My computer starting accessing the internet very slowly and now won't work at all. It is on a router and the other computer works fine so I can access the internet from the other computer but not the one I really need. Somehow I have messed up Mozilla and now it is saying a profile is missing. I can get IE to open but it generally won't open a website. It says connection problem, I run diagnose, it says winsock problem do you want to fix, I say yes and reboot - it doesn't fix it. I also get a message that says:

dl.exe
The NTVDM CUP has encountered an illegal instruction
CS:0000 IP:0e23 OP:ff ff ff ff ff 00

I have run SuperAnti Spyware and it didn't find anything.

Can anyone help?

By the way, I have no problem getting email.

This downloaded itself and zonealarm didn't catch it. It actually disabled zonealarm (grayed out treat button).

Also, the search obtion was disabled. Search for a file/folder.

not-a-virus:AdWare.NSIS.Yontoo.n



Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3996 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1806 Mb
Hard Drives: C: Total - 112525 MB, Free - 62690 MB; E: Total - 39997 MB, Free - 17138 MB;
Motherboard: Hewlett-Packard, 30DB
Antivirus: Microsoft Security Essentials, Updated and Enabled

Trying to open the replies takes me to a site "1 800-Desktop" and will not let me open the relies. At great risk, I provide personal email. cobbgw@shaw.ca

It has been two days or more since my last post. Do you still need help or more time?:)



Regards,

Richard:D

I'm also experiencing this weird event where 2 explorer.exe show up in my processes. One of them keeps going up to extreme numbers:

I am not highly intelligent in computers so bare with me. My internet will not work because my Windows can not detect the network proxy setting. When I go into LAN setting under use automatic configuration script there is a address of: file://C:/Program Files (x86)/LinkiDoo/bin/Pac9064.js . Every time I attempt to delete that it reappears. How do I fix this?

so i have been to an intenet cyber cafe, its like a room in the street it has computers with internet and you pay according to the time u spent , i went there for the fast internet and the mouse on that computer always releases the clicks or even double clicks sometimes so i thought it was a hardware problem as the mouse could be busted, anyway when i brought back all the things i downloaded, they had viruses in them so i deleted them using avira anti virus, but now my mouse behaves exactly like the mouse at that cyber cafe so im pretty sure its not a hardware problem but some kind of malware or something, i thought avira could detect it all , anyway if anyone has had a similar experience and knows a fix please help

My Macbook Air is giving me trouble. Every time I am on the "safari" internet app it will eventually bring up these pages I tried calling one of the numbers the other day and the man was of no assistance. I am in dire need of help since I need the internet to complete my school work.

Thanks in advance!

Attached Images

	Screen Shot 2015-01-13 at 3.29.54 PM.jpg (119.9 KB)
	Screen Shot 2015-01-13 at 4.17.00 PM.png (186.5 KB)

Thanks for your reply
I am not using Setup Factory Runtime software, Virus Total asks me to select a file to scan and I don't know what file or program this threat is associated with.

No much of an issue in those reports. I see no DSD_3300 file running in the background. Lets remove the temporary files.

Download the enclosed file. (See below). Save it in the same location FRST is saved. Load FRST and click on the Fix button. The tool will produce a fix log, fixlog.txt. Please post its contents in a reply.

Let me know also the status of the computer.

Attached Files

fixlist.txt (619 Bytes)

My daughter is a full time student at University of Florida and 4 hours from home. I gave her my login information to request help. What's below is her request. She did try a couple scans that stated no issues found before I gave her the site info here. Anyone that can help, thank you very much!!

My Macbook Air is giving me trouble. Every time I am on the "safari" internet app it will eventually bring up these pages I tried calling one of the numbers the other day and the man was of no assistance. I am in dire need of help since I need the internet to complete my school work. :eek:

Thanks in advance!

Attached Images

	Screen Shot 2015-01-13 at 3.29.54 PM.jpg (119.9 KB)
	Screen Shot 2015-01-13 at 4.17.00 PM.png (186.5 KB)

Hi there -

Posting this from friend's computer - attemping to help him fix it.

Ran HJT. Running Malwarebytes scan at the moment. Not really sure where to start...

Any help GREATLY appreciated.

HJT log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:45:50 PM, on 1/13/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Umbrella\Umbrella249.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Users\Riley\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Riley\AppData\Local\wpcmigcryptext32\dosfirmwarex64.exe
C:\Users\Riley\AppData\Roaming\Search Protection\SP.exe
C:\Users\Riley\AppData\Local\SmartWeb\SmartWebHelper.exe
C:\Program Files (x86)\eDealPop\eDealPop.exe
C:\Program Files (x86)\gmsd_us_54\gmsd_us_54.exe
C:\Users\Riley\AppData\Local\wincheck\wincheck.exe
C:\Program Files (x86)\gmsd_us_64\gmsd_us_64.exe
C:\Users\Riley\AppData\Local\SmartWeb\SmartWebApp.exe
C:\Users\Riley\AppData\Local\3E9E5CBB-F7D5-FA48-B30F-1CCCFCDEA431\Runner.exe
C:\Users\Riley\AppData\Local\3E9E5C~1\CHROME~1\chrome.exe
C:\Users\Riley\Downloads\HijackThis.exe
C:\Users\Riley\AppData\Local\3E9E5C~1\CHROME~1\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Riley\AppData\Local\3E9E5C~1\CHROME~1\chrome.exe
C:\Users\Riley\AppData\Local\3E9E5C~1\CHROME~1\chrome.exe
C:\Users\Riley\AppData\Local\3E9E5C~1\CHROME~1\chrome.exe
C:\Users\Riley\AppData\Local\3E9E5C~1\CHROME~1\chrome.exe
C:\Users\Riley\AppData\Local\3E9E5C~1\CHROME~1\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com/?appId=1111...5-9313499ECFBB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:37854
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll
O2 - BHO: Cantataweb 1.0.0.6 - {aab803bd-f01b-423a-a89a-60af476e9f12} - C:\Program Files (x86)\Cantataweb\Cantatawebbho.dll (file missing)
O2 - BHO: Safer-Surf - {F65DBCBB-92D8-7177-DDFB-19F387C465FF} - C:\Program Files (x86)\ver5Safer-Surf\184.dll (file missing)
O2 - BHO: WordProser - {F6F484C9-29B9-43EC-A924-DCBAAA86B31D} - C:\Program Files (x86)\WordProser_1.10.0.1\IE\WordProserClientIE.dll (file missing)
O4 - HKLM\..\Run: [eDealPop] "C:\Program Files (x86)\eDealPop\eDealPop.exe"
O4 - HKLM\..\Run: [gmsd_us_54] "C:\Program Files (x86)\gmsd_us_54\gmsd_us_54.exe"
O4 - HKLM\..\Run: [SmartWeb] C:\Users\Riley\AppData\Local\SmartWeb\SmartWebHelper.exe
O4 - HKLM\..\Run: [WinCheck] C:\Users\Riley\AppData\Local\wincheck\wincheck.exe
O4 - HKLM\..\Run: [gmsd_us_64] "C:\Program Files (x86)\gmsd_us_64\gmsd_us_64.exe"
O4 - HKLM\..\RunOnce: [upgmsd_us_64.exe] C:\Users\Riley\AppData\Local\gmsd_us_64\upgmsd_us_64.exe -runonce
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Riley\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Search Protection] "C:\Users\Riley\AppData\Roaming\Search Protection\SP.EXE" /autostart
O4 - HKUS\S-1-5-21-1893880753-909590852-3949277808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [uTorrent] "C:\Users\Riley\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-1893880753-909590852-3949277808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Search Protection] "C:\Users\Riley\AppData\Roaming\Search Protection\SP.EXE" /autostart (User '?')
O4 - S-1-5-21-1893880753-909590852-3949277808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: SmartWeb.lnk = Riley\AppData\Local\SmartWeb\SmartWebHelper.exe (User '?')
O4 - Startup: SmartWeb.lnk = Riley\AppData\Local\SmartWeb\SmartWebHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{012C11A6-9FC6-4F42-A1BD-D73CECA1971A}: NameServer = 208.69.150.252,208.69.150.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BE46477-FEDA-4C0D-BD74-9A07B0F629A6}: NameServer = 208.69.150.252,208.69.150.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{8718928D-CBEB-45EA-A621-800A9249001D}: NameServer = 208.69.150.252,208.69.150.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{D32E6DBE-A96E-47AB-8C86-8ED3AD10BC42}: NameServer = 208.69.150.252,208.69.150.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{012C11A6-9FC6-4F42-A1BD-D73CECA1971A}: NameServer = 208.69.150.252,208.69.150.250
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O20 - AppInit_DLLs: c:/progra~3/{0f73e~1/171~1.0/toti.dll _c:\progra~2\search~1\search~1\bin\vc32lo~1.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: driverthumbnailMonitor - Unknown owner - C:\windows\SysWOW64\driverthumbnailMonitor\driverthumbnailMonitor.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GlobalUpdater - SIEN S.A. - C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: CA Service component (serverca) - Unknown owner - C:\Users\Riley\AppData\Local\ConvertAd\CASrv.exe
O23 - Service: VO Service component (servervo) - Unknown owner - C:\Users\Riley\AppData\Roaming\VOPackage\VOsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SProtection - Iminent - C:\Program Files (x86)\Common Files\Umbrella\Umbrella249.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Cantataweb - Unknown owner - C:\Program Files (x86)\Cantataweb\updateCantataweb.exe
O23 - Service: Util Cantataweb - Unknown owner - C:\Program Files (x86)\Cantataweb\bin\utilCantataweb.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: WebGuard - Interesting Solutions - C:\ProgramData\WebGuard\WebGuardService.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wpcmigcryptext32.exe - Unknown owner - C:\Users\Riley\AppData\Local\wpcmigcryptext32\wpcmigcryptext32.exe
O23 - Service: Word Proser 1.10.0.1 Client Service (wpsvc_1.10.0.1) - Word Proser - C:\Program Files (x86)\WordProser_1.10.0.1\Service\wpsvc.exe

--
End of file - 10954 bytes

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4011 Mb
Graphics Card: Intel(R) HD Graphics Family, 1813 Mb
Hard Drives: C: Total - 459658 MB, Free - 263259 MB;
Motherboard: Sony Corporation, VAIO
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled

Hi,

I've been infected with the pop-up adware and web browsing redirecting.
I use Chrome as my default browser.
Don't normally have a problem removing these sorts of things myself but this has really got me.

I have removed all extensions within chrome that I didn't chose to install.
I tried disabling every extension but it had no impact on the adds.

I have used spybot search and destroy 2.2 which finds no problems.

My Malwarebytes Anti-Malware Program (Free Edition) is not running correctly. Whenever I try to run a scan (Threat Scan) it seems to get stuck on 'Pre-scan operation' or more than 12 hours! and eventually I have to stop/cancel the scan.

I tried removing and re installing it with mbam-clean but it did not help.

I have gone through the add/remove programs and found some programs which are definitely adwares ("compareandbuy",but It is impossible to remove since I get an error message saying it was already removed.

I'm attaching some reports from software I got from other replies on this forum.

I would love to get any help possible to get rid of this,
Thanks in advance,
Merrav.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Merrav (administrator) on MERRAV-VAIO on 13-01-2015 17:30:59
Running from C:\Users\Merrav\Downloads
Loaded Profiles: Merrav & (Available profiles: Merrav)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Update\GoogleUpdate.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-17] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-06-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2012-01-04] (Intel(R) Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-06-01] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-16] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [Google Update] => C:\Users\Merrav\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Merrav\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 6426d8844f7647d19fe8591a688c75fd-30b10b80c156a89dcf5fd25feaae6a555c9c0737 --CMPID 0913a
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Merrav\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6426d8844f7647d19fe8591a688c75fd-30b10b80c156a89dcf5fd25feaae6a555c9c0737 --CMPID 0913b
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\MountPoints2: {527e46d9-700d-11e1-b543-88532e689c0e} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\MountPoints2: {d8c4f6ed-0024-11e3-8854-f0bf97dc3483} - E:\Startme.exe
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Merrav\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Merrav\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 6426d8844f7647d19fe8591a688c75fd-30b10b80c156a89dcf5fd25feaae6a555c9c0737 --CMPID 0913a
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Merrav\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6426d8844f7647d19fe8591a688c75fd-30b10b80c156a89dcf5fd25feaae6a555c9c0737 --CMPID 0913b
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {527e46d9-700d-11e1-b543-88532e689c0e} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d8c4f6ed-0024-11e3-8854-f0bf97dc3483} - E:\Startme.exe
Startup: C:\Users\Merrav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Merrav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA4KCXG2 Product Registration.lnk
ShortcutTarget: Seagate NA4KCXG2 Product Registration.lnk -> C:\Users\Merrav\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4KCXG2 Product Registration.exe (Leader Technologies/Seagate)
BootExecute: autocheck autochk * hesdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4232016636-84198704-3704125859-1000] => localhost:21320
ProxyServer: [S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => localhost:21320
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4232016636-84198704-3704125859-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4232016636-84198704-3704125859-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: fUnsahoPpEr -> {624e2f18-3675-4207-9733-920abbc29d63} -> C:\ProgramData\fUnsahoPpEr\dlU7H3kx46LW7m.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {54B02808-B60E-44CD-A72D-9865117E4E62} -> No File
BHO-x32: AGFormHelperObj Class -> {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} -> C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Agat.AGForms.Toolbar.AGFormsToolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4232016636-84198704-3704125859-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-4232016636-84198704-3704125859-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1B60DB60-AD6C-4115-AD1A-C754C9F452FA}: [NameServer] 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Merrav\AppData\Roaming\Mozilla\Firefox\Profiles\ha2cowk1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4232016636-84198704-3704125859-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4232016636-84198704-3704125859-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-10-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-06-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-13]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2012-04-13]
CHR Extension: (Google Search) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-13]
CHR Extension: (Mahjongg) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2013-06-28]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2012-07-19]
CHR Extension: (Infectonator 2) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjgddgigblcfkgdlommmpkcabpdgmmeo [2013-06-28]
CHR Extension: (Voodoo Friends) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmedapekkakaehidplfhmblngkelolaj [2012-08-18]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2014-11-25]
CHR Extension: (Bookmark Manager) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-11-26]
CHR Extension: (IE Tab) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-11-25]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2012-08-18]
CHR Extension: (Madagascar 3 - Race Across Europe) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmilfnnhgmpifghcoibjfehnnlbhllom [2013-06-28]
CHR Extension: (Skype Click to Call) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-25]
CHR Extension: (Sprocket Rocket) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe [2013-06-28]
CHR Extension: (Racers Revolution) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\memgmdfpdhjodfiolibfikhlpkcnapge [2013-06-28]
CHR Extension: (Muffin Knight) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcgpajmidlcgbkpjaopbcglkjepkbaa [2012-08-18]
CHR Extension: (Google Wallet) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (YouRiding Bodyboarding IV) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpoplhmhmnjamhoijbijaajbkppacdg [2013-06-28]
CHR Extension: (Gmail) - C:\Users\Merrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-13]
CHR Extension: (cioMpoarEnBuaY) - C:\ProgramData\jnlcnidclmnijpjinjilanjplkpbjila\ [2012-04-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Merrav\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-23] ()
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-10-30] (Macrovision Europe Ltd.) [File not signed]
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [703080 2009-09-17] (Fortinet Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-05] (Sony Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-23] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-21] (Sony Corporation)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-07] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 17:30 - 2015-01-13 17:32 - 00034647 _____ () C:\Users\Merrav\Downloads\FRST.txt
2015-01-13 17:30 - 2015-01-13 17:31 - 00000000 ____D () C:\FRST
2015-01-13 17:25 - 2015-01-13 17:25 - 02124288 _____ (Farbar) C:\Users\Merrav\Downloads\FRST64.exe
2015-01-13 17:19 - 2015-01-13 17:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 17:18 - 2015-01-13 17:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-13 17:18 - 2015-01-13 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-13 17:18 - 2015-01-13 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-13 17:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-13 17:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-13 17:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 17:05 - 2015-01-13 17:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Merrav\Downloads\mbam-clean-2.1.1.1001.exe
2015-01-13 16:51 - 2015-01-13 17:15 - 00000000 ____D () C:\AdwCleaner
2015-01-13 16:49 - 2015-01-13 16:49 - 02191360 _____ () C:\Users\Merrav\Downloads\adwcleaner_4.107.exe
2015-01-11 12:16 - 2015-01-11 12:16 - 00000000 _____ () C:\Windows\SysWOW64\sho95D.tmp
2015-01-11 12:06 - 2015-01-11 12:06 - 00861298 _____ () C:\Users\Merrav\Downloads\nextgen-gallery.1.9.13.zip
2015-01-10 16:34 - 2015-01-13 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-10 16:31 - 2015-01-10 16:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Merrav\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-07 17:57 - 2015-01-07 17:57 - 00080386 _____ () C:\Users\Merrav\Downloads\bulkfilechanger.zip
2015-01-06 16:28 - 2015-01-06 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-06 16:27 - 2015-01-06 16:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-06 16:23 - 2015-01-06 16:23 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-06 16:23 - 2015-01-06 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-06 16:21 - 2015-01-06 16:21 - 00000000 ____D () C:\Program Files\iPod
2015-01-06 16:20 - 2015-01-06 16:23 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-06 16:20 - 2015-01-06 16:23 - 00000000 ____D () C:\Program Files\iTunes
2015-01-06 16:20 - 2015-01-06 16:23 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-06 14:32 - 2015-01-07 17:45 - 00000000 ____D () C:\ProgramData\fUnsahoPpEr
2014-12-29 21:05 - 2014-12-29 21:05 - 00000000 ____D () C:\ProgramData\jnlcnidclmnijpjinjilanjplkpbjila
2014-12-15 23:08 - 2014-12-15 23:14 - 00000000 ____D () C:\Users\Merrav\Desktop\Hanukkah

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 17:21 - 2011-12-28 19:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232016636-84198704-3704125859-1000UA.job
2015-01-13 17:18 - 2009-07-14 10:15 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 17:18 - 2009-07-14 10:15 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 17:16 - 2011-10-30 06:56 - 02058979 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 17:16 - 2009-07-14 10:43 - 00819728 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 17:12 - 2011-12-31 02:39 - 00000000 ___RD () C:\Users\Merrav\Documents\Dropbox
2015-01-13 17:12 - 2011-12-31 02:37 - 00000000 ____D () C:\Users\Merrav\AppData\Roaming\Dropbox
2015-01-13 17:11 - 2012-07-31 18:43 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-13 17:11 - 2011-12-30 18:42 - 00000000 ____D () C:\Users\Merrav\AppData\Roaming\Skype
2015-01-13 17:10 - 2014-09-16 21:38 - 00000360 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2015-01-13 17:10 - 2010-11-21 09:17 - 00974758 _____ () C:\Windows\PFRO.log
2015-01-13 17:10 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 17:10 - 2009-07-14 10:21 - 00175538 _____ () C:\Windows\setupact.log
2015-01-13 17:09 - 2012-06-29 20:58 - 00334848 ___SH () C:\Users\Merrav\Downloads\Thumbs.db
2015-01-13 16:52 - 2012-02-17 19:00 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-13 16:45 - 2012-06-29 01:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 23:59 - 2011-12-28 19:06 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232016636-84198704-3704125859-1000Core.job
2015-01-12 17:16 - 2012-08-18 19:00 - 00000000 ____D () C:\Users\Merrav\AppData\Roaming\vlc
2015-01-12 17:16 - 2012-03-28 01:27 - 00000000 ____D () C:\Users\Merrav\AppData\Roaming\XBMC
2015-01-11 09:25 - 2014-10-18 20:44 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-11 09:25 - 2014-08-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-10 17:18 - 2014-11-18 20:40 - 00000000 ____D () C:\Users\Merrav\AppData\Local\Popcorn Time
2015-01-10 15:52 - 2014-12-07 10:35 - 00000000 ____D () C:\Users\Merrav\Desktop\India and beyond
2015-01-10 15:51 - 2012-03-30 00:56 - 00095232 _____ () C:\Users\Merrav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-08 18:11 - 2011-10-30 08:45 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 18:11 - 2011-10-30 08:44 - 00000000 ____D () C:\ProgramData\Skype
2015-01-07 20:32 - 2013-02-24 21:48 - 00000000 ____D () C:\Users\Merrav\AppData\Roaming\uTorrent
2015-01-06 16:21 - 2011-12-31 15:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-06 16:20 - 2014-09-11 16:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-06 14:06 - 2011-12-28 19:04 - 00000000 ____D () C:\Users\Merrav\AppData\Local\CrashDumps
2015-01-06 14:04 - 2009-07-14 10:38 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 20:33 - 2013-12-18 19:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-21 20:12 - 2013-12-18 19:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-21 19:54 - 2011-12-31 02:37 - 00000000 ____D () C:\Users\Merrav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-20 14:31 - 2012-03-07 17:04 - 00113244 _____ () C:\test.xml
2014-12-15 23:25 - 2013-02-04 00:31 - 00000000 ____D () C:\Users\Merrav\Desktop\105
2014-12-15 23:13 - 2014-11-16 19:12 - 00000000 ____D () C:\Users\Merrav\Desktop\חנוכה
2014-12-15 22:30 - 2013-01-15 00:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Some content of TEMP:
====================
C:\Users\Merrav\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9tpgqc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 00:10

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Merrav at 2015-01-13 17:32:22
Running from C:\Users\Merrav\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
Adobe Acrobat 9 Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Any Video Converter 3.5.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{B1893E3F-9BDF-443F-BED0-1AAA2D9E0D68}) (Version: 2.0.149 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{B77DE05C-7C84-4011-B93F-A29D0D2840F4}) (Version: 4.0.444 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{3A4170BE-09B7-5658-285E-6D35E9C87101}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
comparenbuy (HKLM-x32\...\{D8A1935D-51FD-3756-66BB-245293F64ED9}) (Version: - "")
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
E-GOV.IL Sign&Verify Software - AGForm toolbar (HKLM-x32\...\{58880887-285F-4260-989B-8B22020D756F}) (Version: 13.0.1.6 - GOV.IL)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Evernote v. 4.4 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.4.0.4848 - Evernote Corp.)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
FortiClient SSL VPN v4.0.2073 (HKLM-x32\...\{A34DCE59-0004-0000-2073-3F8A9926B752}) (Version: 4.0.2073 - Fortinet Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Chrome (HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{077BF055-512A-4D48-B3C2-44AD860FEB0A}) (Version: 1.3.0.0621 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{E7DC06A3-8516-4929-B712-80987AFFFB57}) (Version: 14.03.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jing (HKLM-x32\...\{7AB01508-C2B2-43C8-8B44-514801E7CCC9}) (Version: 2.6.12032.1 - TechSmith Corporation)
Keyboard Shortcuts (x32 Version: 1.0.7.07110 - Sony Corporation) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Gallery (Version: 1.5.0.17250 - Your Company Name) Hidden
Media Go (x32 Version: 1.7.254 - Sony) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiPony 2.0.5 (HKLM-x32\...\MiPony) (Version: 2.0.5 - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
mytvil (HKLM-x32\...\mytvil) (Version: - )
OOBE (x32 Version: 11.3.1.6 - Sony Corporation) Hidden
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Network Downloader (x32 Version: 2.05.00710 - Sony Computer Entertainment Inc.) Hidden
PlayStation(R)Store (x32 Version: 4.1.8.11883 - Sony Computer Entertainment Inc.) Hidden
PMB (x32 Version: 5.6.01.03300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quick Web Access (x32 Version: 1.4.6.10 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15072 - Sony Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VAIO - Media Gallery (x32 Version: 1.5.0.18100 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
VAIO - Remote Keyboard (x32 Version: 1.1.0.07060 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15072 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{279C32E4-2D81-4FDA-8C02-7206845D0D38}) (Version: 7.2.0.10310 - Sony Corporation)
VAIO Control Center (x32 Version: 5.0.0.07070 - Sony Corporation) Hidden
VAIO CPU Fan Diagnostic (x32 Version: 1.0.0.14140 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.7.0.05270 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.5.0.07080 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{BD04DEBE-923A-4157-993E-2C727C5FFB5C}) (Version: 15.00.0719 - Sony Corporation)
VAIO Improvement (x32 Version: 1.1.0.06030 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 1.4.0.05310 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (x32 Version: 3.7.0.07150 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (x32 Version: 5.5.0.06290 - Sony Corporation) Hidden
VAIO Update Merge Module x64 (Version: 5.5.06290 - Sony Corporation) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VideoCnv (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5}) (Version: - Software Publisher) <==== ATTENTION
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-4232016636-84198704-3704125859-1000\...\XBMC) (Version: - Team XBMC)
XBMC (HKU\S-1-5-21-4232016636-84198704-3704125859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\XBMC) (Version: - Team XBMC)
XBMCIntegration (HKLM-x32\...\{BAD84D4A-DE51-42A1-964B-E80013272D55}) (Version: 1.0.0.0 - Teknowebworks LLC)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Merrav\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232016636-84198704-3704125859-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Merrav\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

21-12-2014 20:27:43 Windows Update
03-01-2015 21:04:39 Scheduled Checkpoint
11-01-2015 13:39:26 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {071AB5CD-32B1-4F03-9CD2-38B6C65A8B61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {07C69CCA-C887-4DE2-8AD6-56B983F4AFE9} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2011-10-30] (Sony Corporation)
Task: {0C6213B7-9F02-47B1-BE96-9ACF2FDAD802} - System32\Tasks\AdobeAAMUpdater-1.0-Merrav-VAIO-Merrav => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {0E072E47-7865-43D2-ACD2-BD99C134A040} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {239CEB5E-9DD4-4434-8A96-9BDB25CC4B7E} - System32\Tasks\Sony Corporation\VAIO Care\VCUpdateLearn => C:\Program Files\Sony\VAIO Care\VCsystray.exe
Task: {2484CCA5-BB46-43E7-9EC1-6D5A578EA14C} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-06-01] (Sony Corporation)
Task: {280B7695-D84A-4850-BEC9-517642258683} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-06-01] (Sony Corporation)
Task: {3CE95771-2A43-4807-9DBA-824DE4A734E6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-08] (Sony Corporation)
Task: {41AC6AE8-0ED4-43B5-9D8A-461B0A035879} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
Task: {42A1FBB4-A5FA-4BC4-8CCB-8CAC364BA78A} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2011-07-19] ()
Task: {43ACF4AB-50F6-41F6-8BB3-3AA41D61DD31} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-06-03] (Sony Corporation)
Task: {4DE1D675-E29E-43E9-B720-D9AACF5EAAA1} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2011-10-30] (Sony Corporation)
Task: {4E833DE9-5DE6-4FC6-9DDE-0E8D0C6A7B6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4232016636-84198704-3704125859-1000UA => C:\Users\Merrav\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {4E8D3AAC-8A50-46AA-82DE-D5885E912779} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {4ECDC2A5-1060-41F1-BCC2-1E2DD1E5A1D6} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2011-10-30] (Sony Corporation)
Task: {59266DE8-6A10-442D-B60C-E8754DB8BBC9} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {627DB9B0-7E12-4167-9A72-DA9CFE3944C8} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
Task: {628387CA-0C01-427C-B963-70FD439B0305} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2011-10-30] (Sony Corporation)
Task: {688560B2-D9C6-4E13-AD49-F327D9456F55} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {8FA6435E-F782-496A-BC84-4D6699D26593} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-06-01] (Sony Corporation)
Task: {94ED4A06-7F78-4388-8A29-19F8CEBA83B8} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA4KCXG2 Product Registration (Merrav) => C:\Users\Merrav\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4KCXG2 Product Registration.exe [2009-01-16] (Leader Technologies/Seagate)
Task: {A65D876F-1116-4383-96E1-59C5BA855339} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-08] (Sony Corporation)
Task: {A6BB1697-A833-4681-93A8-8651A608C6EB} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-21] (Sony Electronics)
Task: {AB38A9E7-5BD7-4B5E-8E9E-843E7C40E3A8} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {CB804B43-2F57-435C-B515-D81A91796D73} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4232016636-84198704-3704125859-1000Core => C:\Users\Merrav\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {CD199441-F49E-47CA-9140-CC244D10432B} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {CD8EEB11-F99F-405F-84F5-35758B35323B} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2011-10-30] (Sony Corporation)
Task: {CE223CE1-64FF-45BD-88D6-FC5ECF5EB3B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D6E5D841-6B50-4711-A3E2-9787DD5A8FD8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E72A3A83-922B-4C53-B537-3DD45121680A} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2011-10-30] (Sony Corporation)
Task: {EA7D92B0-1895-4B06-9B2C-B2CF061C2088} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-11-08] ()
Task: {F752BA46-D631-4065-A5FB-A68553DA0F27} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {F75DA4A4-AD37-40BF-B806-1A8BFEE3DD51} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIcon => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2011-10-30] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232016636-84198704-3704125859-1000Core.job => C:\Users\Merrav\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232016636-84198704-3704125859-1000UA.job => C:\Users\Merrav\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2012-01-04 11:28 - 2012-01-04 11:28 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-02 20:12 - 2010-01-02 20:12 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-02-24 21:19 - 2012-11-20 11:05 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2011-07-20 05:59 - 2011-07-20 04:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-04 11:28 - 2012-01-04 11:28 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-02-23 04:00 - 2013-02-23 00:32 - 00471464 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
2013-02-23 04:00 - 2013-02-23 00:32 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
2013-02-23 04:00 - 2013-02-23 00:32 - 00148904 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_foreground_window_input.dll
2011-04-12 04:34 - 2011-04-12 04:34 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-07-02 10:55 - 2011-07-02 10:55 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-02-23 04:00 - 2013-02-23 00:32 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
2013-02-23 04:00 - 2013-02-23 00:32 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
2013-02-23 04:00 - 2013-02-23 00:32 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
2013-02-23 04:00 - 2013-02-23 00:32 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
2011-05-24 04:23 - 2011-05-24 04:23 - 01102336 _____ () C:\Program Files\Sony\VAIO Care\System.Data.SQLite.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-30 03:29 - 2012-11-30 03:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-12-18 19:11 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-18 19:11 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2011-10-30 08:07 - 2011-07-08 04:14 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2013-12-18 19:11 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-18 19:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-18 19:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-25 19:07 - 2013-09-25 19:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1beb84c27c2edeb3 8839916524b9df4d\IsdiInterop.ni.dll
2011-10-30 07:02 - 2011-05-20 22:35 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-10-29 18:47 - 2014-10-22 09:34 - 01042760 _____ () C:\Users\Merrav\AppData\Local\Google\Chrome\Application\38.0.2125.111\libgl esv2.dll
2014-10-29 18:47 - 2014-10-22 09:34 - 00211272 _____ () C:\Users\Merrav\AppData\Local\Google\Chrome\Application\38.0.2125.111\libeg l.dll
2014-10-29 18:47 - 2014-10-22 09:34 - 08910664 _____ () C:\Users\Merrav\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.d ll
2014-10-29 18:47 - 2014-10-22 09:34 - 01681224 _____ () C:\Users\Merrav\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpe gsumo.dll
2014-10-29 18:47 - 2014-10-22 09:35 - 14902600 _____ () C:\Users\Merrav\AppData\Local\Google\Chrome\Application\38.0.2125.111\Peppe rFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-4232016636-84198704-3704125859-500 - Administrator - Disabled)
Guest (S-1-5-21-4232016636-84198704-3704125859-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4232016636-84198704-3704125859-1009 - Limited - Enabled)
Merrav (S-1-5-21-4232016636-84198704-3704125859-1000 - Administrator - Enabled) => C:\Users\Merrav

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 05:11:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:59:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34664561

Error: (01/13/2015 04:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34664561

Error: (01/13/2015 04:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2015 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34663547

Error: (01/13/2015 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34663547

Error: (01/13/2015 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2015 04:45:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34662392

Error: (01/13/2015 04:45:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34662392


System errors:
=============
Error: (01/13/2015 05:11:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
PxHlpa64

Error: (01/13/2015 05:11:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/13/2015 05:11:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/13/2015 05:09:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/13/2015 05:08:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/13/2015 05:01:52 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/13/2015 05:01:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MERRAV-VAIO :20" could not be registered on the interface with IP address 192.168.2.3.
The computer with the IP address 192.168.1.106 did not allow the name to be claimed by
this computer.

Error: (01/13/2015 05:01:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MERRAV-VAIO :0" could not be registered on the interface with IP address 192.168.2.3.
The computer with the IP address 192.168.1.106 did not allow the name to be claimed by
this computer.

Error: (01/13/2015 05:01:15 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D28D3546-63E4-413E-850C-62B6A461B3BF} because another computer on the network has the same name. The server could not start.

Error: (01/13/2015 05:00:39 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office Sessions:
=========================
Error: (01/13/2015 05:11:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:59:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34664561

Error: (01/13/2015 04:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34664561

Error: (01/13/2015 04:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2015 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34663547

Error: (01/13/2015 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34663547

Error: (01/13/2015 04:45:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2015 04:45:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34662392

Error: (01/13/2015 04:45:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34662392


CodeIntegrity Errors:
===================================
Date: 2014-09-19 21:52:13.723
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:52:13.678
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:51:48.672
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:51:48.627
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:51:19.957
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:51:19.911
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:50:59.556
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:50:59.509
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:49:48.244
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-19 21:49:48.196
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 4011.86 MB
Available physical RAM: 1316.56 MB
Total Pagefile: 8021.9 MB
Available Pagefile: 4318.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.88 GB) (Free:257.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 390A7474)
Partition 1: (Not Active) - (Size=16.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

1. Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
2. Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
3. When the disclaimer appears, click Yes.
4. Click Scan to start FRST.
5. When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
6. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

1. Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
2. Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
3. When the disclaimer appears, click Yes.
4. Click Scan to start FRST.
5. When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
6. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Hey, :)
please post the Adwarecleaner Log.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

1. Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
2. Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
3. When the disclaimer appears, click Yes.
4. Click Scan to start FRST.
5. When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
6. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

1. Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
2. Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
3. When the disclaimer appears, click Yes.
4. Click Scan to start FRST.
5. When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
6. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

it has been a month and no help. I see people who posted a week ago getting help. What is the problem?

I had to run this in SAFE mode. I tried it before and it just sat there for 1/2 hr. Before FRST I ran Malware and it worked at first but then got worse.
FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by John (administrator) on JOHN-PC on 14-01-2015 16:08:02
Running from E:\
Loaded Profiles: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\windows\system32\ICO.EXE [90624 2006-09-29] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [26816 2012-08-22] (PC Pitstop LLC)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [177448 2008-07-17] (Seagate LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1728624 2014-12-01] (PC Pitstop LLC)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-196533092-670095137-1722508311-1001\...\Run: [Download Nitro] => C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe [3597520 2011-06-30] (PC Pitstop, LLC)
HKU\S-1-5-21-196533092-670095137-1722508311-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-196533092-670095137-1722508311-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-196533092-670095137-1722508311-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activity Monitor Utility.lnk
ShortcutTarget: Activity Monitor Utility.lnk -> C:\Program Files\Kersh Wellness\Activity Monitor Utility\Kersh.TrayApplication.exe (Kersh Wellness)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-196533092-670095137-1722508311-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-196533092-670095137-1722508311-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-196533092-670095137-1722508311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={search...c=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={search...c=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/J...upClient64.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...detect1263.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.stantec.com/dana-cach...etupClient.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-20]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-14]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2013-10-20]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
S2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-29] (WildTangent)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [605808 2014-12-01] (PC Pitstop LLC)
S2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-10-04] (PC Pitstop LLC)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S1 NEOFLTR_710_20169; C:\windows\system32\Drivers\NEOFLTR_710_20169.SYS [99152 2012-01-13] (Juniper Networks)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 pqwopmxf; \??\C:\windows\system32\drivers\pqwopmxf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 15:34 - 2015-01-14 16:08 - 00000000 ____D () C:\FRST
2015-01-14 14:17 - 2015-01-14 14:17 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 13:32 - 2015-01-14 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 12:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-14 12:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-14 12:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-14 12:54 - 2015-01-14 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 11:56 - 2015-01-14 11:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 09:26 - 2015-01-14 09:26 - 00028484 _____ () C:\Users\John\Desktop\combofix_scan_20150114.txt
2015-01-14 09:21 - 2015-01-14 09:21 - 00028484 _____ () C:\ComboFix.txt
2015-01-14 08:09 - 2015-01-14 09:21 - 00000000 ____D () C:\Qoobox
2015-01-14 08:09 - 2015-01-14 08:16 - 00000000 ____D () C:\windows\erdnt
2015-01-14 08:09 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-14 08:09 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-14 08:09 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-14 08:09 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-14 08:09 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-14 08:09 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-14 08:09 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-14 08:09 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-14 08:08 - 2015-01-14 08:07 - 05609736 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2015-01-14 08:05 - 2015-01-14 08:05 - 00024345 _____ () C:\Users\John\Desktop\dds.txt
2015-01-14 08:05 - 2015-01-14 08:05 - 00017702 _____ () C:\Users\John\Desktop\attach.txt
2015-01-14 08:03 - 2015-01-14 08:00 - 00688992 ____R (Swearware) C:\Users\John\Desktop\dds.exe
2015-01-14 08:03 - 2015-01-14 08:00 - 00688992 _____ (Swearware) C:\Users\John\Desktop\dds.com
2015-01-13 21:09 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 21:09 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-13 21:09 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-13 21:09 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-13 21:09 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:09 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:09 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 20:46 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 20:46 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 20:46 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 20:46 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 20:46 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 20:46 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-12 19:53 - 2015-01-12 19:53 - 00000000 ____D () C:\found.001
2015-01-11 20:33 - 2015-01-11 20:33 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-11 20:32 - 2015-01-14 12:43 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-06 21:34 - 2015-01-06 21:34 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
2015-01-06 21:34 - 2015-01-06 21:34 - 00000000 ____D () C:\Users\John\AppData\Local\C05E2023-42CE-4A24-A84B-0D84BBACCB79.aplzod
2015-01-06 21:22 - 2015-01-06 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-06 21:20 - 2015-01-06 21:20 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-06 21:20 - 2015-01-06 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-06 21:20 - 2015-01-06 21:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-02 21:28 - 2015-01-02 21:28 - 00000000 ____D () C:\thumb_drive_backup_2
2015-01-02 21:24 - 2015-01-02 21:24 - 00000000 ____D () C:\thumb_drive_backup
2015-01-02 21:19 - 2015-01-02 21:19 - 00000000 ____D () C:\New folder
2014-12-19 19:20 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-19 19:20 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 16:06 - 2010-11-20 22:47 - 00269174 _____ () C:\windows\PFRO.log
2015-01-14 16:05 - 2012-01-17 18:59 - 00000000 ____D () C:\ProgramData\PCPitstop
2015-01-14 16:05 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-14 16:04 - 2009-07-13 23:51 - 00095477 _____ () C:\windows\setupact.log
2015-01-14 16:03 - 2012-09-08 17:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Free Download Manager
2015-01-14 16:03 - 2011-09-20 13:29 - 01205757 _____ () C:\windows\WindowsUpdate.log
2015-01-14 15:16 - 2012-04-28 13:33 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 12:23 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 12:23 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 12:14 - 2011-11-12 19:02 - 00000000 ____D () C:\Users\John\AppData\Local\Google
2015-01-14 12:14 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\TAPI
2015-01-14 11:58 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-14 09:20 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2015-01-13 21:14 - 2014-10-30 05:42 - 00000000 ____D () C:\windows\system32\MRT
2015-01-13 21:09 - 2011-10-29 06:35 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 10:31 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-13 09:00 - 2013-02-25 19:53 - 00000000 ____D () C:\Program Files\Google
2015-01-13 09:00 - 2011-11-12 21:32 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-12 19:49 - 2012-09-08 17:02 - 00000000 ____D () C:\ProgramData\PCPitstopDat
2015-01-11 20:43 - 2014-01-20 19:45 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2015-01-10 18:21 - 2011-10-30 16:19 - 00000000 ____D () C:\Users\John\AppData\Local\Microsoft Help
2015-01-10 08:54 - 2011-12-29 12:36 - 00052869 _____ () C:\Users\John\Documents\PNC_checking-register.xlsx
2015-01-06 21:34 - 2012-04-28 15:03 - 00000000 ____D () C:\Users\John\AppData\Local\Apple
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-04 20:32 - 2011-10-30 16:57 - 00000000 ____D () C:\Users\John\AppData\Roaming\Apple Computer
2015-01-01 19:41 - 2013-05-31 23:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-31 13:51 - 2014-12-13 07:28 - 00000000 ____D () C:\2905_offer_121214
2014-12-29 06:40 - 2011-09-20 14:14 - 00002430 ____N () C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
2014-12-29 06:40 - 2011-09-20 14:14 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-29 06:40 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\5_gq4kaa.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 13:30
==================== End Of Log ============================

ADDITION.TXT
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by John at 2015-01-14 15:35:14
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: PC Matic Super Shield (Enabled - Up to date) {A75D148F-9EA0-5C05-DCC3-E2888D63FFEC}
AS: PC Matic Super Shield (Enabled - Up to date) {1C3CF56B-B89A-538B-E673-D9FAF6E4B551}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Hello,
I am having issues with AVG being blocked by software restrictions using Windows XP. Can you please help get my PC cleaned up! Thank you!

Here is the TSG SysInfo results:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.70GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 503 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 96 Mb
Hard Drives: C: Total - 57223 MB, Free - 31728 MB;
Motherboard: Dell Inc., 0RJ272
Antivirus: AVG AntiVirus Free Edition 2015, Updated: No, On-Demand Scanner: Enabled