Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 laptop freezes and crashes often - can't figure out why


  • This topic is locked This topic is locked
26 replies to this topic

#1 etech0

etech0

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 01 October 2014 - 12:37 PM

Hello!

 

My Windows 8.1 laptop freezes / hangs all the time, and I don't know why. It has 4gb of RAM and the hard drive is around 3/4 empty.

 

I tried running DDS and got this error:

DDS is not meant to run in 'Compatibility Mode'.
The program shall now exit.
 

Do you have any advice for me?

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:23 PM

Posted 04 October 2014 - 07:22 PM

Hi,

 

DDS wont run on Windows 8, run these other scanner instead

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     

    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #3 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:10:23 PM

    Posted 09 October 2014 - 07:10 AM

    Still with me ?


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #4 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:10:23 PM

    Posted 11 October 2014 - 09:14 PM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:10:23 PM

    Posted 13 October 2014 - 12:32 PM

    This topic has been reopened at the request of the poster


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #6 etech0

    etech0
    • Topic Starter

    • Members
    • 56 posts
    • OFFLINE
    •  
    • Local time:09:23 PM

    Posted 20 October 2014 - 10:04 AM

    Good morning! Thanks for your patience... here are the files:

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
    Ran by Esti (administrator) on ESTI-GI-LAPTOP on 20-10-2014 11:00:38
    Running from C:\Users\Esti\Desktop
    Loaded Profile: Esti (Available profiles: Esti & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Dell) C:\Users\Esti\AppData\Local\Apps\2.0\YN2D7AEW.X8W\QCMVCEP5.X2P\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
    (6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
    (Google Inc.) C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
    (Piriform) C:\Program Files (x86)\Agomo\AgomoClient.exe
    () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
    (Google) C:\Users\Esti\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
    (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
    (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\System32\WerFault.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
    HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5571144 2014-10-13] (Box, Inc.)
    HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Agomo] => C:\Program Files (x86)\Agomo\Agomo.exe [2009368 2014-10-13] (Piriform)
    Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [BitTorrent Sync] => C:\Program Files (x86)\BitTorrent Sync\BTSync.exe [3021672 2014-08-28] (BitTorrent, Inc.)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [DellSystemDetect] => C:\Users\Esti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [Google Update] => C:\Users\Esti\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-12] (Google Inc.)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [GoogleChromeAutoLaunch_BB50D9C19D67AA2EB5854DD3B5D18D48] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
    ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
    Startup: C:\Users\Esti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {b973655f-b823-3729-abea-e88cb316ddd4} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {a316141f-fa66-334c-8d40-a8f4e6d21080} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {a74ad9e8-37eb-31db-9026-8eda10d85860} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {c3de22fc-b307-320f-ba41-27d95101bbf3} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    SearchScopes: HKLM - DefaultScope {64BBBF22-4B4F-405D-B9EA-6B3EC8CCD940} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKLM - {64BBBF22-4B4F-405D-B9EA-6B3EC8CCD940} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {64BBBF22-4B4F-405D-B9EA-6B3EC8CCD940} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKCU - DefaultScope {64BBBF22-4B4F-405D-B9EA-6B3EC8CCD940} URL = 
    SearchScopes: HKCU - {64BBBF22-4B4F-405D-B9EA-6B3EC8CCD940} URL = 
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    ShellExecuteHooks-x32:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Esti\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Esti\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Esti\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Esti\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Esti\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\searchplugins\search.xml
    FF Extension: Pocket - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\isreaditlater@ideashower.com [2014-07-03]
    FF Extension: Evernote Web Clipper - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-19]
    FF Extension: AwardWallet - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\6200cc7406cd11e1a68a12313d1adcbe@jetpack.xpi [2014-06-10]
    FF Extension: Amazon 1Button App for Firefox - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\abb@amazon.com.xpi [2013-11-14]
    FF Extension: about:addons-memory - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\about-addons-memory@tn123.org.xpi [2013-10-08]
    FF Extension: Double-click To Reload Tab - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\doubleclick2reloadtab@linhph.com.xpi [2013-10-10]
    FF Extension: Enhanced Middle Click - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\enhancedmiddleclick@senicar.net.xpi [2013-10-01]
    FF Extension: Firebug - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-30]
    FF Extension: FirePHP - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2014-01-03]
    FF Extension: FireQuery - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\firequery@binaryage.com.xpi [2014-03-06]
    FF Extension: PriceBlink - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\info@priceblink.com.xpi [2014-06-09]
    FF Extension: Cirrus Insight - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\jid0-YFSUHtdqQAYkrfpOKSheLB99kDc@jetpack.xpi [2013-11-20]
    FF Extension: Yesware Email Tracking - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-10-17]
    FF Extension: keySharky - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\keysharky@intars.students.xpi [2013-10-03]
    FF Extension: Permanent List-all-tabs Button - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\listalltabs@sdrocking.com.xpi [2013-10-01]
    FF Extension: Memory Restart - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\memoryrestart@teamextension.com.xpi [2013-10-01]
    FF Extension: Pano - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\pano@teramako.github.com.xpi [2013-10-01]
    FF Extension: Rights To Close - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\shan.developer@gmail.com.xpi [2013-09-30]
    FF Extension: TabCloud - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\tabcloud@firefox.connorhd.co.uk.xpi [2014-01-29]
    FF Extension: Tab Scope - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\tabscope@xuldev.org.xpi [2013-09-30]
    FF Extension: Tab Sidebar Reloaded - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\TabSidebar@electronplumber.com.xpi [2013-10-01]
    FF Extension: Tile Tabs - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\tiletabs@DW-dev.xpi [2013-10-01]
    FF Extension: Tree Style Tab - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2013-10-01]
    FF Extension: Vertical Tabs - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\verticaltabs@philikon.de.xpi [2013-09-30]
    FF Extension: CoolPreviews - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2013-10-01]
    FF Extension: Download Statusbar - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-30]
    FF Extension: DownThemAll! - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-03]
    FF Extension: FoxTab - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013-09-30]
     
    Chrome: 
    =======
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN16476892042967303&ctid=CT3289847&SearchSource=48", "hxxp://www.aish.com/", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0ByE0Dzz0B0DtCtAtBtN0D0Tzu0SyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=82366203&ir=", "hxxp://www.google.com"
    CHR Profile: C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Tab Expose) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackpfhlmgjdjlohhjmbacaajbmkkklnp [2013-09-17]
    CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2013-09-17]
    CHR Extension: (TooManyTabs for Chrome) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2013-09-17]
    CHR Extension: (Google Docs) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-17]
    CHR Extension: (PriceBlink) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2013-09-17]
    CHR Extension: (Google Drive) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
    CHR Extension: (WOT) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-09-17]
    CHR Extension: (Sidewise Tree Style Tabs) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo [2013-09-17]
    CHR Extension: (Tab Resize - split screen layouts) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2013-09-17]
    CHR Extension: (YouTube) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-17]
    CHR Extension: (Adblock Plus) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-17]
    CHR Extension: (Google Search) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-17]
    CHR Extension: (Type-ahead-find) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpecbmjeidppdiampimghndkikcmoadk [2013-09-17]
    CHR Extension: (Tabs Outliner) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2013-09-17]
    CHR Extension: (Visual Tabs) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpnbibondcjmkmmdmdjahgoglpendge [2013-09-17]
    CHR Extension: (Tabman Tabs Manager) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm [2013-09-17]
    CHR Extension: (The Great Suspender) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2013-09-17]
    CHR Extension: (Pocket) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2013-09-17]
    CHR Extension: (DevTools Autosave) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlejngncgiocofkcbnnpaieapabmanfl [2013-09-17]
    CHR Extension: (feedly) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2013-09-17]
    CHR Extension: (Veritabs) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehjgjnfanppoiaikadimdkobpdahnmg [2013-09-17]
    CHR Extension: (Save to Pocket) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-09-17]
    CHR Extension: (Google Wallet) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
    CHR Extension: (Tab Grouper) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjkncjgjecdkffkdkngkinoggpcgifd [2013-09-17]
    CHR Extension: (Evernote Web Clipper) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-09-17]
    CHR Extension: (Gmail) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-17]
    CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Esti\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-20]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
    R2 AgomoService; C:\Program Files (x86)\Agomo\AgomoClient.exe [14612760 2014-10-13] (Piriform)
    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
    S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-09-24] (Box, Inc.)
    S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
    R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
    S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
    R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
    S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
    S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [20992 2012-04-02] (Microsoft) [File not signed]
    R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-29] (Microsoft Corporation)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-29] (Microsoft Corporation)
    S3 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-29] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-09-06] (Broadcom Corporation)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
    R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-29] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
    R3 cpuz137; \??\C:\WINDOWS\TEMP\cpuz137\cpuz137_x64.sys [X]
    U3 aswMBR; \??\C:\Users\Esti\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\Esti\AppData\Local\Temp\aswVmm.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-20 10:56 - 2014-10-20 10:59 - 00053061 _____ () C:\Users\Esti\Desktop\Addition.txt
    2014-10-20 10:52 - 2014-10-20 11:03 - 00031674 _____ () C:\Users\Esti\Desktop\FRST.txt
    2014-10-20 10:51 - 2014-10-20 11:01 - 00000000 ____D () C:\FRST
    2014-10-20 10:49 - 2014-10-20 10:49 - 01102848 _____ (Farbar) C:\Users\Esti\Desktop\FRST.exe
    2014-10-20 10:47 - 2014-10-20 10:47 - 02111488 _____ (Farbar) C:\Users\Esti\Desktop\FRST64.exe
    2014-10-20 10:44 - 2014-10-20 10:44 - 00000493 _____ () C:\Users\Esti\Desktop\aswMBR.txt
    2014-10-20 10:40 - 2014-10-20 10:40 - 05185536 _____ (AVAST Software) C:\Users\Esti\Downloads\aswMBR.exe
    2014-10-07 10:38 - 2014-10-07 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
    2014-10-02 16:52 - 2014-10-02 16:52 - 00014992 _____ () C:\Users\Esti\Desktop\DONATIONS TO POST.xlsx
    2014-10-01 15:40 - 2014-10-01 15:41 - 00028216 _____ () C:\Users\Esti\Desktop\ss email list.xlsx
    2014-10-01 13:16 - 2014-10-20 10:35 - 00000000 ____D () C:\Program Files (x86)\Informatica Cloud Secure Agent
    2014-10-01 13:16 - 2014-10-01 13:19 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
    2014-10-01 13:15 - 2014-10-01 13:15 - 00000000 ___HD () C:\Users\Esti\InstallAnywhere
    2014-10-01 13:10 - 2014-10-01 13:12 - 164794171 _____ (Macrovision) C:\Users\Esti\Downloads\agent_install.exe
    2014-10-01 12:23 - 2014-10-01 12:23 - 00688992 _____ (Swearware) C:\Users\Esti\Downloads\dds.com
    2014-10-01 12:22 - 2014-10-01 12:23 - 00000000 ____D () C:\Program Files\Defraggler
    2014-10-01 12:22 - 2014-10-01 12:22 - 00001738 _____ () C:\Users\Public\Desktop\Defraggler.lnk
    2014-10-01 12:22 - 2014-10-01 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
    2014-10-01 12:21 - 2014-10-01 12:21 - 04362512 _____ (Piriform Ltd) C:\Users\Esti\Downloads\dfsetup218.exe
    2014-10-01 12:06 - 2014-10-01 12:06 - 02626112 _____ (Taralex LLC) C:\Users\Esti\Downloads\setup - 1.9.0.2 - last non-commercial version.exe
    2014-10-01 12:06 - 2014-10-01 12:06 - 00000000 ____D () C:\Program Files (x86)\Taralex LLC
    2014-10-01 11:08 - 2014-10-01 11:08 - 02983280 _____ (Taralex LLC) C:\Users\Esti\Downloads\setup.exe
    2014-09-30 17:03 - 2014-09-30 17:03 - 00018541 _____ () C:\Users\Esti\Desktop\email solicit list.csv
    2014-09-22 16:35 - 2014-09-22 16:37 - 202379924 _____ () C:\Users\Esti\Desktop\IHTV website.zip
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-20 11:02 - 2013-10-29 11:10 - 01650863 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-10-20 11:02 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-10-20 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-10-20 10:37 - 2013-09-17 15:36 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-995853647-2325593953-3422697938-1001
    2014-10-20 10:36 - 2013-09-17 15:46 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-20 10:34 - 2013-10-08 12:47 - 00000023 _____ () C:\WINDOWS\ODBCINST.INI
    2014-10-20 10:28 - 2013-09-30 13:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-10-20 10:24 - 2013-11-13 15:52 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-995853647-2325593953-3422697938-1001UA.job
    2014-10-20 10:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\security
    2014-10-20 09:55 - 2013-09-17 15:46 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-20 09:54 - 2013-10-29 11:21 - 00000000 ___DO () C:\Users\Esti\SkyDrive
    2014-10-20 09:54 - 2013-10-04 12:20 - 00000000 ____D () C:\Users\Esti\AppData\Local\Box Sync
    2014-10-20 09:52 - 2013-12-05 10:27 - 00000000 ____D () C:\Program Files (x86)\Agomo
    2014-10-20 09:50 - 2013-10-04 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
    2014-10-20 09:49 - 2013-09-17 16:11 - 00000000 ___RD () C:\Users\Esti\Documents\Google Drive
    2014-10-20 09:48 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-10-20 09:47 - 2013-10-29 16:31 - 00000000 ____D () C:\Users\Esti\AppData\Local\Deployment
    2014-10-20 09:47 - 2013-09-30 11:48 - 00000000 ____D () C:\Users\Esti\AppData\Roaming\BitTorrent Sync
    2014-10-07 16:53 - 2013-09-17 15:52 - 00000000 ____D () C:\Program Files (x86)\Everything
    2014-10-07 15:24 - 2013-11-13 15:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-995853647-2325593953-3422697938-1001Core.job
    2014-10-07 13:54 - 2013-12-18 11:31 - 00000000 ____D () C:\Users\Esti\Documents\Shimmy
    2014-10-02 12:06 - 2013-09-17 16:08 - 00000000 ____D () C:\Users\Esti\Documents\Chanan
    2014-10-01 17:04 - 2013-09-17 16:17 - 00000000 ____D () C:\Users\Esti\Documents\Shabbat Shalom Faxes
    2014-10-01 13:15 - 2013-10-29 10:55 - 00000000 ____D () C:\Users\Esti
    2014-10-01 12:06 - 2014-01-27 11:23 - 00000000 ____D () C:\Users\Esti\AppData\Local\Downloaded Installations
    2014-10-01 11:20 - 2014-01-27 16:45 - 00064008 _____ () C:\Users\Esti\Documents\Salesforce.log
    2014-09-30 16:45 - 2013-09-17 16:17 - 00000000 ____D () C:\Users\Esti\Documents\Salesforce
    2014-09-30 10:26 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-09-29 16:22 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-09-29 16:21 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-09-29 14:13 - 2013-09-17 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-09-29 14:10 - 2014-09-15 16:16 - 00138000 _____ () C:\WINDOWS\PFRO.log
    2014-09-29 14:10 - 2013-09-17 15:49 - 00000000 ____D () C:\Users\Esti\AppData\Local\Adobe
    2014-09-29 14:10 - 2013-09-17 15:30 - 00000000 ____D () C:\Users\Esti\AppData\Roaming\Adobe
    2014-09-29 13:23 - 2013-09-17 15:49 - 00000000 ____D () C:\ProgramData\Adobe
    2014-09-29 12:57 - 2013-12-23 16:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-09-29 12:04 - 2013-09-17 15:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-09-29 11:45 - 2013-10-07 13:46 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-09-29 10:52 - 2013-10-22 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-09-29 10:52 - 2013-10-22 10:08 - 00000000 ____D () C:\Program Files (x86)\HP
    2014-09-29 10:51 - 2013-10-22 10:14 - 00000121 _____ () C:\WINDOWS\SysWOW64\msiexec.log
    2014-09-29 10:47 - 2013-10-01 15:31 - 00000000 ____D () C:\Program Files (x86)\salesforce.com
    2014-09-29 10:20 - 2013-09-30 11:28 - 00000000 ____D () C:\Users\Esti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\salesforce.com
    2014-09-22 15:27 - 2014-06-25 14:32 - 00000000 ____D () C:\Users\Esti\Documents\Insurance
    2014-09-22 09:51 - 2013-09-30 00:04 - 00998536 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-09-22 02:42 - 2013-09-21 11:46 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    Attached Files


    Edited by ken545, 20 October 2014 - 10:15 AM.


    #7 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:10:23 PM

    Posted 20 October 2014 - 10:22 AM

    You have some bogus toolbars and search engines like speedial and conduit that we need to remove

     

    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAMDashboard_zpsddef9b5f.gif
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #8 etech0

    etech0
    • Topic Starter

    • Members
    • 56 posts
    • OFFLINE
    •  
    • Local time:09:23 PM

    Posted 20 October 2014 - 11:40 AM

    Thanks for such a quick reply! I ran the 3 scans. Attached are 2 files, and below is the Malwarebytes log.

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/20/2014
    Scan Time: 12:09:04 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.10.20.04
    Rootkit Database: v2014.10.17.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Esti

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 434181
    Time Elapsed: 30 min, 57 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 3
    PUP.Optional.AmazonTB.A, C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\jetpack\abb@amazon.com, , [9361d0466d0fdc5aad36d022f80a619f],
    PUP.Optional.AmazonTB.A, C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\jetpack\abb@amazon.com\simple-storage, , [9361d0466d0fdc5aad36d022f80a619f],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, , [29cbf323d6a6d6600d379f5bbd4538c8],

    Files: 13
    PUP.Optional.InstallCore.A, C:\Users\Esti\Downloads\Font_Installer.exe, , [b63e31e56418f244fcc43bf4c23e936d],
    PUP.Optional.Freemium.A, C:\Users\Esti\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe, , [d71d10063c40a0962fd17bc18b76ea16],
    PUP.Optional.AmazonTB.A, C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\extensions\abb@amazon.com.xpi, , [04f0d04698e43cfa3d162f1981822ad6],
    PUP.Optional.AmazonTB.A, C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\jetpack\abb@amazon.com\simple-storage\store.json, , [9361d0466d0fdc5aad36d022f80a619f],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000005.ldb, , [29cbf323d6a6d6600d379f5bbd4538c8],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000017.ldb, , [29cbf323d6a6d6600d379f5bbd4538c8],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000053.ldb, , [29cbf323d6a6d6600d379f5bbd4538c8],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000153.log, , [29cbf323d6a6d6600d379f5bbd4538c8],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, , [29cbf323d6a6d6600d379f5bbd4538c8],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, , [29cbf323d6a6d6600d379f5bbd4538c8],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, , [29cbf323d6a6d6600d379f5bbd4538c8],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, , [29cbf323d6a6d6600d379f5bbd4538c8],
    PUP.Optional.MySpeedDial.A, C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000151, , [29cbf323d6a6d6600d379f5bbd4538c8],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Attached Files



    #9 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:10:23 PM

    Posted 20 October 2014 - 11:51 AM

    Good, go ahead and run a new scan with FRST, be sure to checkmark Additions and post both logs, if you can I prefer you copy and paste the logs in lieu of attaching them, it makes it easier for me to research the logs


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #10 etech0

    etech0
    • Topic Starter

    • Members
    • 56 posts
    • OFFLINE
    •  
    • Local time:09:23 PM

    Posted 20 October 2014 - 11:57 AM

    Sure, here they are:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
    Ran by Esti (administrator) on ESTI-GI-LAPTOP on 20-10-2014 12:53:56
    Running from C:\Users\Esti\Desktop
    Loaded Profile: Esti (Available profiles: Esti & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
    (Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Piriform) C:\Program Files (x86)\Agomo\AgomoClient.exe
    (DDHelper) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
    (CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
    (BitTorrent, Inc.) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    (Dell) C:\Users\Esti\AppData\Local\Apps\2.0\YN2D7AEW.X8W\QCMVCEP5.X2P\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
    (Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
    (Google Inc.) C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Google Inc.) C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Piriform) C:\Program Files (x86)\Agomo\Agomo.exe
    () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Google) C:\Users\Esti\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
    () C:\Program Files (x86)\Everything\Everything.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
    HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5571144 2014-10-13] (Box, Inc.)
    HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Agomo] => C:\Program Files (x86)\Agomo\Agomo.exe [2009368 2014-10-13] (Piriform)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
    Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [BitTorrent Sync] => C:\Program Files (x86)\BitTorrent Sync\BTSync.exe [3021672 2014-08-28] (BitTorrent, Inc.)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [DellSystemDetect] => C:\Users\Esti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [Google Update] => C:\Users\Esti\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-12] (Google Inc.)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
    HKU\S-1-5-21-995853647-2325593953-3422697938-1001\...\Run: [GoogleChromeAutoLaunch_BB50D9C19D67AA2EB5854DD3B5D18D48] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
    ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
    Startup: C:\Users\Esti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
    ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {b973655f-b823-3729-abea-e88cb316ddd4} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {a316141f-fa66-334c-8d40-a8f4e6d21080} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {a74ad9e8-37eb-31db-9026-8eda10d85860} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {c3de22fc-b307-320f-ba41-27d95101bbf3} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    SearchScopes: HKLM - {64BBBF22-4B4F-405D-B9EA-6B3EC8CCD940} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKLM-x32 - {64BBBF22-4B4F-405D-B9EA-6B3EC8CCD940} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKCU - {64BBBF22-4B4F-405D-B9EA-6B3EC8CCD940} URL =
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    ShellExecuteHooks-x32:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default
    FF Homepage: https://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Esti\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Esti\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Esti\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Esti\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Esti\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Evernote Web Clipper - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-19]
    FF Extension: AwardWallet - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\6200cc7406cd11e1a68a12313d1adcbe@jetpack.xpi [2014-06-10]
    FF Extension: about:addons-memory - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\about-addons-memory@tn123.org.xpi [2013-10-08]
    FF Extension: Double-click To Reload Tab - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\doubleclick2reloadtab@linhph.com.xpi [2013-10-10]
    FF Extension: Enhanced Middle Click - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\enhancedmiddleclick@senicar.net.xpi [2013-10-01]
    FF Extension: Firebug - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-30]
    FF Extension: FirePHP - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2014-01-03]
    FF Extension: FireQuery - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\firequery@binaryage.com.xpi [2014-03-06]
    FF Extension: Cirrus Insight - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\jid0-YFSUHtdqQAYkrfpOKSheLB99kDc@jetpack.xpi [2013-11-20]
    FF Extension: Yesware Email Tracking - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-10-17]
    FF Extension: keySharky - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\keysharky@intars.students.xpi [2013-10-03]
    FF Extension: Permanent List-all-tabs Button - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\listalltabs@sdrocking.com.xpi [2013-10-01]
    FF Extension: Memory Restart - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\memoryrestart@teamextension.com.xpi [2013-10-01]
    FF Extension: Pano - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\pano@teramako.github.com.xpi [2013-10-01]
    FF Extension: Rights To Close - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\shan.developer@gmail.com.xpi [2013-09-30]
    FF Extension: TabCloud - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\tabcloud@firefox.connorhd.co.uk.xpi [2014-01-29]
    FF Extension: Tab Scope - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\tabscope@xuldev.org.xpi [2013-09-30]
    FF Extension: Tab Sidebar Reloaded - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\TabSidebar@electronplumber.com.xpi [2013-10-01]
    FF Extension: Tile Tabs - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\tiletabs@DW-dev.xpi [2013-10-01]
    FF Extension: Tree Style Tab - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2013-10-01]
    FF Extension: Vertical Tabs - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\verticaltabs@philikon.de.xpi [2013-09-30]
    FF Extension: CoolPreviews - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2013-10-01]
    FF Extension: Download Statusbar - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-30]
    FF Extension: DownThemAll! - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-03]
    FF Extension: FoxTab - C:\Users\Esti\AppData\Roaming\Mozilla\Firefox\Profiles\myk14hpe.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013-09-30]

    Chrome:
    =======
    CHR HomePage: Default -> https://account1.fax87.com/login.aspx?ReturnUrl=%2f
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN16476892042967303&ctid=CT3289847&SearchSource=48", "hxxp://www.aish.com/", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0ByE0Dzz0B0DtCtAtBtN0D0Tzu0SyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=82366203&ir=", "hxxp://www.google.com"
    CHR Profile: C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Tab Expose) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackpfhlmgjdjlohhjmbacaajbmkkklnp [2013-09-17]
    CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2013-09-17]
    CHR Extension: (TooManyTabs for Chrome) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2013-09-17]
    CHR Extension: (Google Docs) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-17]
    CHR Extension: (Google Drive) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
    CHR Extension: (WOT) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-09-17]
    CHR Extension: (Sidewise Tree Style Tabs) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo [2013-09-17]
    CHR Extension: (Tab Resize - split screen layouts) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2013-09-17]
    CHR Extension: (YouTube) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-17]
    CHR Extension: (Adblock Plus) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-17]
    CHR Extension: (Google Search) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-17]
    CHR Extension: (Type-ahead-find) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpecbmjeidppdiampimghndkikcmoadk [2013-09-17]
    CHR Extension: (Tabs Outliner) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2013-09-17]
    CHR Extension: (Visual Tabs) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpnbibondcjmkmmdmdjahgoglpendge [2013-09-17]
    CHR Extension: (Tabman Tabs Manager) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm [2013-09-17]
    CHR Extension: (The Great Suspender) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2013-09-17]
    CHR Extension: (Pocket) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2013-09-17]
    CHR Extension: (DevTools Autosave) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlejngncgiocofkcbnnpaieapabmanfl [2013-09-17]
    CHR Extension: (feedly) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2013-09-17]
    CHR Extension: (Veritabs) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehjgjnfanppoiaikadimdkobpdahnmg [2013-09-17]
    CHR Extension: (Save to Pocket) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-09-17]
    CHR Extension: (Google Wallet) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
    CHR Extension: (Tab Grouper) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjkncjgjecdkffkdkngkinoggpcgifd [2013-09-17]
    CHR Extension: (Evernote Web Clipper) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-09-17]
    CHR Extension: (Gmail) - C:\Users\Esti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-17]
    CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Esti\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
    R2 AgomoService; C:\Program Files (x86)\Agomo\AgomoClient.exe [14612760 2014-10-13] (Piriform)
    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
    S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-09-24] (Box, Inc.)
    S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
    R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
    S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
    R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
    S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
    S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [20992 2012-04-02] (Microsoft) [File not signed]
    R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-29] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-29] (Microsoft Corporation)
    S3 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-29] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-09-06] (Broadcom Corporation)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
    R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-29] (Microsoft Corporation)
    U0 nsyyho; C:\Windows\System32\drivers\vjea.sys [79064 2014-10-20] (Malwarebytes Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
    R3 cpuz137; \??\C:\WINDOWS\TEMP\cpuz137\cpuz137_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-20 12:53 - 2014-10-20 12:54 - 00030055 _____ () C:\Users\Esti\Desktop\FRST.txt
    2014-10-20 12:41 - 2014-10-20 12:41 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\vjea.sys
    2014-10-20 12:41 - 2014-10-20 12:41 - 00003736 _____ () C:\WINDOWS\Tasks\byly
    2014-10-20 12:07 - 2014-10-20 12:08 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-10-20 12:07 - 2014-10-20 12:07 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-20 12:07 - 2014-10-20 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-20 12:07 - 2014-10-20 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-20 12:07 - 2014-10-20 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-20 12:07 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-10-20 12:07 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-10-20 12:07 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-10-20 12:06 - 2014-10-20 12:06 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Esti\Downloads\mbam-setup-2.0.3.1025.exe
    2014-10-20 11:57 - 2014-10-20 11:57 - 00001262 _____ () C:\Users\Esti\Desktop\JRT.txt
    2014-10-20 11:54 - 2014-10-20 11:54 - 01705698 _____ (Thisisu) C:\Users\Esti\Downloads\JRT.exe
    2014-10-20 11:54 - 2014-10-20 11:54 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-10-20 11:35 - 2014-10-20 11:36 - 01976320 _____ () C:\Users\Esti\Desktop\AdwCleaner(1).exe
    2014-10-20 10:51 - 2014-10-20 12:54 - 00000000 ____D () C:\FRST
    2014-10-20 10:47 - 2014-10-20 10:47 - 02111488 _____ (Farbar) C:\Users\Esti\Desktop\FRST64.exe
    2014-10-20 10:40 - 2014-10-20 10:40 - 05185536 _____ (AVAST Software) C:\Users\Esti\Downloads\aswMBR.exe
    2014-10-07 10:38 - 2014-10-07 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
    2014-10-02 16:52 - 2014-10-02 16:52 - 00014992 _____ () C:\Users\Esti\Desktop\DONATIONS TO POST.xlsx
    2014-10-01 15:40 - 2014-10-01 15:41 - 00028216 _____ () C:\Users\Esti\Desktop\ss email list.xlsx
    2014-10-01 13:16 - 2014-10-20 10:35 - 00000000 ____D () C:\Program Files (x86)\Informatica Cloud Secure Agent
    2014-10-01 13:16 - 2014-10-01 13:19 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
    2014-10-01 13:15 - 2014-10-01 13:15 - 00000000 ___HD () C:\Users\Esti\InstallAnywhere
    2014-10-01 13:10 - 2014-10-01 13:12 - 164794171 _____ (Macrovision) C:\Users\Esti\Downloads\agent_install.exe
    2014-10-01 12:23 - 2014-10-01 12:23 - 00688992 _____ (Swearware) C:\Users\Esti\Downloads\dds.com
    2014-10-01 12:22 - 2014-10-01 12:23 - 00000000 ____D () C:\Program Files\Defraggler
    2014-10-01 12:22 - 2014-10-01 12:22 - 00001738 _____ () C:\Users\Public\Desktop\Defraggler.lnk
    2014-10-01 12:22 - 2014-10-01 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
    2014-10-01 12:21 - 2014-10-01 12:21 - 04362512 _____ (Piriform Ltd) C:\Users\Esti\Downloads\dfsetup218.exe
    2014-10-01 12:06 - 2014-10-01 12:06 - 02626112 _____ (Taralex LLC) C:\Users\Esti\Downloads\setup - 1.9.0.2 - last non-commercial version.exe
    2014-10-01 12:06 - 2014-10-01 12:06 - 00000000 ____D () C:\Program Files (x86)\Taralex LLC
    2014-10-01 11:08 - 2014-10-01 11:08 - 02983280 _____ (Taralex LLC) C:\Users\Esti\Downloads\setup.exe
    2014-09-30 17:03 - 2014-09-30 17:03 - 00018541 _____ () C:\Users\Esti\Desktop\email solicit list.csv
    2014-09-22 16:35 - 2014-09-22 16:37 - 202379924 _____ () C:\Users\Esti\Desktop\IHTV website.zip

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-20 12:36 - 2013-09-17 15:46 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-20 12:34 - 2013-09-17 15:52 - 00000000 ____D () C:\Program Files (x86)\Everything
    2014-10-20 12:29 - 2013-09-30 13:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-10-20 12:24 - 2013-11-13 15:52 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-995853647-2325593953-3422697938-1001UA.job
    2014-10-20 12:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\security
    2014-10-20 12:15 - 2013-10-29 16:31 - 00000000 ____D () C:\Users\Esti\AppData\Local\Deployment
    2014-10-20 12:05 - 2013-10-29 11:10 - 01714594 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-10-20 12:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-10-20 12:00 - 2013-09-17 15:36 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-995853647-2325593953-3422697938-1001
    2014-10-20 12:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-10-20 11:53 - 2013-10-29 11:21 - 00000000 ___DO () C:\Users\Esti\SkyDrive
    2014-10-20 11:53 - 2013-09-17 15:46 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-20 11:51 - 2013-10-04 12:20 - 00000000 ____D () C:\Users\Esti\AppData\Local\Box Sync
    2014-10-20 11:50 - 2013-09-30 11:48 - 00000000 ____D () C:\Users\Esti\AppData\Roaming\BitTorrent Sync
    2014-10-20 11:50 - 2013-09-17 16:11 - 00000000 ___RD () C:\Users\Esti\Documents\Google Drive
    2014-10-20 11:48 - 2014-09-15 16:16 - 00140010 _____ () C:\WINDOWS\PFRO.log
    2014-10-20 11:48 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-10-20 11:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-10-20 11:46 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-10-20 11:41 - 2014-01-09 11:06 - 00000000 ____D () C:\AdwCleaner
    2014-10-20 10:34 - 2013-10-08 12:47 - 00000023 _____ () C:\WINDOWS\ODBCINST.INI
    2014-10-20 09:52 - 2013-12-05 10:27 - 00000000 ____D () C:\Program Files (x86)\Agomo
    2014-10-20 09:50 - 2013-10-04 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
    2014-10-07 15:24 - 2013-11-13 15:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-995853647-2325593953-3422697938-1001Core.job
    2014-10-07 13:54 - 2013-12-18 11:31 - 00000000 ____D () C:\Users\Esti\Documents\Shimmy
    2014-10-02 12:06 - 2013-09-17 16:08 - 00000000 ____D () C:\Users\Esti\Documents\Chanan
    2014-10-01 17:04 - 2013-09-17 16:17 - 00000000 ____D () C:\Users\Esti\Documents\Shabbat Shalom Faxes
    2014-10-01 13:15 - 2013-10-29 10:55 - 00000000 ____D () C:\Users\Esti
    2014-10-01 12:06 - 2014-01-27 11:23 - 00000000 ____D () C:\Users\Esti\AppData\Local\Downloaded Installations
    2014-10-01 11:20 - 2014-01-27 16:45 - 00064008 _____ () C:\Users\Esti\Documents\Salesforce.log
    2014-09-30 16:45 - 2013-09-17 16:17 - 00000000 ____D () C:\Users\Esti\Documents\Salesforce
    2014-09-30 10:26 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-09-29 14:13 - 2013-09-17 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-09-29 14:10 - 2013-09-17 15:49 - 00000000 ____D () C:\Users\Esti\AppData\Local\Adobe
    2014-09-29 14:10 - 2013-09-17 15:30 - 00000000 ____D () C:\Users\Esti\AppData\Roaming\Adobe
    2014-09-29 13:23 - 2013-09-17 15:49 - 00000000 ____D () C:\ProgramData\Adobe
    2014-09-29 12:57 - 2013-12-23 16:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-09-29 12:04 - 2013-09-17 15:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-09-29 11:45 - 2013-10-07 13:46 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-09-29 10:52 - 2013-10-22 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-09-29 10:52 - 2013-10-22 10:08 - 00000000 ____D () C:\Program Files (x86)\HP
    2014-09-29 10:51 - 2013-10-22 10:14 - 00000121 _____ () C:\WINDOWS\SysWOW64\msiexec.log
    2014-09-29 10:47 - 2013-10-01 15:31 - 00000000 ____D () C:\Program Files (x86)\salesforce.com
    2014-09-29 10:20 - 2013-09-30 11:28 - 00000000 ____D () C:\Users\Esti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\salesforce.com
    2014-09-22 15:27 - 2014-06-25 14:32 - 00000000 ____D () C:\Users\Esti\Documents\Insurance
    2014-09-22 09:51 - 2013-09-30 00:04 - 00998536 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-09-22 02:42 - 2013-09-21 11:46 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    Some content of TEMP:
    ====================
    C:\Users\Esti\AppData\Local\Temp\Quarantine.exe
    C:\Users\Esti\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-30 10:17

    ==================== End Of Log ============================

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014
    Ran by Esti at 2014-10-20 12:54:59
    Running from C:\Users\Esti\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Agomo (HKLM-x32\...\Agomo) (Version: 1.0.0.5874 - Piriform)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AutoHotkey 1.1.13.00 (HKLM\...\AutoHotkey) (Version: 1.1.13.00 - Lexikos)
    BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.1.82 - )
    Box Sync (HKLM\...\{2603834D-4CE3-4594-B331-33CD4FB73129}) (Version: 4.0.5500.0 - Box, Inc.)
    Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
    Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
    Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
    CrashPlan (HKLM\...\{FCE35118-DD2F-4DB8-A5B6-D857F95669E0}) (Version: 3.5.3 - CrashPlan)
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
    CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
    CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Decrap my Computer (HKLM-x32\...\Decrap my Computer) (Version:  - Macecraft Software)
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
    Dropbox (HKCU\...\Dropbox) (Version: 2.2.13 - Dropbox, Inc.)
    DupDetector 3.302 (HKLM-x32\...\DupDetector_is1) (Version:  - Prismatic Software)
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.59.26 - Dell Inc.)
    DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.143 - Dell Inc.)
    Elevated Installer (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
    Enabler for Excel (HKLM-x32\...\{D8754622-9EFD-4F1B-8561-C3D138B22C59}) (Version: 1.9.0.2 - Taralex LLC)
    Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
    Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
    FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
    Garmin Express Tray (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
    Git version 1.8.4-preview20130916 (HKLM-x32\...\Git_is1) (Version: 1.8.4-preview20130916 - The Git Development Community)
    Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM\...\{9B832FB8-03F6-4FFB-AA7F-67A733F6BBD7}) (Version: 3.0.19.44 - Google, Inc.)
    Google Apps Sync™ for Microsoft Outlook® 3.5.380.1010 (HKLM\...\{AA88BC5C-5507-44B3-80B2-E263A274C1C1}) (Version: 3.5.380.1010 - Google, Inc.)
    Google Chrome (HKLM-x32\...\{22F1EAF5-90BF-34E1-BEE2-DDD125257BC9}) (Version: 65.130.49219 - Google, Inc.)
    Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
    GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
    IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
    Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
    Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
    Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.2.408 - Microsoft Garage)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (HKLM-x32\...\{82284382-30E3-4DED-980B-746278DA6CC2}) (Version: 4.0.8854.1 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1 (HKLM\...\{FAF57A91-58B3-490C-9D0C-66337DAD3F11}) (Version: 4.0.8854.1 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
    Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
    Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Python 2.7.5 (HKLM-x32\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
    Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
    SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.3.2 - Krzysztof Kowalczyk)
    TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
    WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    WinFF 1.5.2 64 bit (Codename EMMA) (HKLM\...\WinFF_is1) (Version:  - WinFF.org)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    Wunderlist (HKLM-x32\...\{1ca68332-4ba1-4943-9010-eaa1aa45b492}) (Version: 2.3.0.31 - 6 Wunderkinder GmbH)
    Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Esti\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Esti\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Esti\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-995853647-2325593953-3422697938-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Esti\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    ==================== Restore Points  =========================

    18-09-2014 17:50:18 Decrap my Computer [W8-x64] - Decrap my Computer
    29-09-2014 13:48:50 Windows Update
    01-10-2014 14:29:28 Revo Uninstaller's restore point - Enabler for Excel

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 01:26 - 2014-01-06 11:40 - 00001058 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost### Begin DesktopServer - do not edit this and proceeding lines ###
    127.0.0.1    www.goinspire.dev


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {0B78D052-A4BB-4D3C-8BD8-B53D838DF4DF} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
    Task: {0F4A63C5-C8E6-416F-8ADC-F4E4AF31E85B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
    Task: {105778C6-71A8-4B8A-BFC3-C3CD63642159} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {4036FBBB-F43F-42F5-A16B-6B024D95FEDB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
    Task: {474AC7FB-1428-46BF-8E9F-7F3F99BFA5CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-995853647-2325593953-3422697938-1001Core => C:\Users\Esti\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {6F09E223-8549-4BFF-B077-25FD3E86382F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {745788C7-1545-4BC3-9D27-61F70133B22E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17] (Google Inc.)
    Task: {77EF4467-7427-4222-ABE2-4D83BCFF87D1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {9A231FFE-0EEC-404B-8D3C-6EEB42EB0AB9} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {AEA7958E-E59A-42B9-98BF-ECE1B37E0468} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
    Task: {AF5F12CB-6B25-4C45-A618-D17B9051C5B2} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
    Task: {B790DABF-8670-42B3-BC08-0E17DE526D89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17] (Google Inc.)
    Task: {CB9B9E67-B5E3-436F-BA7E-8A3DE80A2513} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D691B07C-8DFC-4C5E-9AE5-850CCCAC06C4} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {F19EF9CE-0951-4D68-B6EE-EF73E073262E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-995853647-2325593953-3422697938-1001UA => C:\Users\Esti\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.)
    Task: {F68BDB34-E961-4359-813C-0C61AF28B5C9} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
    Task: {FD7AD779-FABC-47B2-9878-FE63109E43A8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-995853647-2325593953-3422697938-1001Core.job => C:\Users\Esti\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-995853647-2325593953-3422697938-1001UA.job => C:\Users\Esti\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-01-13 12:03 - 2012-10-04 20:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
    2013-09-04 20:13 - 2013-09-04 20:13 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
    2013-04-08 19:35 - 2013-04-08 19:35 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
    2014-02-26 11:57 - 2014-02-26 11:57 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
    2012-11-03 04:21 - 2012-04-24 22:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2012-08-06 20:16 - 2012-08-06 20:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
    2012-08-06 20:16 - 2012-08-06 20:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
    2012-08-06 20:16 - 2012-08-06 20:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
    2012-08-06 20:16 - 2012-08-06 20:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
    2012-08-06 20:16 - 2012-08-06 20:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
    2012-08-06 20:16 - 2012-08-06 20:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
    2012-04-10 23:30 - 2012-04-10 23:30 - 00471552 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
    2012-10-27 07:28 - 2012-10-27 07:28 - 00128512 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
    2012-10-27 07:27 - 2012-10-27 07:27 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
    2012-10-27 07:29 - 2012-10-27 07:29 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
    2012-04-10 23:25 - 2012-04-10 23:25 - 00111616 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
    2013-10-09 17:05 - 2013-10-09 17:05 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd
    2013-10-09 17:05 - 2013-10-09 17:05 - 00103424 _____ () C:\Program Files\Box\Box Sync\Python.Runtime.dll
    2012-04-10 23:24 - 2012-04-10 23:24 - 00046080 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
    2012-04-10 23:30 - 2012-04-10 23:30 - 01167360 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
    2012-04-10 23:24 - 2012-04-10 23:24 - 00689664 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
    2012-04-10 23:24 - 2012-04-10 23:24 - 00058368 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
    2012-10-27 07:31 - 2012-10-27 07:31 - 00438784 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
    2012-10-27 07:27 - 2012-10-27 07:27 - 00023040 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
    2013-10-09 17:07 - 2013-10-09 17:07 - 00027136 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
    2014-09-11 14:18 - 2014-09-11 14:18 - 00044544 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
    2012-10-27 07:27 - 2012-10-27 07:27 - 00149504 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
    2012-04-10 23:24 - 2012-04-10 23:24 - 00010752 _____ () C:\Program Files\Box\Box Sync\select.pyd
    2012-10-27 07:28 - 2012-10-27 07:28 - 00136192 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
    2012-10-27 07:27 - 2012-10-27 07:27 - 00044032 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
    2012-04-10 23:24 - 2012-04-10 23:24 - 00166912 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
    2012-04-10 23:24 - 2012-04-10 23:24 - 00164352 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
    2012-10-27 07:27 - 2012-10-27 07:27 - 00030720 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
    2014-01-07 19:36 - 2014-01-07 19:36 - 00030208 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
    2014-01-07 19:36 - 2014-01-07 19:36 - 00008192 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
    2014-01-07 19:36 - 2014-01-07 19:36 - 00010752 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
    2014-01-07 19:36 - 2014-01-07 19:36 - 00011264 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
    2012-04-10 23:24 - 2012-04-10 23:24 - 00031744 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
    2012-10-27 07:28 - 2012-10-27 07:28 - 00053760 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
    2014-09-10 14:23 - 2014-09-10 14:23 - 00026112 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
    2012-10-27 07:27 - 2012-10-27 07:27 - 00021504 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
    2012-10-27 07:28 - 2012-10-27 07:28 - 00223232 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
    2014-09-09 16:30 - 2014-09-09 16:30 - 00068096 _____ () C:\Program Files\Box\Box Sync\SystemWrapper.dll
    2014-09-16 14:30 - 2014-09-16 14:30 - 01627648 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ReactiveUI\fb2dd6c29b878dbc1295dfb53a7ac8d1\ReactiveUI.ni.dll
    2014-05-10 13:14 - 2014-05-10 13:14 - 00045056 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Wunderkinded9c6edae#\91698b1622289e40cf732bb8ef21faf8\Wunderkinder.Wunderlist.Presentation.ni.dll
    2014-05-10 13:16 - 2014-05-10 13:16 - 00033280 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Wunderkinde6f42a4a9#\c05ab565b531aeabe0fc7669cb81f7a0\Wunderkinder.Wunderlist.Data.Realtime.ni.dll
    2014-05-10 13:14 - 2014-05-10 13:14 - 00510464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Akavache.Portable\38baa1fe1c18c8c4a3d53711497f522d\Akavache.Portable.ni.dll
    2014-09-16 14:30 - 2014-09-16 14:30 - 00877568 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AutoMapper\5b51884fdb913901ae820519bb9cb6d3\AutoMapper.ni.dll
    2013-10-01 13:33 - 2013-10-01 13:33 - 00028160 _____ () C:\Program Files (x86)\Wunderlist2\AutoMapper.Net4.dll
    2014-09-16 14:30 - 2014-09-16 14:30 - 00128512 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\GongSolutio459c0a76#\9c0d97eb9c7550e3ffba53cd19129644\GongSolutions.Wpf.DragDrop.ni.dll
    2013-10-01 13:33 - 2013-10-01 13:33 - 00037376 _____ () C:\Program Files (x86)\Wunderlist2\Akavache.dll
    2014-10-13 10:59 - 2014-10-13 10:59 - 00030232 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
    2013-12-13 13:20 - 2013-12-13 13:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
    2009-03-12 21:18 - 2009-03-12 21:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe
    2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 ____N () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
    2014-06-17 18:10 - 2014-06-17 18:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2014-06-17 18:10 - 2014-06-17 18:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    2012-11-03 04:19 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2014-10-20 11:50 - 2014-10-20 11:50 - 00098816 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32api.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00110080 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\pywintypes27.dll
    2014-10-20 11:50 - 2014-10-20 11:50 - 00364544 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\pythoncom27.dll
    2014-10-20 11:50 - 2014-10-20 11:50 - 00045568 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\_socket.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 01160704 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\_ssl.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00320512 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32com.shell.shell.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00713216 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\_hashlib.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 01175040 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\wx._core_.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00805888 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\wx._gdi_.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00811008 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\wx._windows_.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 01062400 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\wx._controls_.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00735232 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\wx._misc_.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00128512 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\_elementtree.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00127488 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\pyexpat.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00557056 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\pysqlite2._sqlite.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00007168 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\hashobjs_ext.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00087552 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\_ctypes.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00119808 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32file.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00108544 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32security.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00018432 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32event.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00038912 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32inet.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00070656 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\wx._html2.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00167936 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32gui.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00011264 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32crypt.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00027136 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\_multiprocessing.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00686080 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\unicodedata.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00122368 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\wx._wizard.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00010240 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\select.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00024064 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32pipe.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00025600 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32pdh.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00525640 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\windows._lib_cacheinvalidation.pyd
    2014-10-20 11:49 - 2014-10-20 11:50 - 00035840 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32process.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00017408 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32profile.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00022528 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\win32ts.pyd
    2014-10-20 11:50 - 2014-10-20 11:50 - 00078336 _____ () C:\Users\Esti\AppData\Local\Temp\_MEI54442\wx._animate.pyd
    2014-09-16 14:17 - 2014-09-16 14:17 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8dd48af515d8e2453ca6d118ad35baeb\PSIClient.ni.dll
    2012-11-03 04:10 - 2012-06-25 01:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2013-09-17 15:44 - 2014-09-29 14:13 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Esti\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
    HKLM\...\StartupApproved\Run: => "IntelTBRunOnce"
    HKLM\...\StartupApproved\Run32: => "Everything"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-995853647-2325593953-3422697938-500 - Administrator - Disabled)
    Esti (S-1-5-21-995853647-2325593953-3422697938-1001 - Administrator - Enabled) => C:\Users\Esti
    Guest (S-1-5-21-995853647-2325593953-3422697938-501 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (10/20/2014 00:29:50 PM) (Source: DCOM) (EventID: 10010) (User: ESTI-GI-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (10/20/2014 00:29:20 PM) (Source: DCOM) (EventID: 10010) (User: ESTI-GI-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
      Date: 2014-10-20 12:05:00.559
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-20 12:05:00.438
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-20 12:05:00.256
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-07 13:10:49.759
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-07 13:10:49.672
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-07 13:10:49.538
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-07 13:10:49.439
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-07 13:10:49.271
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-07 13:10:49.167
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-10-07 13:10:49.045
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
    Percentage of memory in use: 68%
    Total physical RAM: 3961.09 MB
    Available physical RAM: 1233.29 MB
    Total Pagefile: 9081.09 MB
    Available Pagefile: 5750.92 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:457.05 GB) (Free:328.85 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: B6EF8603)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================



    #11 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:10:23 PM

    Posted 20 October 2014 - 12:34 PM

    Run this quick fix and post the fixlog, also let me know how your system is behaving now

     

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN16476892042967303&ctid=CT3289847&SearchSource=48", "hxxp://www.aish.com/", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0ByE0Dzz0B0DtCtAtBtN0D0Tzu0SyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=82366203&ir=", "hxxp://www.google.com"
    S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
    R3 cpuz137; \??\C:\WINDOWS\TEMP\cpuz137\cpuz137_x64.sys [X]
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 etech0

    etech0
    • Topic Starter

    • Members
    • 56 posts
    • OFFLINE
    •  
    • Local time:09:23 PM

    Posted 20 October 2014 - 12:46 PM

    Thanks! Here's the fixlog:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014
    Ran by Esti at 2014-10-20 13:38:52 Run:1
    Running from C:\Users\Esti\Desktop
    Loaded Profile: Esti (Available profiles: Esti & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN16476892042967303&ctid=CT3289847&SearchSource=48", "hxxp://www.aish.com/", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0ByE0Dzz0B0DtCtAtBtN0D0Tzu0SyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=82366203&ir=", "hxxp://www.google.com"
    S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
    R3 cpuz137; \??\C:\WINDOWS\TEMP\cpuz137\cpuz137_x64.sys [X]
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    Chrome StartupUrls deleted successfully.
    cpuz136 => Service deleted successfully.
    cpuz137 => Unable to stop service
    cpuz137 => Service deleted successfully.
    EmptyTemp: => Removed 701.5 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====



    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:10:23 PM

    Posted 20 October 2014 - 01:03 PM

    Run this quick fix and post the fixlog, also let me know how your system is behaving now


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 etech0

    etech0
    • Topic Starter

    • Members
    • 56 posts
    • OFFLINE
    •  
    • Local time:09:23 PM

    Posted 20 October 2014 - 01:10 PM

    Will do. For now it seems to be going okay, but I'd like to use the computer for a bit before giving a report.



    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:10:23 PM

    Posted 20 October 2014 - 01:18 PM

    OK, I will leave this thread open for you for a few days, post back and give me an update


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users