Help with fff5ee and searchnet.blinkxcore malware

indesperateneedofIT · Nov 2, 2014

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Taylor (administrator) on TAYLOR-THINKPAD on 02-11-2014 23:37:40
Running from C:\Users\Taylor\Downloads
Loaded Profile: Taylor (Available profiles: Taylor)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Secunia) C:\Program Files (x86)\Secunia\CSI\csia-v5.0.1.1004.exe
(Google Inc.) C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(MarkedUp Inc) C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Common Files\Lenovo\SUP\sup_wermonitor.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
(Lenovo) C:\Program Files (x86)\Common Files\Lenovo\SUP\sup_wermonitor.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MessageCenterPlus.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-05] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-04-05] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-10-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-09-01] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3546379460-2061304295-809048746-1000\...\Run: [Google Update] => C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-15] (Google Inc.)
HKU\S-1-5-21-3546379460-2061304295-809048746-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Taylor\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=622d8d9c7f6747d387da3d1cbf1e0b17-05609b2080d71fe4f10ebd2d8139b366e2b329be /CMPID=1113a
HKU\S-1-5-21-3546379460-2061304295-809048746-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3546379460-2061304295-809048746-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-3546379460-2061304295-809048746-1000\...\MountPoints2: {3769f794-1df9-11e3-8e7b-ec55f9fae2e4} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3546379460-2061304295-809048746-1000\...\MountPoints2: {5916e146-b342-11e0-ab83-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3546379460-2061304295-809048746-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109881&babsrc=HP_ss&mntrId=9402db6d000000000000f0def161f6d4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.babylon.com/?AF=109881&babsrc=HP_ss&mntrId=9402db6d000000000000f0def161f6d4
http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid...s=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-12-11 12:21:41&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid...s=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-12-11 12:21:41&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CtxIEInterceptorBHO Class -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: HKLM-x32 {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Taylor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Taylor\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Taylor\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Taylor\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Taylor\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Taylor\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Pocket - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\isreaditlater@ideashower.com [2014-07-09]
FF Extension: Evernote Web Clipper - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-20]
FF Extension: Wired-Marker - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2013-12-04]
FF Extension: Springpad Extension - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\ext@sprng.me.xpi [2012-12-22]
FF Extension: FireGestures - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\firegestures@xuldev.org.xpi [2013-12-04]
FF Extension: Lightbeam - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-09-24]
FF Extension: Reddit Enhancement Suite - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-12-04]
FF Extension: Thumbnail Zoom Plus - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-12-04]
FF Extension: Adblock Plus - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5fbd0lyt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-09]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-07-21]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-14]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-09-01]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={BD803...s=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-11 12:21:41&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google

ageClassification}{google:searchVersion}{google:sessionToken}{google

refetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-15]
CHR Extension: (Codec-V) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2012-03-02]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-09-19]
CHR Extension: (Google Voice (by Google)) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-14]
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\Users\Taylor\AppData\Local\Premiumplay Codec-C\Chrome\Premiumplay Codec-C.crx [2012-01-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1459872 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 Secunia CSI Agent; C:\Program Files (x86)\Secunia\CSI\csia-v5.0.1.1004.exe [716800 2012-01-31] (Secunia) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [987704 2010-12-21] (Secunia)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-02] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 23:37 - 2014-11-02 23:48 - 00035622 _____ () C:\Users\Taylor\Downloads\FRST.txt
2014-11-02 23:36 - 2014-11-02 23:39 - 00000000 ____D () C:\FRST
2014-11-02 23:33 - 2014-11-02 23:35 - 02114560 _____ (Farbar) C:\Users\Taylor\Downloads\FRST64.exe
2014-11-02 18:40 - 2014-11-02 18:40 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-02 18:36 - 2014-11-02 23:11 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-02 18:33 - 2014-11-02 18:34 - 11222744 _____ (SurfRight B.V.) C:\Users\Taylor\Downloads\HitmanPro_x64.exe
2014-11-02 18:32 - 2014-11-02 18:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-02 18:29 - 2014-11-02 18:31 - 10284408 _____ (SurfRight B.V.) C:\Users\Taylor\Downloads\HitmanPro.exe
2014-11-01 19:46 - 2014-11-02 23:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-01 19:42 - 2014-11-01 19:42 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-01 19:42 - 2014-11-01 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-01 19:41 - 2014-11-01 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-01 19:41 - 2014-11-01 19:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-01 19:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-01 19:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-01 19:41 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-01 19:12 - 2014-11-01 19:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Taylor\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-01 19:06 - 2014-11-01 19:32 - 00005206 _____ () C:\Users\Taylor\Desktop\Rkill.txt
2014-11-01 18:56 - 2014-11-01 18:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Taylor\Downloads\iExplore.exe
2014-11-01 18:04 - 2014-11-01 18:22 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Taylor\Downloads\tdsskiller.exe
2014-10-30 23:20 - 2014-10-30 23:20 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-30 23:20 - 2014-10-30 23:20 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-30 23:19 - 2014-11-01 20:45 - 00000000 ____D () C:\Users\Taylor\AppData\Roaming\FrameworkUpdate7
2014-10-30 23:19 - 2014-10-30 23:19 - 00000448 ____H () C:\Users\Taylor\AppData\Roaming\麽鎒駓覜
2014-10-29 13:06 - 2014-10-29 13:06 - 00227840 _____ () C:\Users\Taylor\Downloads\Phonics (1).ppt
2014-10-29 12:40 - 2014-11-01 20:56 - 00003224 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3546379460-2061304295-809048746-1000
2014-10-29 01:59 - 2014-10-29 01:59 - 00227840 _____ () C:\Users\Taylor\Downloads\Phonics.ppt
2014-10-28 21:59 - 2014-11-01 20:56 - 00003356 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3546379460-2061304295-809048746-1000
2014-10-28 21:52 - 2014-10-28 22:00 - 00000000 ____D () C:\ProgramData\VedkOkaki
2014-10-28 21:51 - 2014-10-30 23:16 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-28 15:41 - 2014-11-02 23:06 - 00038726 _____ () C:\Windows\PFRO.log
2014-10-28 15:18 - 2014-10-28 15:18 - 00000000 ____D () C:\Users\Taylor\AppData\Roaming\AVG2015
2014-10-28 15:16 - 2014-10-28 15:16 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-28 15:11 - 2014-10-28 21:53 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-28 15:02 - 2014-10-28 15:47 - 00000000 ____D () C:\Users\Taylor\AppData\Local\Avg2015
2014-10-28 13:26 - 2014-11-02 23:06 - 00000392 _____ () C:\Windows\setupact.log
2014-10-28 13:26 - 2014-10-28 13:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-28 03:19 - 2014-10-28 03:19 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-28 02:34 - 2014-11-01 20:50 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-28 00:26 - 2014-10-28 00:26 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-28 00:26 - 2014-10-28 00:26 - 00001173 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-28 00:26 - 2014-10-28 00:26 - 00000000 ____D () C:\Users\Taylor\AppData\Roaming\TeamViewer
2014-10-28 00:25 - 2014-10-28 00:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-28 00:21 - 2014-10-28 00:23 - 06588560 _____ (TeamViewer GmbH) C:\Users\Taylor\Downloads\TeamViewer_Setup_en-ckj (1).exe
2014-10-25 13:39 - 2014-10-25 13:39 - 00880272 _____ (Google Inc.) C:\Users\Taylor\Downloads\googledrivesync.exe
2014-10-23 16:37 - 2014-10-23 16:37 - 01055936 _____ (Adobe) C:\Users\Taylor\Downloads\install_flashplayer15x32axau_mssa_aaa_aih.exe
2014-10-22 22:04 - 2014-10-22 22:05 - 00914700 _____ () C:\Users\Taylor\Downloads\bilingualpresentation.pptx
2014-10-22 22:04 - 2014-10-22 22:04 - 00370606 _____ () C:\Users\Taylor\Downloads\P441+Nikita.pptx
2014-10-22 22:04 - 2014-10-22 22:04 - 00108772 _____ () C:\Users\Taylor\Downloads\2007Humphries_AlTimeCourseSemanticProcessing (1).pptx
2014-10-22 22:02 - 2014-10-22 22:02 - 01324830 _____ () C:\Users\Taylor\Downloads\441+Presentation+.pptx
2014-10-21 18:42 - 2014-10-21 18:44 - 54843354 _____ () C:\Users\Taylor\Downloads\084_ChalkMenu.zip
2014-10-21 17:09 - 2014-10-21 17:10 - 01721344 _____ () C:\Users\Taylor\Downloads\FAP-Chapter 10.ppt
2014-10-21 02:09 - 2014-10-21 02:09 - 03273231 _____ () C:\Users\Taylor\Downloads\Sentence+Comprehension-2.pptx
2014-10-21 00:54 - 2014-10-21 00:54 - 02807768 _____ () C:\Users\Taylor\Downloads\305-grunge_brushes_2_by_ipnotika.zip
2014-10-21 00:54 - 2014-10-21 00:54 - 02658748 _____ () C:\Users\Taylor\Downloads\304-grunge_brushes_by_ipnotika.zip
2014-10-17 19:41 - 2014-10-17 19:41 - 00092389 _____ () C:\Users\Taylor\Downloads\Sribbles_by_Ransie3.zip
2014-10-16 01:36 - 2014-09-29 00:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 01:35 - 2014-06-18 22:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 01:35 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 01:35 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 01:35 - 2014-06-18 22:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 01:35 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 01:35 - 2014-06-18 22:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 01:32 - 2014-10-31 17:22 - 00000000 ____D () C:\Users\Taylor\Documents\Photoshop
2014-10-16 01:25 - 2014-09-19 23:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 01:25 - 2014-09-19 23:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 01:25 - 2014-09-19 23:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 01:25 - 2014-09-19 23:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 01:25 - 2014-09-19 23:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 01:25 - 2014-09-19 23:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 01:25 - 2014-09-19 23:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 01:25 - 2014-09-19 23:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 01:25 - 2014-09-19 23:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 01:25 - 2014-09-19 23:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 01:25 - 2014-09-19 22:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 01:25 - 2014-09-19 22:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-16 01:25 - 2014-09-19 22:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 01:25 - 2014-09-19 22:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 01:25 - 2014-09-19 22:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 01:25 - 2014-09-19 22:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-16 01:25 - 2014-09-19 22:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 01:25 - 2014-09-19 22:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 01:25 - 2014-09-19 22:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 01:25 - 2014-09-19 22:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 01:24 - 2014-09-20 00:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 01:24 - 2014-09-19 23:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 01:24 - 2014-09-19 23:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 01:24 - 2014-09-19 23:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 01:24 - 2014-09-19 23:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 01:24 - 2014-09-19 23:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 01:24 - 2014-09-19 23:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 01:24 - 2014-09-19 23:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 01:24 - 2014-09-19 23:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 01:24 - 2014-09-19 23:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 01:24 - 2014-09-19 23:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 01:24 - 2014-09-19 22:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 01:24 - 2014-09-19 22:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 01:24 - 2014-09-19 22:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 01:24 - 2014-09-19 22:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 01:24 - 2014-09-19 22:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 01:24 - 2014-09-19 22:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 01:24 - 2014-09-19 22:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 01:24 - 2014-09-19 22:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-16 01:24 - 2014-09-19 22:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-16 01:24 - 2014-09-19 22:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-16 01:24 - 2014-09-19 22:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 01:20 - 2014-08-19 03:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-16 01:20 - 2014-08-19 03:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-16 01:20 - 2014-08-19 03:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 01:20 - 2014-08-19 03:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 01:20 - 2014-08-19 03:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 01:20 - 2014-08-19 03:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 01:20 - 2014-08-19 02:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-16 01:20 - 2014-08-19 02:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-16 01:20 - 2014-08-19 02:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 01:20 - 2014-07-07 02:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 01:20 - 2014-07-07 02:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 01:20 - 2014-07-07 02:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-16 01:20 - 2014-07-07 02:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 01:20 - 2014-07-07 02:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 01:20 - 2014-07-07 02:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 01:20 - 2014-07-07 02:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 01:20 - 2014-07-07 02:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 01:20 - 2014-07-07 01:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 01:20 - 2014-07-07 01:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-16 01:20 - 2014-07-07 01:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-16 01:20 - 2014-07-07 01:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-16 01:20 - 2014-07-07 01:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-16 01:20 - 2014-07-07 01:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-16 01:20 - 2014-07-07 01:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-16 01:20 - 2014-06-28 00:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 01:20 - 2014-06-28 00:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 01:19 - 2014-08-19 03:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-16 01:19 - 2014-08-19 03:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-16 01:19 - 2014-08-19 03:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-16 01:19 - 2014-08-19 03:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 01:19 - 2014-07-07 02:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 01:19 - 2014-07-07 02:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 01:19 - 2014-07-07 02:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 01:19 - 2014-07-07 02:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 01:19 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 01:19 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 01:19 - 2014-07-07 02:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 01:19 - 2014-07-07 02:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 01:19 - 2014-07-07 02:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 01:19 - 2014-07-07 02:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 01:19 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-16 01:19 - 2014-07-07 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-16 01:19 - 2014-07-07 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-16 01:19 - 2014-07-07 01:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-16 01:19 - 2014-07-07 01:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-16 01:19 - 2014-07-07 01:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-16 01:19 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-16 01:19 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-16 01:19 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-16 01:19 - 2014-06-28 00:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 01:06 - 2014-09-04 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 01:06 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 01:03 - 2014-07-17 02:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 01:03 - 2014-07-17 02:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 01:03 - 2014-07-17 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 01:03 - 2014-07-17 02:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 01:03 - 2014-07-17 02:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 01:03 - 2014-07-17 02:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 01:03 - 2014-07-17 02:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 01:03 - 2014-07-17 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 01:03 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 01:03 - 2014-07-17 01:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 01:03 - 2014-07-17 01:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 01:03 - 2014-07-17 01:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 01:03 - 2014-07-17 01:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 01:03 - 2014-07-17 01:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 01:03 - 2014-07-17 01:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 01:03 - 2014-07-17 01:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 01:03 - 2014-05-30 08:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-16 01:03 - 2014-05-30 08:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-16 01:03 - 2014-05-30 08:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-16 01:03 - 2014-05-30 08:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-16 01:03 - 2014-05-30 07:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-16 01:03 - 2014-05-30 07:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-16 01:03 - 2014-05-30 07:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-16 01:03 - 2014-05-30 07:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-16 01:02 - 2014-09-13 01:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 01:02 - 2014-09-13 01:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 00:24 - 2014-10-16 00:24 - 02472517 _____ () C:\Users\Taylor\Downloads\theleagueof-league-gothic-64c3ede.zip
2014-10-15 20:32 - 2014-10-15 20:33 - 00000000 ____D () C:\Users\Taylor\Downloads\pixel-patterns
2014-10-13 20:49 - 2014-10-13 20:49 - 00003518 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Taylor-THINKPAD-Taylor
2014-10-13 18:44 - 2014-10-13 18:44 - 00000000 ____D () C:\Users\Taylor\Documents\Adobe
2014-10-13 18:06 - 2014-10-13 18:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-13 17:58 - 2014-10-13 20:49 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-13 17:58 - 2014-10-13 17:58 - 00001912 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 12.lnk
2014-10-13 17:58 - 2014-10-13 17:58 - 00001896 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 12.lnk
2014-10-13 17:58 - 2013-07-19 02:01 - 00056336 ____N (Corel Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2014-10-13 17:58 - 2012-04-24 02:01 - 00011376 ____N (Corel Corporation) C:\Windows\system32\Drivers\cdralw2k.sys
2014-10-13 17:58 - 2012-04-24 02:01 - 00010864 ____N (Corel Corporation) C:\Windows\system32\Drivers\cdr4_xp.sys
2014-10-13 17:34 - 2014-10-13 17:41 - 1356645576 _____ () C:\Users\Taylor\Downloads\AdobePhotoshopElements12.exe
2014-10-13 12:40 - 2014-10-16 21:59 - 00000738 _____ () C:\Users\Taylor\Desktop\gsys2.properties
2014-10-09 16:58 - 2014-10-09 16:58 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-09 16:58 - 2014-10-09 16:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-09 16:58 - 2014-10-09 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-09 13:58 - 2014-10-09 13:58 - 00108772 _____ () C:\Users\Taylor\Downloads\2007Humphries_AlTimeCourseSemanticProcessing.pptx
2014-10-08 16:43 - 2014-10-08 16:43 - 00772608 _____ () C:\Users\Taylor\Downloads\chairstructures.ppt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 23:55 - 2013-11-09 16:37 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-02 23:48 - 2011-07-21 02:43 - 01449058 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 23:42 - 2011-10-04 03:29 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{53233E85-CD43-420C-BB01-5159AD8B1FB0}
2014-11-02 23:40 - 2011-08-12 07:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 23:39 - 2011-08-12 07:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 23:24 - 2013-09-25 14:21 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3546379460-2061304295-809048746-1000UA.job
2014-11-02 23:17 - 2009-07-14 04:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 23:17 - 2009-07-14 04:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 23:16 - 2012-11-14 15:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 23:16 - 2009-07-14 05:13 - 00783418 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 23:10 - 2013-02-14 02:00 - 00000604 _____ () C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2014-11-02 23:10 - 2011-08-22 00:40 - 00000000 ____D () C:\Users\Taylor\AppData\Roaming\Skype
2014-11-02 23:07 - 2011-08-12 04:55 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-11-02 23:06 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 18:45 - 2011-10-05 15:34 - 00000000 ____D () C:\Users\Taylor\AppData\Local\CrashDumps
2014-11-02 17:17 - 2011-08-12 04:55 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-11-02 16:54 - 2011-08-12 04:55 - 00003508 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-11-01 20:50 - 2009-07-14 05:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 20:50 - 2009-07-14 03:20 - 00000000 __RSD () C:\Windows\Media
2014-11-01 20:46 - 2012-03-01 17:25 - 00000000 ____D () C:\ProgramData\InstallMate
2014-11-01 20:45 - 2012-03-01 17:26 - 00000000 ____D () C:\Program Files (x86)\Premiumplay Codec-C
2014-10-30 11:25 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 17:37 - 2014-07-08 22:28 - 00000000 ____D () C:\Users\Taylor\Documents\2014-2015
2014-10-29 02:00 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\Taylor\AppData\Local\Adobe
2014-10-28 20:27 - 2011-08-12 05:19 - 00000000 ____D () C:\Users\Taylor\AppData\Roaming\Mozilla
2014-10-28 15:16 - 2014-03-31 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-28 15:11 - 2013-11-09 16:40 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-28 13:25 - 2009-07-14 04:45 - 00585408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 03:19 - 2011-08-12 03:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-28 01:15 - 2011-08-12 04:59 - 00146112 _____ () C:\Users\Taylor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-28 00:55 - 2011-08-12 07:40 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 00:49 - 2012-02-29 21:42 - 00000000 ____D () C:\Windows\Minidump
2014-10-27 22:22 - 2011-07-21 02:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-26 22:23 - 2013-02-14 13:48 - 00000000 ____D () C:\Users\Taylor\Documents\MATLAB
2014-10-26 22:15 - 2013-09-12 23:29 - 00000000 ____D () C:\Users\Taylor\Documents\2013-2014
2014-10-26 22:14 - 2012-08-05 02:14 - 00000000 ____D () C:\Users\Taylor\Documents\2012-2013
2014-10-19 23:19 - 2013-09-25 14:21 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3546379460-2061304295-809048746-1000UA
2014-10-19 23:19 - 2013-09-25 14:21 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3546379460-2061304295-809048746-1000Core
2014-10-19 23:19 - 2013-09-25 14:21 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3546379460-2061304295-809048746-1000Core.job
2014-10-18 22:34 - 2011-08-12 07:40 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 22:34 - 2011-08-12 07:40 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 12:54 - 2013-01-04 01:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-16 12:51 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 12:43 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 12:43 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 01:38 - 2011-08-12 05:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 20:37 - 2011-07-21 03:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-15 16:48 - 2011-08-12 05:02 - 00000000 ____D () C:\Users\Taylor\AppData\Roaming\Adobe
2014-10-13 17:59 - 2013-01-04 01:44 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-13 17:45 - 2012-02-02 23:08 - 00000000 ____D () C:\IUware Online
2014-10-13 12:39 - 2014-09-08 16:00 - 00000738 _____ () C:\Users\Taylor\Downloads\gsys2.properties
2014-10-09 16:58 - 2011-08-22 00:40 - 00000000 ____D () C:\ProgramData\Skype
2014-10-09 16:53 - 2012-05-11 02:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-09 16:53 - 2011-08-12 04:55 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-06 19:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\spool
2014-10-04 17:03 - 2011-08-12 04:55 - 00004246 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

Some content of TEMP:
====================
C:\Users\Taylor\AppData\Local\Temp\HitmanPro.exe
C:\Users\Taylor\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Taylor\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Taylor at 2014-11-03 00:00:11
Running from C:\Users\Taylor\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - )
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - )
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.200.22 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Foxit Reader 5.0 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.0.2.718 - Foxit Corporation)
Get Connected Engine 2.5 (HKLM-x32\...\{9F320B99-4F38-43F3-B51B-2242F458684F}) (Version: 2.52.0 - Indiana University)
Get Connected Fall 2012 (HKLM-x32\...\{F84C24C0-1863-4A22-A0EE-9A4073C89718}) (Version: 12.3.28.1282 - Indiana University)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Gramblr (HKCU\...\Gramblr) (Version: 1.0.0 - Gramblr)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Display (HKLM-x32\...\{025055FC-779B-42F3-95A5-F6926B2964EF}) (Version: 2.0.31.0 - Intel Corporation)
iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
IU Printer Finder (HKLM-x32\...\{60DF2B1C-CDD1-4A50-AA4B-AA1CC6105E92}) (Version: 6.0.40.0 - Indiana University)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Last.fm 1.5.4.27091 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MATLAB R2012a Student Version (32-bit) (HKLM-x32\...\Matlab SV R2012a) (Version: 7.14 - The MathWorks, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.42.00 - )
Online Plug-in (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 8.0 - PlotSoft LLC)
Premiumplay Codec-C (HKLM-x32\...\Premiumplay Codec-C) (Version: 1.6.146.147 - WebPicks) <==== ATTENTION
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Scribus 1.4.1 (HKLM-x32\...\Scribus 1.4.1) (Version: 1.4.1 - The Scribus Team)
Secunia Agent Installer (HKLM-x32\...\{A19C00BE-D1F5-49DA-AC29-F213FE42C43B}) (Version: 2.0.1.0 - Indiana University)
Secunia PSI (2.0.0.1003) (HKLM-x32\...\Secunia PSI) (Version: - )
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.02 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIPAccess (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.1.91 - VeriSign)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (HKLM\...\D01A7EE241898C810674C69EB908D655D149BE77) (Version: 01/19/2011 1.62.00.00 - Lenovo)
Windows Driver Package - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)
Windows Driver Package - Synaptics (SynTP) Mouse (05/05/2011 15.3.6.0) (HKLM\...\C63C03BF3BE2B6F6204BB54541690449FFF79F4F) (Version: 05/05/2011 15.3.6.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Phone app for desktop (HKLM-x32\...\{E786AE85-8A30-4CF2-BF70-57404A5CD684}) (Version: 1.0.1720.1 - Microsoft Corporation)
WinSCP 5.1.4 (HKLM-x32\...\winscp3_is1) (Version: 5.1.4 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3546379460-2061304295-809048746-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Taylor\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3546379460-2061304295-809048746-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Taylor\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3546379460-2061304295-809048746-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Taylor\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3546379460-2061304295-809048746-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3546379460-2061304295-809048746-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Taylor\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3546379460-2061304295-809048746-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Taylor\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

02-11-2014 15:01:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00067467-D841-4C52-AA28-B3F194A65532} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {0126E488-20C2-45E3-AA81-3D00914E30B5} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {081DB399-0D4A-453F-882C-F86C22EE4026} - System32\Tasks\AdobeAAMUpdater-1.0-Taylor-THINKPAD-Taylor => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {23DDFC5A-E7F6-4C0B-9518-778683BFAF1B} - System32\Tasks\MsgUpdateCheck (ed5bac9b-5ca0-4f99-aa46-a881a08ff6f3) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-04-30] (MarkedUp Inc)
Task: {261CAFEE-57BB-48C4-B736-D8A848A1ADF2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3546379460-2061304295-809048746-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {3AF6AFE1-0EF0-417E-8010-604313854DE8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {4F46F330-410D-476D-B9C6-8E458DD7F7E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {5600C4DF-48C4-44BD-AA44-A0ECAAFA078B} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {838E3D91-6DED-42E9-BD26-69C695E0CC56} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3546379460-2061304295-809048746-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {8671F94E-5680-4A1B-9099-682820F897CB} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {9E5EC024-E247-45EF-A608-5CD0102FEFBA} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {A88E0F50-01B7-42D6-9EAA-1EE7E0859F34} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {AACE16FC-3E13-461F-BE6A-E0F2A5C21395} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3546379460-2061304295-809048746-1000Core => C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {B7659BFA-5005-4AF0-99A3-4FC4C7C0CE32} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&lang=en
Task: {B7CD9B07-65CE-472C-9ECA-0E0F20B2EC44} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {B99DC69E-5EBF-4D78-8313-ECF3DA7EDDE4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {CC766286-86A9-42F7-AF6B-F450AC847451} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {EBF6BCB3-50B2-4C7F-9E1D-DE5E8C555D8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {F35AC10F-05A0-4583-966F-F88848095967} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3546379460-2061304295-809048746-1000UA => C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {FCF4A1FD-6051-4614-BAA9-008BCE55CB6C} - System32\Tasks\MATLAB R2012a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe [2011-12-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3546379460-2061304295-809048746-1000Core.job => C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3546379460-2061304295-809048746-1000UA.job => C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2010-12-17 20:53 - 2010-12-17 20:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-07-21 02:29 - 2011-05-05 11:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2010-12-17 20:53 - 2010-12-17 20:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-21 02:55 - 2010-10-26 03:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-07-21 02:55 - 2011-04-27 23:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-01 16:50 - 2014-09-01 16:48 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-08-11 15:05 - 2014-08-11 15:03 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2009-05-28 05:09 - 2009-05-28 05:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-07-21 02:58 - 2010-04-06 16:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-07-21 02:58 - 2010-04-06 16:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2011-05-26 17:42 - 2011-05-26 17:42 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-12-12 13:31 - 2014-09-01 16:40 - 01654296 ____N () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-08-11 15:05 - 2014-08-11 15:03 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-09-26 19:26 - 2014-09-26 19:27 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-04-03 14:53 - 2012-04-03 14:53 - 00011704 _____ () C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3546379460-2061304295-809048746-500 - Administrator - Disabled)
NotGuest (S-1-5-21-3546379460-2061304295-809048746-501 - Limited - Disabled)
Taylor (S-1-5-21-3546379460-2061304295-809048746-1000 - Administrator - Enabled) => C:\Users\Taylor

==================== Faulty Device Manager Devices =============

Name: ThinkPad PM Device
Description: ThinkPad PM Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: IBMPMDRV
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 11:09:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 06:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16584, time stamp: 0x541cb3c5
Exception code: 0xc0000005
Fault offset: 0x00260cee
Faulting process id: 0x2d88
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 06:08:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16584, time stamp: 0x541cb3c5
Exception code: 0xc0000005
Fault offset: 0x00260cee
Faulting process id: 0x32bc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 05:32:42 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2472) Asapi: (17:32:42:0250)(2472) IPC2.IPCServerManager - Error -- 196 stopConnections() timed out.

Error: (11/02/2014 05:32:34 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2472) Asapi: (17:32:34:5590)(2472) Engine.main - Error -- 189 Could not stop connections

Error: (11/02/2014 05:32:33 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2472) Asapi: (17:32:32:3380)(2472) IPC2.IPCServerManager - Error -- 196 stopConnections() timed out.

Error: (11/02/2014 05:19:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2472) Asapi: (17:19:08:4800)(2472) enumerator - Error -- 116 pcdrsysinfosoftware: Module timed out after 129242 milliseconds and was terminated

Error: (11/02/2014 05:19:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2472) Asapi: (17:19:08:4410)(2472) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.

Error: (11/02/2014 05:19:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2472) Asapi: (17:19:08:4290)(2472) libCommon.System.Windows - Error -- 726 execAndGetPipeData(./pcdrsysinfosoftware.p5x) readFromPipeTimed failed, killing: 11760

Error: (11/02/2014 05:19:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2472) Asapi: (17:19:07:5570)(2472) libCommon.System.Windows - Error -- 635 readFromPipeTimed(3512) timed out after 119580 totalBytes: 0

System errors:
=============
Error: (11/03/2014 00:06:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:06:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:06:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:06:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:06:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:06:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:06:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:06:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:06:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (11/03/2014 00:05:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Microsoft Office Sessions:
=========================
Error: (10/21/2014 06:11:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6650.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16502 seconds with 3540 seconds of active time. This session ended with a crash.

Error: (10/16/2013 11:00:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 177974 seconds with 21720 seconds of active time. This session ended with a crash.

Error: (07/17/2013 01:18:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1107 seconds with 300 seconds of active time. This session ended with a crash.

Error: (03/27/2013 01:22:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24762 seconds with 4080 seconds of active time. This session ended with a crash.

Error: (03/26/2013 06:29:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5835 seconds with 1560 seconds of active time. This session ended with a crash.

Error: (10/22/2012 01:34:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4533 seconds with 2340 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 55%
Total physical RAM: 4007.23 MB
Available physical RAM: 1764.61 MB
Total Pagefile: 8012.65 MB
Available Pagefile: 4021.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:323.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 069CBF11)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

LastRegBack: 2014-10-16 19:00

==================== End Of Log ============================

TwinHeadedEagle · Nov 3, 2014

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
Please attach all report using

button below. Doing this, you make it easier for me to analyze and fix your problem.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

indesperateneedofIT · Nov 4, 2014

I've attached the Farbar files. I'm watching this thread but I don't see where to make sure I'm receiving email notifications?

TwinHeadedEagle · Nov 5, 2014

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

indesperateneedofIT · Nov 5, 2014

[I think it's installing. Or maybe it's running? What does it mean if it says "backing up registry"?

TwinHeadedEagle · Nov 5, 2014

It is backing up stuff if something bad occurs.

indesperateneedofIT · Nov 5, 2014

Ok good to know

Now it's started scanning for infected files and I got a notification that powershell has stopped working (been getting those all the time). Probably not relevant but just letting you know

TwinHeadedEagle · Nov 5, 2014

No problem, follow my instructions.

indesperateneedofIT · Nov 5, 2014

Sorry I've been in class. Here's the log.

TwinHeadedEagle · Nov 6, 2014

Good. Any progress?

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

indesperateneedofIT · Nov 6, 2014

It seems back to normal! But I guess Malwarebytes Anti-Malware turned back on when my laptop restarted and I have gotten some notifications about blocking an outbound malicious website with the domain "ads.find-all-you-want.com". It happens far less frequently (not at all today for instance) and doesn't seem to be slowing my computer down though. Also, I've attached a print screen of some error messages that popped up when I first restarted.

TwinHeadedEagle · Nov 6, 2014

Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

AVG Internet Security 2015
Microsoft Security Essentials

Uninstallation procedure:

Press the

+ R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

indesperateneedofIT · Nov 6, 2014

Uninstalled all but Microsoft Security Essentials. Here's the log!

TwinHeadedEagle · Nov 7, 2014

Good. How is your PC now?

Search

Help with fff5ee and searchnet.blinkxcore malware

indesperateneedofIT

New Member

TwinHeadedEagle

Level 41

indesperateneedofIT

New Member

Attachments

TwinHeadedEagle

Level 41

indesperateneedofIT

New Member

TwinHeadedEagle

Level 41

indesperateneedofIT

New Member

TwinHeadedEagle

Level 41

indesperateneedofIT

New Member

Attachments

TwinHeadedEagle

Level 41

indesperateneedofIT

New Member

Attachments

TwinHeadedEagle

Level 41

Attachments

indesperateneedofIT

New Member

Attachments

TwinHeadedEagle

Level 41

Similar threads