Trogans

Started by Ghost, June 12, 2015, 04:48:06 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Ghost

June 12, 2015, 04:48:06 PM
Hi all,
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by chuck (administrator) on BRENDANGOODRICH on 12-06-2015 11:43:01
Running from C:\Users\chuck\Desktop
Loaded Profiles: chuck (Available Profiles: Brendan Goodrich & chuck)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3130890629-1687865925-2773364408-1005\...\MountPoints2: {ca30a254-dc66-11df-bd61-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2066 2012-12-16] ()
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10400&gct=hp&dc=US&locale=en_US
HKU\S-1-5-21-3130890629-1687865925-2773364408-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A920DF1E-FE11-442E-A46C-715516BE08EC} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {FBD3909B-1305-4A66-8C92-DA17344E03AA} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-20] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-08-12] (Perfect World Entertainment Inc)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [2013-12-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [2013-12-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-02-18] (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-08-12] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-09]
CHR Extension: (Google Docs) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-09]
CHR Extension: (Google Drive) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-09]
CHR Extension: (YouTube) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-09]
CHR Extension: (Google Search) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-09]
CHR Extension: (Google Sheets) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-09]
CHR Extension: (Avira Browser Safety) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-06-09]
CHR Extension: (Bookmark Manager) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-09]
CHR Extension: (Google Wallet) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-09]
CHR Extension: (Gmail) - C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-05-27] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S4 DDNIMSGService; C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [171872 2010-07-20] (Digital Delivery Networks, Inc.) [File not signed]
S4 DDNIService; C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-05] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-05] (Sonic Solutions)
S4 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-03-15] (Lenovo Group Limited) [File not signed]
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-05-27] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-03-02] ()
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 11:37 - 2015-06-12 11:43 - 00016035 _____ C:\Users\chuck\Desktop\FRST.txt
2015-06-12 11:35 - 2015-06-12 11:35 - 00000000 __SHD C:\Users\chuck\AppData\Local\EmieUserList
2015-06-12 11:35 - 2015-06-12 11:35 - 00000000 __SHD C:\Users\chuck\AppData\Local\EmieSiteList
2015-06-12 11:35 - 2015-06-12 11:35 - 00000000 __SHD C:\Users\chuck\AppData\Local\EmieBrowserModeList
2015-06-12 11:33 - 2015-06-12 11:43 - 00000000 ____D C:\FRST
2015-06-12 11:24 - 2015-06-12 11:24 - 00852662 _____ C:\Users\chuck\Desktop\SecurityCheck.exe
2015-06-12 11:22 - 2015-06-12 11:22 - 02108928 _____ (Farbar) C:\Users\chuck\Desktop\FRST64.exe
2015-06-12 10:27 - 2015-06-12 10:27 - 00000000 ____D C:\7e15000405bce84b1c7db73838b3fe
2015-06-12 10:23 - 2015-06-12 10:23 - 00000000 ____D C:\Users\chuck\AppData\Local\Mozilla
2015-06-12 10:19 - 2015-06-12 10:19 - 00000000 ____D C:\Users\chuck\AppData\Roaming\Macromedia
2015-06-12 10:11 - 2015-06-12 10:11 - 00001900 _____ C:\Users\chuck\Desktop\CCleaner.lnk
2015-06-12 10:11 - 2015-06-12 10:11 - 00000000 ____D C:\Users\chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-12 10:07 - 2007-04-24 12:19 - 00050688 _____ (Atribune.org) C:\Users\chuck\Desktop\ATF-Cleaner.exe
2015-06-10 11:29 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 11:29 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 11:29 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 11:29 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 11:29 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 11:29 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 11:29 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 11:29 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 11:29 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 11:29 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 11:29 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 11:29 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 11:29 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 11:29 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 11:29 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 11:29 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 11:29 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 11:29 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 11:29 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 11:29 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 11:29 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 11:29 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 11:29 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 11:29 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 11:29 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 11:29 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 11:29 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 11:29 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 11:29 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 11:29 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 11:29 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 11:29 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 11:29 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 11:29 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 11:29 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 11:29 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 11:29 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 11:29 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 11:29 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 11:29 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 11:29 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 11:29 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 11:29 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 11:29 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 11:29 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 11:29 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 11:29 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 11:29 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 11:29 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 11:29 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 11:29 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 11:29 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 11:28 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 11:28 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 11:28 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 11:28 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 11:28 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 11:28 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:47 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-09 20:49 - 2015-06-09 20:49 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-06-09 20:48 - 2015-06-09 20:48 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-06-09 20:48 - 2015-06-09 20:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-06-09 20:48 - 2015-06-09 20:48 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-06-09 20:48 - 2015-06-09 20:48 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-09 20:48 - 2015-06-09 20:48 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-06-09 20:48 - 2015-06-09 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-06-09 20:48 - 2015-06-09 20:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-09 20:48 - 2015-06-09 20:48 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-09 20:47 - 2015-06-09 20:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-06-09 20:47 - 2015-06-09 20:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-06-09 20:47 - 2015-06-09 20:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-06-09 20:47 - 2015-06-09 20:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-06-09 20:47 - 2015-06-09 20:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-06-09 20:47 - 2015-06-09 20:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-06-09 20:47 - 2015-06-09 20:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-09 20:47 - 2015-06-09 20:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-09 20:47 - 2015-06-09 20:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-09 19:31 - 2015-06-09 19:31 - 00000000 ____D C:\Users\chuck\AppData\Roaming\Avira
2015-06-09 19:28 - 2015-05-27 13:07 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 19:28 - 2015-05-27 13:07 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-09 19:28 - 2015-05-27 13:07 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-06-09 19:28 - 2015-05-27 13:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-06-09 06:12 - 2015-06-09 06:12 - 00001203 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-09 06:11 - 2015-06-09 06:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-09 06:10 - 2015-06-09 06:11 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\chuck\Downloads\avira_en_av_5576b99a7b0e3__ws.exe
2015-06-09 05:59 - 2015-06-09 05:59 - 08009728 _____ (TeamViewer GmbH) C:\Users\chuck\Downloads\TeamViewer_Setup_en.exe
2015-06-09 05:34 - 2015-06-09 05:34 - 00133120 _____ C:\Users\chuck\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-09 05:33 - 2015-06-10 06:24 - 00001428 _____ C:\Users\chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-09 05:33 - 2015-06-09 19:29 - 00000000 ____D C:\Users\chuck\AppData\Local\Google
2015-06-09 05:33 - 2015-06-09 05:57 - 00002270 _____ C:\Users\chuck\Desktop\Google Chrome.lnk
2015-06-09 05:33 - 2015-06-09 05:33 - 00000000 ____D C:\Users\chuck\AppData\Roaming\Adobe
2015-06-09 05:32 - 2015-06-09 05:32 - 00000000 ____D C:\Users\chuck\AppData\Roaming\Motorola Mobility
2015-06-09 05:32 - 2015-06-09 05:32 - 00000000 ____D C:\Users\chuck\AppData\Local\VirtualStore
2015-06-09 05:31 - 2015-06-09 05:32 - 00000000 ____D C:\Users\chuck
2015-06-09 05:31 - 2015-06-09 05:31 - 00000020 ___SH C:\Users\chuck\ntuser.ini
2015-06-09 05:31 - 2014-02-10 15:59 - 00002115 _____ C:\Users\chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-06-09 05:31 - 2013-09-26 03:08 - 00000000 ____D C:\Users\chuck\AppData\Local\Microsoft Help
2015-06-09 05:31 - 2012-08-28 12:27 - 00000000 ____D C:\Users\chuck\AppData\Roaming\Motorola
2015-06-09 05:31 - 2012-06-07 17:32 - 00000000 ____D C:\Users\chuck\AppData\Local\AskToolbar
2015-06-09 05:31 - 2009-07-14 00:54 - 00000000 ___RD C:\Users\chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-09 05:31 - 2009-07-14 00:49 - 00000000 ___RD C:\Users\chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-08 21:32 - 2015-06-08 21:35 - 08009728 _____ (TeamViewer GmbH) C:\Users\Brendan Goodrich\Downloads\TeamViewer_Setup_en.exe
2015-06-08 20:00 - 2015-06-09 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-07 19:58 - 2015-06-08 20:45 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-07 19:54 - 2015-06-07 19:54 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-06-07 19:49 - 2015-06-07 19:49 - 09326384 _____ (TeamViewer GmbH) C:\Users\Brendan Goodrich\Downloads\TeamViewer_Setup (1).exe
2015-06-07 19:45 - 2015-06-07 19:46 - 09326384 _____ (TeamViewer GmbH) C:\Users\Brendan Goodrich\Downloads\TeamViewer_Setup.exe
2015-06-07 19:19 - 2015-06-07 19:22 - 04176437 _____ C:\Users\Brendan Goodrich\Downloads\tdsskiller.zip
2015-06-07 16:42 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-07 16:42 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-07 16:42 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-07 16:42 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-07 16:42 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-07 16:42 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-07 16:42 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-07 16:42 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-07 15:17 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-07 15:17 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-07 15:17 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-07 15:17 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-07 15:17 - 2015-04-03 23:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-07 15:17 - 2015-04-03 23:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-07 15:17 - 2015-04-03 23:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-07 15:17 - 2015-04-03 23:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-07 15:17 - 2015-04-03 23:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-07 15:17 - 2015-04-03 23:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-07 15:17 - 2015-04-03 23:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-07 15:17 - 2015-04-03 23:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-07 15:17 - 2015-04-03 23:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-07 15:17 - 2015-04-03 23:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-07 15:17 - 2015-04-03 23:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-07 15:17 - 2015-04-03 23:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-07 15:17 - 2015-04-03 23:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-07 15:17 - 2015-04-03 23:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-07 15:17 - 2015-04-03 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-07 15:17 - 2015-04-03 23:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-07 15:17 - 2015-04-03 23:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-07 15:17 - 2015-04-03 23:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-07 15:17 - 2015-04-03 23:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-07 15:17 - 2015-04-03 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-07 15:17 - 2015-04-03 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-07 14:17 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-07 14:17 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-07 14:17 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-07 14:16 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-07 14:16 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-07 14:16 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-07 14:16 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-07 14:16 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-07 14:15 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-22 23:17 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-22 23:17 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-22 23:17 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-22 23:17 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-22 23:17 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-22 23:17 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-22 23:17 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-22 23:03 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-22 21:27 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-22 21:27 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-16 18:42 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 18:42 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 11:35 - 2010-10-20 12:30 - 01797173 _____ C:\Windows\WindowsUpdate.log
2015-06-12 11:30 - 2013-09-23 12:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 11:29 - 2011-09-19 08:22 - 00000000 ____D C:\Program Files (x86)\Registry Mechanic
2015-06-12 11:26 - 2013-09-23 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-12 11:18 - 2013-07-27 09:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-12 11:17 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-12 11:15 - 2009-07-14 00:45 - 00025408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-12 11:15 - 2009-07-14 00:45 - 00025408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-12 11:08 - 2011-09-18 15:48 - 00000000 ____D C:\Windows\Minidump
2015-06-12 11:06 - 2014-10-10 12:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-12 11:06 - 2012-08-28 12:30 - 00000000 ____D C:\Temp
2015-06-12 11:05 - 2014-10-10 12:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-12 11:05 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-12 10:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 10:54 - 2013-10-14 12:55 - 00000982 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-3130890629-1687865925-2773364408-1001UA.job
2015-06-12 10:28 - 2013-12-20 13:34 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 10:27 - 2011-09-19 09:14 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 17:43 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
2015-06-10 12:54 - 2013-10-14 12:55 - 00000930 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-3130890629-1687865925-2773364408-1001Core.job
2015-06-10 12:00 - 2010-10-20 13:00 - 00000332 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-10 10:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 06:29 - 2014-08-30 22:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-09 19:27 - 2013-07-27 12:50 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-09 19:27 - 2012-06-07 17:31 - 00000000 ____D C:\ProgramData\Avira
2015-06-09 18:50 - 2014-10-10 12:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-09 18:50 - 2014-10-10 12:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-08 21:41 - 2014-02-10 15:59 - 00000000 ___RD C:\Users\Brendan Goodrich\SkyDrive
2015-06-08 21:32 - 2011-09-18 14:24 - 00003998 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{17B8CBF7-88FA-4050-BC07-2133B7B83161}
2015-06-08 21:01 - 2015-03-20 13:31 - 00005040 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BrendanGoodrich-Brendan Goodrich BrendanGoodrich
2015-06-08 20:52 - 2010-10-20 12:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-08 20:49 - 2014-09-21 20:03 - 00000000 ____D C:\Users\Brendan Goodrich\AppData\Roaming\VERIZON
2015-06-08 20:35 - 2012-03-23 19:41 - 03424256 _____ C:\Users\Brendan Goodrich\s-1-5-21-3130890629-1687865925-2773364408-1001.rrr
2015-06-08 20:35 - 2011-09-18 17:20 - 00000000 ____D C:\Users\Brendan Goodrich
2015-06-08 19:59 - 2011-09-19 08:40 - 00000000 ____D C:\Program Files (x86)\SpywareGuard
2015-06-08 06:28 - 2014-12-11 14:21 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-08 06:28 - 2014-05-12 03:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-07 19:32 - 2009-07-14 00:45 - 00500000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-07 19:27 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-07 14:29 - 2014-08-30 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-07 14:29 - 2014-08-30 21:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-07 14:29 - 2012-05-17 19:28 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-07 14:01 - 2013-11-20 09:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-22 23:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-22 22:33 - 2013-09-09 10:28 - 00000000 ____D C:\Users\Brendan Goodrich\AppData\Roaming\Wing 101 5
2015-05-22 22:33 - 2013-09-09 10:28 - 00000000 ____D C:\Users\Brendan Goodrich\AppData\Local\Wing 101 5
2015-05-22 22:15 - 2014-02-10 15:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-22 21:15 - 2013-10-16 12:22 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2015-05-22 21:09 - 2014-12-02 13:25 - 00002212 _____ C:\Users\Brendan Goodrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-22 21:06 - 2014-08-26 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-05-22 20:58 - 2012-05-17 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-22 20:58 - 2010-10-20 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-16 18:37 - 2012-05-17 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 18:05 - 2010-10-20 13:00 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-05-15 20:45 - 2014-08-26 00:12 - 00000000 ____D C:\Users\Brendan Goodrich\AppData\Local\Battle.net

Some files in TEMP:
====================
C:\Users\Brendan Goodrich\AppData\Local\Temp\{4984FFA8-DD6F-48CE-9011-4BF2D552F46D}-citrio_42.0.2311.257_1.exe
C:\Users\chuck\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-08 21:58

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by chuck at 2015-06-12 11:46:42
Running from C:\Users\chuck\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3130890629-1687865925-2773364408-500 - Administrator - Disabled)
Brendan Goodrich (S-1-5-21-3130890629-1687865925-2773364408-1001 - Administrator - Enabled) => C:\Users\Brendan Goodrich
chuck (S-1-5-21-3130890629-1687865925-2773364408-1005 - Administrator - Enabled) => C:\Users\chuck
Guest (S-1-5-21-3130890629-1687865925-2773364408-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3130890629-1687865925-2773364408-1003 - Limited - Enabled)
station (S-1-5-21-3130890629-1687865925-2773364408-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-zip v9.20 (HKLM-x32\...\7-Zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
CCleaner (remove only) (HKLM-x32\...\CCleaner) (Version:  - )
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DIBS (x32 Version: 1.7.0 - DDNI) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
Java(TM) 6 Update 16 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.29.02 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
jv16 PowerTools 1.3 (HKLM-x32\...\jv16 PowerTools_is1) (Version:  - )
LEGO® MINDSTORMS® NXT - English Language Pack (HKLM-x32\...\{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}) (Version: 1.0.305.0 - The LEGO Group)
LEGO® MINDSTORMS® NXT Driver (HKLM-x32\...\{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}) (Version: 1.0.769 - LEGO)
Lenovo Central (HKLM-x32\...\Lenovo Central) (Version: 1.7.5.10 - DDNI)
Lenovo Idea Notes (HKLM-x32\...\{C0C17EF3-83ED-4956-8638-7354EBE7FFFF}) (Version: 1.6.0.0 - DDNI)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5514.61 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\{67708668-13ED-4CB3-B01F-EEE6155020A7}) (Version: 1.7.5.10 - DDNI)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version:  - Lenovo)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}) (Version: 3.6.0006 - Lenovo)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.2 - Pando Networks Inc.)
Python 3.3.2 (HKLM-x32\...\{92389de9-939e-341b-a076-1d52d7dbca71}) (Version: 3.3.2150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Creator Small Business Edition (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version:  - Microsoft)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0032 - Lenovo)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.10 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.62 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wing IDE 101 5.0.0-b7 (HKLM-x32\...\Wing IDE 101 5.0_is1) (Version:  - )
Wing IDE 4.1.13-1 (HKLM-x32\...\Wing IDE 4.1_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

09-06-2015 19:33:25 Windows Update
09-06-2015 20:16:55 Windows Update
12-06-2015 10:02:59 Windows Update
12-06-2015 11:10:30 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014DD335-17A1-40EF-BCBD-1658C9858ED6} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)<

Ghost

#1
June 12, 2015, 05:07:52 PM
The rest of the logs,
==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014DD335-17A1-40EF-BCBD-1658C9858ED6} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {10DE8494-9484-4BF8-98FA-5D8F51D541B7} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {2CFECD83-29EB-4473-AE33-2E6D02E2A447} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BrendanGoodrich-Brendan Goodrich BrendanGoodrich => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {2E7693DE-1BC6-4ED7-B49A-92FDD72DF8FC} - System32\Tasks\{4A74E187-0A58-4359-BD7C-9CFCE79B9ADA} => pcalua.exe -a E:\setup.exe -d E:\ -c -a
Task: {30A55025-8A28-4A6B-A193-E1B72BCAEE81} - System32\Tasks\{6B930BFA-1B17-4CD2-A0B4-196D7C002C7E} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {40F1B63D-CB63-4771-B2FB-AAD93E592452} - System32\Tasks\{8AA5E256-1BCD-43E6-8AE8-5106999A2755} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {4784AC53-3F05-4761-A61C-8F31BB99E63A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4A509D43-F30F-4879-8CAF-C92FA782E1F8} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {4D6548E4-8BFB-43C0-BC53-1D061EDDCAFA} - System32\Tasks\{461107A2-D707-493A-864C-C477A06AC39D} => pcalua.exe -a "C:\Users\Brendan Goodrich\Desktop\installer tome 2.mpq.part.exe" -d "C:\Users\Brendan Goodrich\Desktop"
Task: {5958D9D9-4DEF-445D-995B-9EDA5869DE7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {5FEE2B0B-21D2-4136-814E-3256AD5AAA2C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {695C5AE5-0713-49F9-A3DB-A8C6C423DE02} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {7DE27FFB-AD60-45EE-83CB-CBF76B659989} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8416A4A2-D682-4F58-8148-CD4C6E9AF638} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {84E7E7CE-5596-40C3-ACCC-1283B8F4588B} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-3130890629-1687865925-2773364408-1001UA => C:\Users\Brendan Goodrich\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-04-29] (Catalina Group Ltd.)
Task: {926A4E9B-AE34-4488-924F-8A58C860441C} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-3130890629-1687865925-2773364408-1001Core => C:\Users\Brendan Goodrich\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2015-04-29] (Catalina Group Ltd.)
Task: {9386351F-659E-4ED9-925D-BD37548D7929} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {97A1579C-C2EE-4016-BCF6-7ED87BC4FD26} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {97D3D388-217E-45BA-878E-077A866EF0AB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-19] (Microsoft Corporation)
Task: {9869855B-234F-48A6-86A5-4517D5DE431A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-03-02] (Lenovo Group Limited)
Task: {9AF8882D-678F-439B-A349-54EF42D9C6AE} - System32\Tasks\{C58870C2-86E0-42AC-B1C9-98973C75FD62} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {9FCD7B58-6CA7-40DA-AD36-60ACDC95C8B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {9FD19E27-0AC0-4E29-ACB6-B49814645E62} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A43D64FF-3A1A-4F2A-A692-523D1CC00C92} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AABE23E4-CD47-4167-B008-2567854186A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B26333A5-61C4-4C85-8FA4-03CD98848ECE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {B293C596-D7D4-40AA-9877-0895C5B8D1CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B2F5A470-C998-4DA5-985D-EE378802AE03} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {CB15A979-D025-4EB8-8742-C261E73B9F9B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {D530C647-CC10-430E-A67D-4C6F7815F255} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-05-07] ()
Task: {D8CBA131-13CC-4389-9D4F-58771D185586} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {DB2117C3-4350-4AA7-9774-CC93179028CE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-06-08] (PC-Doctor, Inc.)
Task: {DBC5E42F-C24B-42E5-969A-71CED024B042} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {DD63D767-8588-47B3-B9CB-E5A141EB58B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E26ED73F-599C-4E1D-BC0C-F2A250875F9F} - System32\Tasks\{0A2157D4-E0C5-44EB-97FF-C36514DDB930} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {EE3913C3-D127-4E62-AC88-887774DD3D4F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-05-07] (PC-Doctor, Inc.)
Task: {F7437DEF-FF4E-4C39-B721-C8AE8CD34381} - System32\Tasks\{A842952A-2112-461B-8E80-8A8C6476A621} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {FB5D852F-41F2-4FD1-9486-0B221D73E45E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-22] (Microsoft Corporation)
Task: {FD1ADA68-9B8C-4F01-A349-2BE18CE47C1E} - System32\Tasks\{44118373-089C-4E15-82E0-1B77B7755B2A} => pcalua.exe -a D:\Installer.exe -d D:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-3130890629-1687865925-2773364408-1001Core.job => C:\Users\Brendan Goodrich\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-3130890629-1687865925-2773364408-1001UA.job => C:\Users\Brendan Goodrich\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe

==================== Loaded Modules (Whitelisted) ==============

2009-09-21 18:04 - 2009-09-21 18:04 - 01501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-28 14:07 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3130890629-1687865925-2773364408-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\chuck\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcPrfMgrSvc => 2
MSCONFIG\Services: AcSvc => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DDNIMSGService => 2
MSCONFIG\Services: DDNIService => 2
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Roxio UPnP Renderer 10 => 3
MSCONFIG\Services: Roxio Upnp Server 10 => 2
MSCONFIG\Services: RoxLiveShare10 => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: RoxWatch10 => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SUService => 2
MSCONFIG\Services: ThinkVantage Registry Monitor Service => 2
MSCONFIG\Services: TPHKSVC => 2
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\startupfolder: C:^Users^Brendan Goodrich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Brendan Goodrich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SpywareGuard.lnk => C:\Windows\pss\SpywareGuard.lnk.Startup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: CatalinaGroup Update => "C:\Users\Brendan Goodrich\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IdeaNotesUser => C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LENOVO.TPFNF6R => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
MSCONFIG\startupreg: Message Center Plus => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
MSCONFIG\startupreg: MotoCast => "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TPHOTKEY => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D02A61DA-C341-421D-B36A-E39E65C04EA6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{5F82E3C4-3EDC-4C63-AF6C-A27088920730}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2DB55F45-1006-4BD5-AB8A-016EC54D6165}] => (Allow) svchost.exe
FirewallRules: [{1F1EAF77-8995-40D8-9C3F-4E623E8A8EDE}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{53E197B7-B50E-474F-9FAF-D999BBD5A36B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F9B3227-5E6D-4298-B03C-C78C0D1867FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D727575-0DCD-4FB2-BD48-78A12EF0B602}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4E7FFC6A-96C2-48E5-A431-8BF5E6148BB5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{282748FE-BE4D-4B60-8ACC-91C31A14D087}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{CFDE49D7-8667-45F1-BF62-49E1F2A77DC9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3372DB17-0A47-4853-8F29-8798EA68057D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0969CC3D-41F8-41D0-8A7F-51CE5DA5D18C}] => (Allow) LPort=57223
FirewallRules: [{9C60F9BC-5596-46BC-A740-B5FD583E30B2}] => (Allow) LPort=57223
FirewallRules: [{F323EC02-9BF6-46C1-8FCF-FA063910C0AF}] => (Allow) LPort=57223
FirewallRules: [{56EFA6D9-5AA7-467A-B2C9-4E587D436266}] => (Allow) LPort=57223
FirewallRules: [{B5B35AD8-C263-48ED-BDD8-5AC95FF527FF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8D1114EA-415E-40B1-8547-BF2E81034AD9}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{51AF1A8C-44A0-47F1-A26D-16614788F569}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{A8FE0130-4ED4-4394-8F5D-3773EBA57D21}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{71B7B410-7F91-4ADB-9BF3-51756537A978}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [TCP Query User{1E7C4C79-4A72-4B82-9CAF-5BF409D59A8D}C:\program files (x86)\motorola media link\lite\mml.exe] => (Block) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [UDP Query User{C05B489A-D62C-4BD4-86CC-6C4B76E2CD79}C:\program files (x86)\motorola media link\lite\mml.exe] => (Block) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [{9D8ABA2E-FE99-4563-BB1F-FFC4EB87C5FF}] => (Allow) C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe
FirewallRules: [{870E57BB-05FD-4A91-913E-DF5CD3374B40}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{16E5984D-B354-472A-84F4-6DF27E93911C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{BA223BB4-B566-4EB1-8BC0-787C568C93C8}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{768BA0D0-07F4-4B36-B729-E7E9632AD618}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{5DF6D1ED-6C37-4FD7-B548-9F8DDC4AB4A9}] => (Allow) C:\World of Warcraft\Launcher.exe
FirewallRules: [{C77ED68A-3422-4384-BF54-0B43D6CEEB62}] => (Allow) C:\World of Warcraft\Launcher.exe
FirewallRules: [{86D2CB56-586E-4EF1-BD0F-5AC5E38F0018}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{3B53253F-2E59-41FE-B7E6-D1A22C1032B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{8B1232ED-68E8-4EF3-B454-8D5DE6757F94}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{4219A4EF-8FBC-4240-A6E6-391985EA196E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{4A55800F-0257-450B-844E-E799DB9D93EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{31CBB45E-CBC4-4243-88F4-F409CEB826B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{D8AC084B-BC2C-43D3-B9BA-8F7F82FB2993}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{9AF0930B-6A35-4F88-B5E6-0FEC29B0F8BE}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [TCP Query User{3CAC5814-5A0E-4D01-BDCC-3D25C5CE9DEB}C:\program files (x86)\world of warcraft\blizzard downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\blizzard downloader.exe
FirewallRules: [UDP Query User{61FF9A9E-6730-4F68-A80C-92A0A1CF932A}C:\program files (x86)\world of warcraft\blizzard downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\blizzard downloader.exe
FirewallRules: [{E821F79D-2FD6-4EB9-9569-A9690936A5FE}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{4A551135-A072-426E-9720-A1C1CF3E074F}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{AEA0D697-4785-48A6-99B7-6C6C7BF71079}] => (Allow) C:\Users\Public\Games\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{35A96D5F-1327-4316-A05C-1395EDEEC22B}] => (Allow) C:\Users\Public\Games\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{C2509333-1A59-43AA-9150-777AB1464ACE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{4310DBED-9C5E-47A5-9A0D-033E376D3A7F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{17ED429E-1CFC-4542-B0BD-E59FA4FE8111}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{0AE5DD8C-D829-4608-9573-944807BB0B27}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{34D2C2CF-961D-4F18-93BD-3667D34BBAB7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{27745DF6-0E4E-432F-BC2A-22F0BABABFDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{55DABDD3-9153-4D13-8F95-0422F00DDD43}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{B23A5097-9A6C-4F25-9BEB-0F2B2D15EFD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{983CB69A-A725-4084-B10D-B02DA039E7F0}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{2622379F-C3D0-4F32-88B7-821F314924EE}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{FCD67EA7-8DE1-4F81-9314-5BBD7B4995C1}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{0229A221-7E1B-48FD-9B4F-EADA50E24CC1}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{57B4D40D-F614-4D7A-A6CB-549C8C96AA23}] => (Allow) C:\Users\Brendan Goodrich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{14D99C98-9C40-403E-A7FC-D73F2ACF883D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{9B16B9AC-537C-40C8-A2A7-0C5F0B36C274}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{0FD7FC09-932A-43C6-A644-A0BE2413F6BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{43719D55-3846-4554-A4E9-83AD89E5A891}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{15AE9A43-488A-40F3-B893-4515EADB3804}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{2279472C-7309-4145-A3CD-7A07D0010CFB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{42E10065-5520-4A1A-BBBB-043A125DF630}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{FCFC1EE5-3862-4F22-9C75-D35B2707C8D5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{2EB5459A-D06D-46DF-AC02-F4550F3AE8C5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{696C6D4C-D3A0-49E5-AB21-FC52D1B3F709}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{04B9D78A-50B2-4FF1-865B-005734AE2F8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{B399A228-4A26-4917-A3C2-57F793652784}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{5AF49328-8EBF-4D06-B7B5-C6B6DD8ED095}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{10C38A06-BCA5-4E2E-8EC2-BAE3FB0FD676}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{3EEDDE36-0157-4CA0-B13E-A279B3D884B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{6C412B8B-98C4-4877-A530-EAC53EF00D0B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{67FF4592-B2D1-4107-B281-B16D4E55F60D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{ADABA8EC-8206-4353-86BF-FFCB6DD030CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{CF30073C-A61E-44A6-B1CE-FEFBEF16D7F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{DF354634-8FB9-45D3-9654-7FB9CF47D387}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{DEAED484-CC6B-4C47-B9A2-484F872AE57C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{2B1E180A-7C3F-441A-88E4-6BDAE6548BF3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{DE0A58B9-838A-48AF-8794-BA3952AF46D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{7D13963F-EBBF-4502-AC18-CE4FA0B0E94F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D8869B06-6846-40BF-B78B-8B8CC76510C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{B2132930-2199-4540-8042-36921358AF6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{26DF9785-3570-4F60-8569-0802566154AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{C8976485-1192-4851-933A-7381D77AAF1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{EAE6CC46-BF17-4B1E-A428-6FA1F2E2A813}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{D28DC98C-3137-40F4-91E9-BFE46AA8E110}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7FF0DF00-5239-4CBD-A209-D163B8EEC512}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6DFA3593-A866-46CD-9BFA-4214A028CCFD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{F996D1F5-77BF-45CD-999C-ACBE3D808680}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{C2FA63CA-8026-45BB-ACE2-770BEDF28A9E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{BC511DD5-5FAD-42D1-A72D-48317778C8B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{5DFB9BC6-9E05-4EEE-96DB-7DE6B21DD97C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{9C94833A-2381-4BAD-A3D0-896BEE78D382}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{2EFB45E5-0870-40E6-B1A8-AB661C9117C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{A5449912-B039-47F0-BF9B-DFF83834CA3F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{94FC8255-EF97-4053-814E-E4CB377D9352}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{F7965152-5E78-4FAE-B4BD-9DCF946DE053}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{3AC2213F-7E4C-4F72-958E-80A532599189}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{47523CE7-AF76-481E-B465-BE56630D9FDD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [TCP Query User{10868544-DF85-4575-A920-6A45482AFF30}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{E7CC71E5-6578-4E30-A8EE-0EA98D829C79}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{EB7E6326-8931-4F33-80F8-DECD21821E73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4AD96718-B351-48DD-A99D-E079EE14CE3F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4D5C8EAA-ECBD-4FC8-9E02-612553A72030}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C5493D69-430B-4936-8DDF-111A873AAC0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1AC00D2F-A28E-4B61-99B6-158B273E7788}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{F9264561-4D42-478E-8C77-1B546E00A85D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{154E46D6-A81D-4170-BBCA-A234449D9E89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{708B93CD-1467-44AF-B01E-D321850F96C7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D174E599-5468-4304-9EFA-B5E64BCE68B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{66E3C934-7817-48BD-A0BA-6FF20999EDE7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A0772473-0BBD-4227-A5F7-ECE4FF3F5E89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{50F7A875-29A1-48CD-BB3A-2F4756BB49C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{B4E68D99-0DE0-481A-B394-13BDD38EC6C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{D98EC74B-36F0-42D3-BCFA-690B2815E7BE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{E4D7055D-DE79-4C5F-8C28-118CF2F53D97}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2015 11:42:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 8.6.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f00

Start Time: 01d0a52527610424

Termination Time: 0

Application Path: C:\Users\chuck\Desktop\FRST64.exe

Report Id: 76109743-1119-11e5-8bf3-60eb697e8c9d

Error: (06/10/2015 10:32:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/10/2015 10:11:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2015 06:46:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DiagTrackRunner.exe, version: 10.0.10041.0, time stamp: 0x5503b990
Faulting module name: diagtrack.dll, version: 10.0.10033.0, time stamp: 0x54f65c93
Exception code: 0xc0000005
Fault offset: 0x0000000000031388
Faulting process id: 0x2f0
Faulting application start time: 0xDiagTrackRunner.exe0
Faulting application path: DiagTrackRunner.exe1
Faulting module path: DiagTrackRunner.exe2
Report Id: DiagTrackRunner.exe3

Error: (06/09/2015 01:19:42 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/09/2015 01:09:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/09/2015 07:15:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485946

Error: (06/09/2015 07:15:24 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {D9CE407A-E578-4D7C-81CD-265719027E8D}

Error: (06/07/2015 05:13:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f9c

Start Time: 01d0a1579d15de8d

Termination Time: 1202

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: fcbae274-0d59-11e5-82d4-60eb697e8c9d

Error: (06/07/2015 01:35:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avscan.exe version 12.3.0.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1384

Start Time: 01d0a1466ebbb209

Termination Time: 0

Application Path: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

Report Id: 909f11ee-0d3b-11e5-bfff-60eb697e8c9d


System errors:
=============
Error: (06/12/2015 11:02:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.

Error: (06/12/2015 11:02:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (06/12/2015 11:01:05 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Error: (06/12/2015 10:56:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (06/12/2015 10:55:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (06/10/2015 09:55:22 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (06/10/2015 09:53:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053BBUpdate-Service{D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error: (06/10/2015 09:53:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BBUpdate service failed to start due to the following error:
%%1053

Error: (06/10/2015 09:53:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.

Error: (06/10/2015 09:52:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Avira.ServiceHost service.


Microsoft Office:
=========================
Error: (06/12/2015 11:42:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe8.6.2015.0f0001d0a525276104240C:\Users\chuck\Desktop\FRST64.exe76109743-1119-11e5-8bf3-60eb697e8c9d

Error: (06/10/2015 10:32:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0

Error: (06/10/2015 10:11:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (06/10/2015 06:46:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DiagTrackRunner.exe10.0.10041.05503b990diagtrack.dll10.0.10033.054f65c93c000000500000000000313882f001d0a36840382270C:\Windows\system32\compattel\DiagTrackRunner.exeC:\Windows\system32\compattel\diagtrack.dlleb462b08-0f5d-11e5-8a9b-60eb697e8c9d

Error: (06/09/2015 01:19:42 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0

Error: (06/09/2015 01:09:26 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (06/09/2015 07:15:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485946

Error: (06/09/2015 07:15:24 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {D9CE407A-E578-4D7C-81CD-265719027E8D}

Error: (06/07/2015 05:13:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftwareUpdate.exe2.1.3.127f9c01d0a1579d15de8d1202C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exefcbae274-0d59-11e5-82d4-60eb697e8c9d

Error: (06/07/2015 01:35:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe12.3.0.15138401d0a1466ebbb2090C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe909f11ee-0d3b-11e5-bfff-60eb697e8c9d


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 94%
Total physical RAM: 1912.86 MB
Available physical RAM: 97.51 MB
Total Pagefile: 3825.72 MB
Available Pagefile: 1027.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:86.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (TDrive) (Removable) (Total:3.82 GB) (Free:2 GB) FAT32
Drive f: (THUMB DRIVE) (Removable) (Total:3.76 GB) (Free:1.76 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 02F4DE20)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 0003A17E)
Partition 1: (Active) - (Size=3.8 GB) - (Type=83)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

Results of screen317's Security Check version 1.004 
Windows 7 Service Pack 1 x64 (UAC is disabled!) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Avira Antivirus   
Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
CCleaner (remove only)   
Java(TM) 6 Update 26 
Java version 32-bit out of Date!
  Adobe Flash Player 11.9.900.170 Flash Player out of Date! 
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 42.0.2311.135 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Avira Antivirus sched.exe 
Avira Antivirus avshadow.exe 
Avira Antivirus avwebg7.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Thanks,
Ghost

Corrine

#2
June 12, 2015, 08:21:10 PM
Hi, Ghost.

1.  The first thing I'd ask your friend is why UAC is disabled.  I can understand when setting up a new computer and installing known/safe software programs, temporarily disabling UAC.  However, after that is completed, the number of UAC prompts would be minimal.  More importantly, UAC limits application software to standard user privileges until an administrator authorizes an increase or elevation, thus keeping malware from compromising the operating system.

2.  Disabling via MSConfig is most definitely not the way to go.  The reason is that when uninstalling or updating programs, the entry remains in MSConfig, in particular, leaving behind orphans, including adware or malware (i.e., MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe")  MSConfig should only be used for trouble-shooting.  A custom install or WinPatrol for controlling startup items is the best way of handling unwanted startup programs.  Unfortunately, there is guaranteed safe automated method of reversing that long list of changes made to startup via MSConfig.

3.  Here we go with Java.  :D  Please start by uninstalling both of the following:
-- Java(TM) 6 Update 16 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
-- Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)

Since it is likely that Java is needed for the installed games, please Java SE 8u45.  It would also be a good idea to suppress the offers for the pre-checked unwanted extras:

--   Launch the Windows Start menu
--   Click on Programs
--   Find the Java program listing
--   Click Configure Java to launch the Java Control Panel
--   Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
--   Check the box by the "Suppress sponsor offers when installing or updating Java" option and click OK.

4.  Adobe Flash Player:  Adobe made a welcome change with the latest version of Flash Player.  It is no longer necessary to close the browser when updating.  Please update Flash Player for both IE and Firefox:

Non-IE Plugin (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_plugin.exe
Flash Player For Internet Explorer, Windows 7 and earlier:  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_active_x.exe

5.  Adobe Reader:  Adobe Reader XI (11.0.11) for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows. Be sure to UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

6.  Google Chrome:  Google Chrome should be auto-updating.  The latest version for Windows is 43.0.2357.124.  Please follow the instructions at Update Google Chrome - Chrome Help to install the latest version.

7.  Now let's get to the cleanup.  Please do the following to run FRST: 

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code Select

start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
File: C:\Windows\system32\DRIVERS\motccgpfl.sys
File: C:\Windows\system32\DRIVERS\motodrv.sys
File: C:\Windows\system32\DRIVERS\motmodem.sys
File: c:\program files\pc-doctor\pcdsrvc_x64.pkms
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
2015-06-09 05:31 - 2012-06-07 17:32 - 00000000 ____D C:\Users\chuck\AppData\Local\AskToolbar
2015-06-12 11:18 - 2013-07-27 09:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
Folder: C:\Program Files (x86)\Ask.com
EmptyTemp:
end

  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
8.  Please download Adware Cleaner by Xplode.    Please save it to your desktop!

  • Close all open programs and internet browsers.
  • Double-click AdwCleaner.exe to run the tool. 
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin.  Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Logfile button.  A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#3
June 12, 2015, 09:58:51 PM
I turned off UAC so i could install Ccleaner and etc. I will turn it back on when done.
I also uninstalled  Java(TM) 6 Update 16 (64-bit) and  Java(TM) 6 Update 26 (HKLM-x32\.
I installed both Flash Players.
I setup Java control panel as requested.
Logs requested:
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by chuck at 2015-06-12 16:55:19 Run:1
Running from C:\Users\chuck\Desktop
Loaded Profiles: Brendan Goodrich & chuck (Available Profiles: Brendan Goodrich & chuck)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
File: C:\Windows\system32\DRIVERS\motccgpfl.sys
File: C:\Windows\system32\DRIVERS\motodrv.sys
File: C:\Windows\system32\DRIVERS\motmodem.sys
File: c:\program files\pc-doctor\pcdsrvc_x64.pkms
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
2015-06-09 05:31 - 2012-06-07 17:32 - 00000000 ____D C:\Users\chuck\AppData\Local\AskToolbar
2015-06-12 11:18 - 2013-07-27 09:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
Folder: C:\Program Files (x86)\Ask.com
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
motccgpfl => Service removed successfully
MotDev => Service removed successfully
motmodem => Service removed successfully
PCDSRVC{127174DC-C366ED8B-06020000}_0 => Service removed successfully

========================= File: C:\Windows\system32\DRIVERS\motccgpfl.sys ========================

"C:\Windows\system32\DRIVERS\motccgpfl.sys" not found.
====== End of File: ======


========================= File: C:\Windows\system32\DRIVERS\motodrv.sys ========================

"C:\Windows\system32\DRIVERS\motodrv.sys" not found.
====== End of File: ======


========================= File: C:\Windows\system32\DRIVERS\motmodem.sys ========================

"C:\Windows\system32\DRIVERS\motmodem.sys" not found.
====== End of File: ======


========================= File: c:\program files\pc-doctor\pcdsrvc_x64.pkms ========================

MD5: ACD84D961942E2204A4475F9AF356F2E
Creation and modification date: 2010-05-07 15:52 - 2010-05-07 15:52
Size: 0024560
Attributes: ----N
Company Name: PC-Doctor, Inc.
Internal Name: PCDSRVC
Original Name: pcdsrvc
Product Name:
Description: Kernel Driver
File Version: 6.2.0.0
Product Version: 0.0.0.0
Copyright$creamod: Copyright PC-Doctor© 2002-2010

====== End of File: ======

Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Users\chuck\AppData\Local\AskToolbar => moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.

========================= Folder: C:\Program Files (x86)\Ask.com ========================

2012-05-29 17:27 - 2012-05-29 17:27 - 0233680 ____N () C:\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe
2012-06-07 17:32 - 2012-06-07 17:32 - 0355574 ____N () C:\Program Files (x86)\Ask.com\cb_5a6f.ico
2012-05-29 17:22 - 2012-06-07 17:32 - 0355574 ____N () C:\Program Files (x86)\Ask.com\cobrand.ico
2012-05-29 17:22 - 2012-05-29 17:22 - 0007834 ____N () C:\Program Files (x86)\Ask.com\config.xml
2012-05-29 17:22 - 2012-05-29 17:22 - 0060262 ____N () C:\Program Files (x86)\Ask.com\favicon.ico
2012-06-07 17:32 - 2012-05-29 17:22 - 0060262 ____N () C:\Program Files (x86)\Ask.com\fv_5282.ico
2012-05-29 17:22 - 2012-05-29 17:22 - 0000528 ____N () C:\Program Files (x86)\Ask.com\mupcfg.xml
2012-05-29 17:25 - 2012-05-29 17:25 - 0070864 ____N () C:\Program Files (x86)\Ask.com\precache.exe
2012-05-29 17:25 - 2012-05-29 17:25 - 0196816 ____N () C:\Program Files (x86)\Ask.com\SaUpdate.exe
2012-05-29 17:25 - 2012-05-29 17:25 - 0135376 ____N () C:\Program Files (x86)\Ask.com\UpdateTask.exe
2012-06-07 17:32 - 2012-06-07 17:32 - 0000000 ____D () C:\Program Files (x86)\Ask.com\assets
2012-06-07 17:32 - 2012-06-07 17:32 - 0000000 ____D () C:\Program Files (x86)\Ask.com\assets\oobe
2012-05-29 17:22 - 2012-05-29 17:22 - 0000120 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\b.png
2012-05-29 17:22 - 2012-05-29 17:22 - 0000203 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\bl.png
2012-05-29 17:22 - 2012-05-29 17:22 - 0000204 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\br.png
2012-05-29 17:22 - 2012-05-29 17:22 - 0000116 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\l.png
2012-05-29 17:22 - 2012-05-29 17:22 - 0000424 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png
2012-05-29 17:22 - 2012-05-29 17:22 - 0000116 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\r.png
2012-05-29 17:22 - 2012-05-29 17:22 - 0000119 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\t.png
2012-05-29 17:22 - 2012-05-29 17:22 - 0000215 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\tl.png
2012-05-29 17:22 - 2012-05-29 17:22 - 0000208 ____N () C:\Program Files (x86)\Ask.com\assets\oobe\tr.png
2012-06-07 17:32 - 2012-06-07 17:32 - 0000000 ____D () C:\Program Files (x86)\Ask.com\Updater
2012-05-29 17:23 - 2012-05-29 17:23 - 0039453 ____N () C:\Program Files (x86)\Ask.com\Updater\config.xml
2012-05-29 17:25 - 2012-05-29 17:25 - 1564880 ____N (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe

====== End of Folder: ======

EmptyTemp: => 1.6 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:56:25 ====

# AdwCleaner v4.206 - Logfile created 12/06/2015 at 17:39:05
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : chuck - BRENDANGOODRICH
# Running from : C:\Users\chuck\Desktop\adwcleaner_4.206.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\registry mechanic
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Brendan Goodrich\AppData\Local\AskToolbar
Folder Found : C:\Users\Brendan Goodrich\AppData\Local\Babylon
Folder Found : C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Found : C:\Users\Brendan Goodrich\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\.DEFAULT\Software\APN
Key Found : HKU\.DEFAULT\Software\Ask.com
Key Found : HKU\.DEFAULT\Software\AskToolbar
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

Setting Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.avira.com/?l=dis&o=APN10400&gct=hp&dc=US&locale=en_US

-\\ Pale Moon v


-\\ Google Chrome v43.0.2357.124

[C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [5902 bytes] - [12/06/2015 17:39:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5961 bytes] ##########

Thank you,
Ghost

Corrine

#4
June 12, 2015, 11:35:46 PM
Wow!  That is a lot of temp data.
QuoteEmptyTemp: => 1.6 GB temporary data Removed.

1.  Double-click AdwCleaner.exe to run the tool again. 
  • Click the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • After the scan has finished,
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
2.  Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
3.  Please scan with MBAM:

  • Launch Malwarebytes Anti-Malware then click the "Update" tab and "Check for Updates"
  • Once the update has been installed and the program has loaded, select Scan now or select the Threat Scan from the Scan menu.
  • When the scan is complete, be sure that everything is set to "Quarantine" and click Apply Actions.
  • Restart the computer if prompted.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.
Note:  If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

After all that, please let me know how the computer is. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#5
June 13, 2015, 09:41:05 PM
Here are 2 logs. Cant find the Malwarebytes log but no "objects" were found.
# AdwCleaner v4.206 - Logfile created 13/06/2015 at 15:26:07
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : chuck - BRENDANGOODRICH
# Running from : C:\Users\chuck\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\registry mechanic
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Brendan Goodrich\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Brendan Goodrich\AppData\Local\Babylon
Folder Deleted : C:\Users\Brendan Goodrich\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKU\.DEFAULT\Software\APN
Key Deleted : HKU\.DEFAULT\Software\Ask.com
Key Deleted : HKU\.DEFAULT\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Pale Moon v


-\\ Google Chrome v43.0.2357.124

[C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Brendan Goodrich\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6088 bytes] - [12/06/2015 17:39:05]
AdwCleaner[R1].txt - [6147 bytes] - [13/06/2015 15:23:30]
AdwCleaner[S0].txt - [6069 bytes] - [13/06/2015 15:26:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6128  bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.4 (06.13.2015:2)
OS: Windows 7 Professional x64
Ran by chuck on Sat 06/13/2015 at 15:32:29.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [Task] C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr



~~~ Chrome


[C:\Users\chuck\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\chuck\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\chuck\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\chuck\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/13/2015 at 15:39:24.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks,
Ghost

Corrine

#6
June 14, 2015, 12:16:58 AM
You had told me that your friend's the computer was painfully slow when you started working on it.  How is it now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#7
June 14, 2015, 12:27:35 AM
Oops i forgot to tell you.
Its much much better. very nice Corrine, very nice;-)
Ghost

Corrine

#8
June 14, 2015, 02:00:15 AM
Since I'm sure you need to get the computer back to its owner, don't need to run the Delfix log.  I know you'll run it properly.

Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

  • Click Run
The program will run for a few moments and then notepad will open with a log. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions