (KB2971850).

Error: (09/22/2014 06:21:02 PM) (Source: GeneStor) (EventID: 0) (User: )
Description: GeneStor driver startedGeneStor driver started (2)

Microsoft Office Sessions:
=========================
Error: (09/23/2014 11:07:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206051b3c01cfd6f044a1e8ce4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe0032f23c-43b1-11e4-8273-c03fd50b6a53microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/21/2014 10:58:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Jsip.exe0.0.0.05391bd1eunknown0.0.0.000000000c000000500000000977c01cfd5e9ff8a57d8C:\Program Files (x86)\Jsip\Jsip.exeunknown7f6eb713-421d-11e4-8271-c03fd50b6a53

Error: (09/21/2014 03:18:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Jsip.exe0.0.0.05391bd1eJsip.exe0.0.0.05391bd1ec0000409000487fead8801cfd5bbc8b7fbaaC:\Program Files (x86)\Jsip\Jsip.exeC:\Program Files (x86)\Jsip\Jsip.exe39dedad8-41dd-11e4-8271-c03fd50b6a53

Error: (09/21/2014 00:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17278191c01cfd5b15009e49f88C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE92e76e47-41c7-11e4-8271-c03fd50b6a53

Error: (09/21/2014 09:47:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Jsip.exe0.0.0.05391bd1eJsip.exe0.0.0.05391bd1ec0000005000344785fc01cfd4db6b8335fcC:\Program Files (x86)\Jsip\Jsip.exeC:\Program Files (x86)\Jsip\Jsip.exe02d2d358-41af-11e4-8271-c03fd50b6a53

Error: (09/21/2014 07:06:06 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (09/21/2014 00:23:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1727853eea0c3igd10iumd32.dll10.18.10.3345526ede04c00000050005fec7411401cfd50a45dfec4fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\igd10iumd32.dll25b543f7-4160-11e4-8271-c03fd50b6a53

Error: (09/13/2014 06:56:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845cc801cfcf59dba54cf14294967295C:\windows\syswow64\backgroundTaskHost.exed070a3bf-3b4d-11e4-826f-c03fd50b6a53E046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8App

Error: (09/06/2014 01:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46812

Error: (09/06/2014 01:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46812

==================== Memory info ===========================

Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 42%
Total physical RAM: 6058.36 MB
Available physical RAM: 3469.65 MB
Total Pagefile: 8026.36 MB
Available Pagefile: 5115.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:822.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP) (Fixed) (Total:291.95 GB) (Free:130.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Recovery) (Fixed) (Total:6.14 GB) (Free:0.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CEB2E810)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 119604DC)
Partition 1: (Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 AM

Posted 03 October 2014 - 08:51 AM

start

() C:\Program Files (x86)\Jsip\Jsip.exe
HKU\S-1-5-21-447564194-2685222056-786185505-1001\...\RunOnce: [Application Restart #1] => C:\Users\Paul\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters).
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13091;
SearchScopes: HKLM - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_37_ie&cd=2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDtD0ByC0AyDtA0ByDtD0DtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0C0DtD0DtAtG0B0EyDtCtGyCyE0E0EtG0ByBzz0FtGyEtD0DyByDzz0Azz0B0EyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0D0A0CyC0CyByEtG0B0DtD0DtGyEtDyE0DtG0ByCyD0EtG0CyE0BtB0BtA0Dzz0C0A0BtA2Q&cr=1213279907&ir=
SearchScopes: HKLM-x32 - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {D323496D-A5B2-4E5C-9877-272CC9C22E0D} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.10.3.34&apn_uid=2D5E2C6D-697B-4F95-94AC-EF1682E5511E&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.16384&doi=2014-03-01&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_37_ie&cd=2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDtD0ByC0AyDtA0ByDtD0DtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0C0DtD0DtAtG0B0EyDtCtGyCyE0E0EtG0ByBzz0FtGyEtD0DyByDzz0Azz0B0EyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0D0A0CyC0CyByEtG0B0DtD0DtGyEtDyE0DtG0ByCyD0EtG0CyE0BtB0BtA0Dzz0C0A0BtA2Q&cr=1213279907&ir=
Locked "Jsip" service was unlocked successfully. <===== ATTENTION
R2 Jsip; C:\Program Files (x86)\Jsip\Jsip.exe [390144 2014-06-06] () [File not signed]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
C:\Program Files (x86)\Jsip\Jsip.exe

AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:13091 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Restart the computer normally to reset the registry.

How is the computer running now?

#7 Paul Garcia

Paul Garcia
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 05 October 2014 - 07:35 PM

I assume you mean save the macro you prepared above as a text file.

 

I am unable to do this. It is hard to believe, but my Windows 8.1 does not have a text editor. Searching for a text editor takes me to a link for downloading the Notepad program, which does not work.

 

Is this a known Windows 8.1 issue? Or, is this a symptom of another issue with my PC?

 

Please advise.



#8 Paul Garcia

Paul Garcia
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 05 October 2014 - 07:50 PM

Hello again,

 

I was able to download the Notepad accessory and run the macro. The fixlog text is:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Paul at 2014-10-05 17:40:35 Run:1
Running from C:\Users\Paul\Desktop\FRST
Loaded Profile: Paul (Available profiles: Paul)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

() C:\Program Files (x86)\Jsip\Jsip.exe
HKU\S-1-5-21-447564194-2685222056-786185505-1001\...\RunOnce: [Application Restart #1] => C:\Users\Paul\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters).
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13091;
SearchScopes: HKLM - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_37_ie&cd=2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDtD0ByC0AyDtA0ByDtD0DtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0C0DtD0DtAtG0B0EyDtCtGyCyE0E0EtG0ByBzz0FtGyEtD0DyByDzz0Azz0B0EyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0D0A0CyC0CyByEtG0B0DtD0DtGyEtDyE0DtG0ByCyD0EtG0CyE0BtB0BtA0Dzz0C0A0BtA2Q&cr=1213279907&ir=
SearchScopes: HKLM-x32 - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {D323496D-A5B2-4E5C-9877-272CC9C22E0D} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.10.3.34&apn_uid=2D5E2C6D-697B-4F95-94AC-EF1682E5511E&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.16384&doi=2014-03-01&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_37_ie&cd=2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDtD0ByC0AyDtA0ByDtD0DtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtDtB0C0DtD0DtAtG0B0EyDtCtGyCyE0E0EtG0ByBzz0FtGyEtD0DyByDzz0Azz0B0EyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0D0A0CyC0CyByEtG0B0DtD0DtGyEtDyE0DtG0ByCyD0EtG0CyE0BtB0BtA0Dzz0C0A0BtA2Q&cr=1213279907&ir=
Locked "Jsip" service was unlocked successfully. <===== ATTENTION
R2 Jsip; C:\Program Files (x86)\Jsip\Jsip.exe [390144 2014-06-06] () [File not signed]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
C:\Program Files (x86)\Jsip\Jsip.exe

AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
End
*****************

[1540] C:\Program Files (x86)\Jsip\Jsip.exe => Process closed successfully.
HKU\S-1-5-21-447564194-2685222056-786185505-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1}" => Key deleted successfully.
"HKCR\CLSID\{F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D323496D-A5B2-4E5C-9877-272CC9C22E0D}" => Key deleted successfully.
"HKCR\CLSID\{D323496D-A5B2-4E5C-9877-272CC9C22E0D}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1}" => Key deleted successfully.
"HKCR\CLSID\{F8A2EDAB-5E35-4E5C-B614-5AC74B40B4A1}" => Key not found.
Locked "Jsip" service was unlocked successfully. <===== ATTENTION => Error: No automatic fix found for this entry.
Jsip => Unable to stop service
Jsip => Error deleting Service
DIRECTIO => Service deleted successfully.
C:\Program Files (x86)\Jsip\Jsip.exe => Moved successfully.
C:\ProgramData\Temp => ":792D4CF1" ADS removed successfully.

==== End of Fixlog ====



#9 Paul Garcia

Paul Garcia
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 05 October 2014 - 08:03 PM

I have just rebooted my PC and checked the LAN connection settings. It seems to be working properly. I opened multiple tabs on IE11 and all had the "Automatically detect settings" checkbox enabled and the "Use Proxy Server" checkbox disabled. The proxy server address box remains blank.

 

Is there anything else I need to do?

 

Thanks again!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 AM

Posted 06 October 2014 - 07:29 AM

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#11 Paul Garcia

Paul Garcia
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 08 October 2014 - 05:25 AM

Checkup.txt document:

 

 Results of screen317's Security Check version 0.99.88 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender          
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 AM

Posted 08 October 2014 - 08:44 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 AM

Posted 14 October 2014 - 08:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users