Jump to content

Search Safer removal


Recommended Posts

Hi. First time here. Great site.

 

I've managed to get the SearchSafer.exe popping up everytime I start up. I'm using Windows 8 on a Sony Vaio purchased about a year and a half ago. No luck with uninstalling and would really appreciate your help in getting rid of it. Thanks!

 

What I've tried so far:

AVG  free version: it didn't appear to be working; not sure what's wrong there

Windows Defender: didn't find anything

Mawarebytes quick scan. It didn't find any problems.

FRST tool. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Renee (administrator) on MOREFUNNER on 21-05-2014 14:16:55
Running from C:\Users\Renee\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\pcreg\pcreg.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Users\Renee\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Renee\AppData\Roaming\VERIZON\UA_ar\UA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intuit Inc. All rights reserved.) C:\Users\Renee\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-22] (Realtek Semiconductor)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-13] ()
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2807608 2013-09-06] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2561560 2014-05-10] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\Run: [skyDrive] => C:\Users\Renee\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-14] (Microsoft Corporation)
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-21] ()
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\MountPoints2: {925fab48-dd9b-11e2-be7d-083e8ed75186} - "E:\VZW_Software_upgrade_assistant_installer.exe"
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\MountPoints2: {925fab63-dd9b-11e2-be7d-083e8ed75186} - "E:\VZW_Software_upgrade_assistant_installer.exe"
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\MountPoints2: {925fab9b-dd9b-11e2-be7d-083e8ed75186} - "E:\VZW_Software_upgrade_assistant.exe"
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Renee\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [490000 2014-05-18] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [664592 2014-05-18] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=12692&tm=351&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=12692&tm=351&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {87413845-0296-4B35-B5F2-46F7BDE6BF21} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={44E49ABF-F1B2-4337-94D5-EFBED7B4F58A}&mid=bdb5c14cd17f47d39dc7d977c833b875-f84595b382a198e00651d42f22fa4a6dfe65783f〈=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-11-04 19:11:22&v=17.1.3.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=a&ver=12692&tm=351&src=ds&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\wt71xa9k.default
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.default-search.net?sid=476&aid=100&itype=a&ver=12692&tm=351&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=100&itype=a&ver=12692&tm=351&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Renee\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Renee\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Hola Better Internet - C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\wt71xa9k.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-05-20]
FF Extension: Settings Manager - C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\wt71xa9k.default\Extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE} [2014-05-18]
FF Extension: Evernote Web Clipper - C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\wt71xa9k.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-19]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.512
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.512 [2014-05-10]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-13] (Qualcomm Atheros Commnucations)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-05-29] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-24] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-08-18] (Sony Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-05-29] (Intel Corporation)
R2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [3543056 2014-05-18] (Aztec Media Inc)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-05-29] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation)
R2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-10] (AVG Secure Search)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-13] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-08-22] (Advanced Micro Devices, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-10] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-13] (Qualcomm Atheros)
R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-08-13] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc)
R3 rimssne; C:\Windows\System32\drivers\rimssne64.sys [103424 2012-08-22] (REDC)
R3 risdsnxc; C:\Windows\System32\drivers\risdsnxc64.sys [104960 2012-08-22] (REDC)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-02-22] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-23] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-21 14:16 - 2014-05-21 14:17 - 00026059 _____ () C:\Users\Renee\Desktop\FRST.txt
2014-05-21 14:16 - 2014-05-21 14:16 - 00000000 ____D () C:\FRST
2014-05-21 14:12 - 2014-05-21 14:12 - 02067456 _____ (Farbar) C:\Users\Renee\Desktop\FRST64.exe
2014-05-21 11:40 - 2014-05-21 11:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Renee\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-21 10:30 - 2014-05-21 10:33 - 00000000 ____D () C:\Users\Renee\Desktop\Mayville
2014-05-20 21:45 - 2014-01-19 03:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-18 16:25 - 2014-05-18 16:25 - 00000000 ____D () C:\Users\Renee\Documents\PC Speed Maximizer
2014-05-18 16:21 - 2014-04-02 11:18 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-05-18 16:20 - 2014-05-21 14:11 - 00000000 ____D () C:\ProgramData\systemk
2014-05-18 16:20 - 2014-05-20 10:01 - 00000000 ____D () C:\Program Files\pcreg
2014-05-18 16:20 - 2014-05-18 16:20 - 00003694 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-18 16:19 - 2014-05-21 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-18 16:19 - 2014-05-21 13:06 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Users\Renee\Documents\SelfMV
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Users\Renee\Documents\samsung
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Samsung
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Program Files (x86)\Linkey
2014-05-18 16:18 - 2014-05-18 16:21 - 00000000 ____D () C:\Users\Renee\AppData\Local\Downloaded Installations
2014-05-18 16:17 - 2014-05-18 16:17 - 00386888 _____ (Softonic ) C:\Users\Renee\Downloads\SoftonicDownloader_for_samsung-kies.exe
2014-05-10 19:42 - 2014-05-10 19:42 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-09 20:29 - 2014-05-09 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 12:57 - 2014-05-07 12:57 - 00000000 ____D () C:\Users\Renee\AppData\Local\Avg2014
2014-04-29 09:57 - 2014-04-29 09:57 - 00000000 ____D () C:\ProgramData\Norton
2014-04-28 20:13 - 2014-04-28 20:13 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-04-25 12:14 - 2014-04-25 12:14 - 00002507 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-04-25 12:14 - 2014-04-25 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-04-25 10:19 - 2014-04-25 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-21 21:14 - 2014-05-21 13:50 - 00000396 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-04-21 21:14 - 2014-05-21 13:50 - 00000396 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-04-21 21:14 - 2014-04-21 21:14 - 00002670 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv
2014-04-21 21:14 - 2014-04-21 21:14 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel
2014-04-21 21:14 - 2014-04-21 21:14 - 00000000 ____D () C:\Program Files (x86)\Avg Secure Update

==================== One Month Modified Files and Folders =======

2014-05-21 14:17 - 2014-05-21 14:16 - 00026059 _____ () C:\Users\Renee\Desktop\FRST.txt
2014-05-21 14:16 - 2014-05-21 14:16 - 00000000 ____D () C:\FRST
2014-05-21 14:13 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-21 14:12 - 2014-05-21 14:12 - 02067456 _____ (Farbar) C:\Users\Renee\Desktop\FRST64.exe
2014-05-21 14:11 - 2014-05-18 16:20 - 00000000 ____D () C:\ProgramData\systemk
2014-05-21 14:02 - 2013-06-02 16:26 - 00004982 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOREFUNNER-Renee MoreFunner
2014-05-21 13:55 - 2013-05-30 14:33 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3889557589-1445315533-4073486364-1001
2014-05-21 13:53 - 2012-11-19 15:31 - 01598474 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 13:52 - 2013-06-02 15:42 - 00000000 ___RD () C:\Users\Renee\SkyDrive
2014-05-21 13:50 - 2014-04-21 21:14 - 00000396 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-05-21 13:50 - 2014-04-21 21:14 - 00000396 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-05-21 13:50 - 2013-08-07 08:24 - 00000204 _____ () C:\Windows\system32\sstates.sdt
2014-05-21 13:50 - 2013-08-07 08:24 - 00000040 _____ () C:\Windows\system32\sstate_prev.sdt
2014-05-21 13:09 - 2013-07-31 19:54 - 00013938 _____ () C:\Windows\PFRO.log
2014-05-21 13:09 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-21 13:06 - 2014-05-18 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-21 13:06 - 2014-05-18 16:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-21 12:16 - 2012-07-26 01:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-05-21 12:13 - 2013-05-30 14:24 - 00000000 ____D () C:\Users\Renee
2014-05-21 12:08 - 2013-07-24 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 12:03 - 2013-06-18 10:15 - 00000000 ____D () C:\Users\Renee\AppData\Local\CrashDumps
2014-05-21 11:40 - 2014-05-21 11:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Renee\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-21 11:28 - 2014-03-27 10:03 - 00000584 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3889557589-1445315533-4073486364-1001.job
2014-05-21 10:33 - 2014-05-21 10:30 - 00000000 ____D () C:\Users\Renee\Desktop\Mayville
2014-05-21 08:05 - 2013-06-27 16:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-20 21:46 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-20 10:01 - 2014-05-18 16:20 - 00000000 ____D () C:\Program Files\pcreg
2014-05-19 10:46 - 2013-10-10 18:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 10:28 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-18 16:25 - 2014-05-18 16:25 - 00000000 ____D () C:\Users\Renee\Documents\PC Speed Maximizer
2014-05-18 16:24 - 2013-06-28 13:19 - 00010328 _____ () C:\Windows\setupact.log
2014-05-18 16:21 - 2014-05-18 16:18 - 00000000 ____D () C:\Users\Renee\AppData\Local\Downloaded Installations
2014-05-18 16:20 - 2014-05-18 16:20 - 00003694 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Users\Renee\Documents\SelfMV
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Users\Renee\Documents\samsung
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Samsung
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-05-18 16:19 - 2014-05-18 16:19 - 00000000 ____D () C:\Program Files (x86)\Linkey
2014-05-18 16:19 - 2012-11-19 15:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-18 16:17 - 2014-05-18 16:17 - 00386888 _____ (Softonic ) C:\Users\Renee\Downloads\SoftonicDownloader_for_samsung-kies.exe
2014-05-16 06:36 - 2013-07-24 09:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 19:49 - 2014-02-20 14:50 - 00002281 _____ () C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-05-13 20:27 - 2013-07-24 11:29 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 17:51 - 2013-05-30 14:25 - 00000000 ____D () C:\Users\Renee\AppData\Local\Packages
2014-05-10 19:42 - 2014-05-10 19:42 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-10 19:42 - 2013-11-04 20:11 - 00003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-10 19:42 - 2013-06-27 16:20 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-05-10 19:42 - 2013-06-27 16:20 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-09 20:29 - 2014-05-09 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 23:27 - 2013-06-27 16:17 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-07 12:57 - 2014-05-07 12:57 - 00000000 ____D () C:\Users\Renee\AppData\Local\Avg2014
2014-05-02 20:08 - 2013-06-07 06:41 - 00000000 ____D () C:\Users\Renee\Documents\Bluetooth Folder
2014-05-02 20:08 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-30 14:01 - 2013-12-12 10:40 - 00000000 __SHD () C:\Users\Renee\Documents\cache
2014-04-29 09:57 - 2014-04-29 09:57 - 00000000 ____D () C:\ProgramData\Norton
2014-04-28 20:14 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-04-28 20:13 - 2014-04-28 20:13 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-04-25 12:14 - 2014-04-25 12:14 - 00002507 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-04-25 12:14 - 2014-04-25 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-04-25 10:19 - 2014-04-25 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-21 21:14 - 2014-04-21 21:14 - 00002670 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv
2014-04-21 21:14 - 2014-04-21 21:14 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel
2014-04-21 21:14 - 2014-04-21 21:14 - 00000000 ____D () C:\Program Files (x86)\Avg Secure Update

Some content of TEMP:
====================
C:\Users\Renee\AppData\Local\Temp\dlLogic.exe
C:\Users\Renee\AppData\Local\Temp\dltr.exe
C:\Users\Renee\AppData\Local\Temp\Execute2App.exe
C:\Users\Renee\AppData\Local\Temp\file_to_run5548.exe
C:\Users\Renee\AppData\Local\Temp\GCVerifier.dll
C:\Users\Renee\AppData\Local\Temp\GLF2338.EXE
C:\Users\Renee\AppData\Local\Temp\GLF2740.EXE
C:\Users\Renee\AppData\Local\Temp\GLF2749.EXE
C:\Users\Renee\AppData\Local\Temp\GLF2892.EXE
C:\Users\Renee\AppData\Local\Temp\GLF4628.EXE
C:\Users\Renee\AppData\Local\Temp\GLF4A11.EXE
C:\Users\Renee\AppData\Local\Temp\GLF67EA.EXE
C:\Users\Renee\AppData\Local\Temp\GLF6FEA.EXE
C:\Users\Renee\AppData\Local\Temp\GLF7038.EXE
C:\Users\Renee\AppData\Local\Temp\GLF7153.EXE
C:\Users\Renee\AppData\Local\Temp\GLF9AE2.EXE
C:\Users\Renee\AppData\Local\Temp\GLF9BED.EXE
C:\Users\Renee\AppData\Local\Temp\GLFA5AC.EXE
C:\Users\Renee\AppData\Local\Temp\GLFB211.EXE
C:\Users\Renee\AppData\Local\Temp\GLFB437.EXE
C:\Users\Renee\AppData\Local\Temp\GLFB541.EXE
C:\Users\Renee\AppData\Local\Temp\GLFDF82.EXE
C:\Users\Renee\AppData\Local\Temp\GLFE455.EXE
C:\Users\Renee\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Renee\AppData\Local\Temp\msvcp90.dll
C:\Users\Renee\AppData\Local\Temp\msvcr90.dll
C:\Users\Renee\AppData\Local\Temp\nsg722C.exe
C:\Users\Renee\AppData\Local\Temp\nsk9559.exe
C:\Users\Renee\AppData\Local\Temp\nsr6AA3.exe
C:\Users\Renee\AppData\Local\Temp\nsr73A4.exe
C:\Users\Renee\AppData\Local\Temp\nsu93C2.exe
C:\Users\Renee\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Renee\AppData\Local\Temp\oi_{A10EBE45-9568-44AA-A303-BAF8AF275085}.exe
C:\Users\Renee\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Renee\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_8f3ca50c-cc7c-4f36-878a-23e074f0433a_TX_PR_(1).exe
C:\Users\Renee\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_8f3ca50c-cc7c-4f36-878a-23e074f0433a_TX_PR_(2).exe
C:\Users\Renee\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Renee\AppData\Local\Temp\speed.exe
C:\Users\Renee\AppData\Local\Temp\temp_3813306787.exe
C:\Users\Renee\AppData\Local\Temp\tmp_160173.exe
C:\Users\Renee\AppData\Local\Temp\verifier.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-17 23:24

==================== End Of Log ============================

 

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Renee at 2014-05-21 14:17:21
Running from C:\Users\Renee\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG update module (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{ECCD7F0B-2256-9B71-5B9D-3E78A4E6DF00}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage Studio (HKLM-x32\...\{5A9FE63F-F201-4D55-9F5F-06DDB239AC4F}) (Version: 3.5.5 - Ambient Design)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3469 - AVG Technologies)
AVG 2013 (Version: 13.0.3469 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.5.512 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1923 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5601.52 - CyberLink Corp.) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Easy Phone Tunes (HKLM-x32\...\{03ED925F-9E5E-4532-998D-7F8840FE5A74}) (Version: 137 - Easy Phone Tunes)
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
Java 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
QuickBooks (x32 Version: 23.0.4008.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4005.2305 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6705 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SCS Shortcut (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.12349 - Aztec Media Inc) <==== ATTENTION
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.0.0.08170 - Sony Corporation)
VAIO Care (HKLM\...\{64AEB277-30E8-4C5B-A9D5-66CD8995AF75}) (Version: 8.3.0.08220 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.1.02270 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Movie Creator Template Data (HKLM-x32\...\InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}) (Version: 4.0.00.08170 - Sony Corporation)
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Glulxe (HKLM-x32\...\WinGlulxe) (Version:  - )
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

==================== Restore Points  =========================

04-05-2014 17:41:53 Scheduled Checkpoint
08-05-2014 03:26:13 Installed AVG 2014
18-05-2014 20:18:50 Installed Samsung Kies3
21-05-2014 13:44:19 Windows Modules Installer

==================== Hosts content: ==========================

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AF529AC-CA1C-4020-A270-C83E2CE40BCC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {0B248C8E-D686-4BB2-903C-11FB04BE4D2B} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {11718B4C-FE8F-46FD-8631-E5D3195515E0} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {1A7650BB-A2C8-450F-91C4-64A047C877BA} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D2ED4FB-DDF3-4AE4-B6CD-3E620FACD570} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-08-30] (Sony Corporation)
Task: {223CEEC5-C197-42E1-A690-0A8F167AC95D} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {274C8E68-AA01-4BF0-B0F2-F01B6AE71726} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {34464836-618D-48EA-BC69-B16A182DBA0C} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {3D04D310-5802-42CB-8CA4-A64D4390EB76} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {3E03172C-89F9-4F7C-87C8-C295ECBDA050} - System32\Tasks\G2MUpdateTask-S-1-5-21-3889557589-1445315533-4073486364-1001 => C:\Users\Renee\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-27] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4AEE304A-2246-4043-8455-23E240B841F9} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {4B8343EA-0DDA-4644-8E4B-F34BDD86F479} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-21] ()
Task: {4C02F03D-BB2D-4BB7-88A1-3AEC96261DDF} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-25] () <==== ATTENTION
Task: {4EF16D2A-6F17-46B2-8DDC-FA3A0DE5DE48} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {4F6473A2-0BB8-4DE1-AA95-35D9B33888B7} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {661FFE11-6D43-44FE-A06F-AD48FDD90D75} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {6A5B7B0C-0695-40CA-8F5C-AEA7DBFD4F8F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-23] (Synaptics Incorporated)
Task: {6C338E03-27C4-4159-A19C-159BE4BAC7AB} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2013-02-21] (Sony Corporation)
Task: {7577033D-3D56-443B-BDDC-0A092B9A72A0} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {7718EB8E-2D39-4F7A-8752-67532CACFF36} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {81EC6775-08A9-4A3C-A0D2-A0E5D257D335} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {8BD0A1D7-245D-42A4-92E6-DADCB75F3E32} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MOREFUNNER-Renee MoreFunner => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-04-13] (Microsoft Corporation)
Task: {917AC518-F6D5-433E-95C4-16E7F77C12A2} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {99A7A4EF-4C4A-405F-8D0F-8C68336A8E04} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {9CEB40D2-1791-4230-9F51-AA96F8FB4EAC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {ABEEC2D2-DE3A-46B8-ABAE-E011C1C1B7E0} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {AE60E771-6957-4945-BF03-25D37EFC655D} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {B58A6535-584C-4945-8DC8-BF3453584BAB} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {BBDDC2C5-9AED-4A56-9284-22BDD508DDCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {BDDA17E5-19BD-4FC2-9ABF-40FF03D432B4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-13] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C89BB0AF-004A-4539-8498-4B845D9B1AB2} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {D603D09D-9F1D-40BA-853F-79B21AF791C8} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {DF1C9427-6D6A-41C8-9CFB-E9AEA0B6BE72} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {E080EB41-60A0-4BDD-98DD-1FA037218F78} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {EBCC8A37-2BC4-42EC-B2BC-EE5B5BD3A175} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F56E2C3D-A11E-4169-A31B-49A973ACC14C} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3889557589-1445315533-4073486364-1001.job => C:\Users\Renee\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-18 16:20 - 2014-05-18 05:50 - 00664592 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2014-04-17 08:26 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-02 15:19 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-25 04:13 - 2014-04-25 04:13 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe
2014-05-10 19:42 - 2014-05-10 19:42 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
2014-04-21 21:14 - 2014-04-21 21:14 - 02725912 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2014-01-15 10:26 - 2014-04-13 14:40 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-26 12:44 - 2013-03-26 12:44 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2012-08-23 12:25 - 2012-08-22 09:05 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-27 16:20 - 2014-05-10 19:42 - 02561560 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2012-08-13 21:25 - 2012-08-13 21:25 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-06 15:54 - 2012-08-06 15:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-18 16:19 - 2014-05-18 05:50 - 00490000 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-05-18 16:19 - 2014-05-18 05:50 - 00020496 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
2014-05-10 19:42 - 2014-05-10 19:42 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\log4cplusU.dll
2012-11-19 15:28 - 2012-07-24 22:52 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2013-06-19 12:45 - 2013-06-19 12:45 - 00128328 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2013-06-19 15:45 - 2013-06-19 15:45 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2012-12-22 23:53 - 2012-12-22 23:53 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00559944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2014-04-14 14:17 - 2014-04-14 14:17 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-04-14 14:17 - 2014-04-14 14:17 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-11-19 16:16 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-13 14:40 - 2014-04-13 14:40 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-05-09 20:29 - 2014-05-09 20:29 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2014 02:17:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:17:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).

Error: (05/21/2014 02:16:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:16:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).

Error: (05/21/2014 02:15:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:15:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).

Error: (05/21/2014 02:14:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:14:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).

Error: (05/21/2014 02:13:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:13:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).


System errors:
=============
Error: (05/21/2014 02:09:15 PM) (Source: DCOM) (EventID: 10010) (User: MOREFUNNER)
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (05/21/2014 01:09:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213657

Error: (05/21/2014 01:09:17 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (05/21/2014 01:08:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {78FD0120-D39C-45D8-A9BE-2B802B3C23E5}

Error: (05/21/2014 01:08:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {78FD0120-D39C-45D8-A9BE-2B802B3C23E5}

Error: (05/21/2014 01:02:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Energy Server Service service hung on starting.

Error: (05/21/2014 00:57:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213657

Error: (05/21/2014 00:57:01 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (05/21/2014 00:56:32 PM) (Source: DCOM) (EventID: 10005) (User: MOREFUNNER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/21/2014 00:54:48 PM) (Source: DCOM) (EventID: 10005) (User: MOREFUNNER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (05/21/2014 02:17:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:17:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318

Error: (05/21/2014 02:16:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:16:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318

Error: (05/21/2014 02:15:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:15:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318

Error: (05/21/2014 02:14:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:14:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318

Error: (05/21/2014 02:13:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:13:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8064.39 MB
Available physical RAM: 5912.42 MB
Total Pagefile: 9280.39 MB
Available Pagefile: 6552.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:892.84 GB) (Free:817.31 GB) NTFS
Drive d: (May 15 2014) (CDROM) (Total:0.5 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 689160CE)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Can you post the second log created by FRST, "addition.txt" will be saved in this folder: C:\FRST\Logs

 

Kevin..

Link to post
Share on other sites

Thank you for the reply. Is this is?

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Renee at 2014-05-21 14:17:21
Running from C:\Users\Renee\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG update module (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{ECCD7F0B-2256-9B71-5B9D-3E78A4E6DF00}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage Studio (HKLM-x32\...\{5A9FE63F-F201-4D55-9F5F-06DDB239AC4F}) (Version: 3.5.5 - Ambient Design)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3469 - AVG Technologies)
AVG 2013 (Version: 13.0.3469 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.5.512 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1923 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5601.52 - CyberLink Corp.) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Easy Phone Tunes (HKLM-x32\...\{03ED925F-9E5E-4532-998D-7F8840FE5A74}) (Version: 137 - Easy Phone Tunes)
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
Java 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
QuickBooks (x32 Version: 23.0.4008.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4005.2305 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6705 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SCS Shortcut (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.12349 - Aztec Media Inc) <==== ATTENTION
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.0.0.08170 - Sony Corporation)
VAIO Care (HKLM\...\{64AEB277-30E8-4C5B-A9D5-66CD8995AF75}) (Version: 8.3.0.08220 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.1.02270 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Movie Creator Template Data (HKLM-x32\...\InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}) (Version: 4.0.00.08170 - Sony Corporation)
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Glulxe (HKLM-x32\...\WinGlulxe) (Version:  - )
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

==================== Restore Points  =========================

04-05-2014 17:41:53 Scheduled Checkpoint
08-05-2014 03:26:13 Installed AVG 2014
18-05-2014 20:18:50 Installed Samsung Kies3
21-05-2014 13:44:19 Windows Modules Installer

==================== Hosts content: ==========================

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AF529AC-CA1C-4020-A270-C83E2CE40BCC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {0B248C8E-D686-4BB2-903C-11FB04BE4D2B} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {11718B4C-FE8F-46FD-8631-E5D3195515E0} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {1A7650BB-A2C8-450F-91C4-64A047C877BA} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D2ED4FB-DDF3-4AE4-B6CD-3E620FACD570} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-08-30] (Sony Corporation)
Task: {223CEEC5-C197-42E1-A690-0A8F167AC95D} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {274C8E68-AA01-4BF0-B0F2-F01B6AE71726} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {34464836-618D-48EA-BC69-B16A182DBA0C} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {3D04D310-5802-42CB-8CA4-A64D4390EB76} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {3E03172C-89F9-4F7C-87C8-C295ECBDA050} - System32\Tasks\G2MUpdateTask-S-1-5-21-3889557589-1445315533-4073486364-1001 => C:\Users\Renee\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-27] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4AEE304A-2246-4043-8455-23E240B841F9} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {4B8343EA-0DDA-4644-8E4B-F34BDD86F479} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-21] ()
Task: {4C02F03D-BB2D-4BB7-88A1-3AEC96261DDF} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-25] () <==== ATTENTION
Task: {4EF16D2A-6F17-46B2-8DDC-FA3A0DE5DE48} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {4F6473A2-0BB8-4DE1-AA95-35D9B33888B7} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {661FFE11-6D43-44FE-A06F-AD48FDD90D75} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {6A5B7B0C-0695-40CA-8F5C-AEA7DBFD4F8F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-23] (Synaptics Incorporated)
Task: {6C338E03-27C4-4159-A19C-159BE4BAC7AB} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2013-02-21] (Sony Corporation)
Task: {7577033D-3D56-443B-BDDC-0A092B9A72A0} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {7718EB8E-2D39-4F7A-8752-67532CACFF36} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {81EC6775-08A9-4A3C-A0D2-A0E5D257D335} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {8BD0A1D7-245D-42A4-92E6-DADCB75F3E32} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MOREFUNNER-Renee MoreFunner => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-04-13] (Microsoft Corporation)
Task: {917AC518-F6D5-433E-95C4-16E7F77C12A2} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {99A7A4EF-4C4A-405F-8D0F-8C68336A8E04} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {9CEB40D2-1791-4230-9F51-AA96F8FB4EAC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {ABEEC2D2-DE3A-46B8-ABAE-E011C1C1B7E0} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {AE60E771-6957-4945-BF03-25D37EFC655D} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {B58A6535-584C-4945-8DC8-BF3453584BAB} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {BBDDC2C5-9AED-4A56-9284-22BDD508DDCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {BDDA17E5-19BD-4FC2-9ABF-40FF03D432B4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-13] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C89BB0AF-004A-4539-8498-4B845D9B1AB2} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {D603D09D-9F1D-40BA-853F-79B21AF791C8} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-08-21] (Sony Corporation)
Task: {DF1C9427-6D6A-41C8-9CFB-E9AEA0B6BE72} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {E080EB41-60A0-4BDD-98DD-1FA037218F78} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {EBCC8A37-2BC4-42EC-B2BC-EE5B5BD3A175} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F56E2C3D-A11E-4169-A31B-49A973ACC14C} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3889557589-1445315533-4073486364-1001.job => C:\Users\Renee\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-18 16:20 - 2014-05-18 05:50 - 00664592 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2014-04-17 08:26 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-02 15:19 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-25 04:13 - 2014-04-25 04:13 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe
2014-05-10 19:42 - 2014-05-10 19:42 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
2014-04-21 21:14 - 2014-04-21 21:14 - 02725912 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2014-01-15 10:26 - 2014-04-13 14:40 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-26 12:44 - 2013-03-26 12:44 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2012-08-23 12:25 - 2012-08-22 09:05 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-27 16:20 - 2014-05-10 19:42 - 02561560 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2012-08-13 21:25 - 2012-08-13 21:25 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-06 15:54 - 2012-08-06 15:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-18 16:19 - 2014-05-18 05:50 - 00490000 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-05-18 16:19 - 2014-05-18 05:50 - 00020496 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
2014-05-10 19:42 - 2014-05-10 19:42 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\log4cplusU.dll
2012-11-19 15:28 - 2012-07-24 22:52 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2013-06-19 12:45 - 2013-06-19 12:45 - 00128328 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2013-06-19 15:45 - 2013-06-19 15:45 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2012-12-22 23:53 - 2012-12-22 23:53 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00559944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2013-06-19 15:44 - 2013-06-19 15:44 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2014-04-14 14:17 - 2014-04-14 14:17 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-04-14 14:17 - 2014-04-14 14:17 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-11-19 16:16 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-13 14:40 - 2014-04-13 14:40 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-05-09 20:29 - 2014-05-09 20:29 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2014 02:17:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:17:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).

Error: (05/21/2014 02:16:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:16:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).

Error: (05/21/2014 02:15:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:15:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).

Error: (05/21/2014 02:14:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:14:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).

Error: (05/21/2014 02:13:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1500) SRUJet: Database C:\Windows\system32\SRU\SRUDB.dat: Index UserIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (05/21/2014 02:13:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (1500) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 45) of database C:\Windows\system32\SRU\SRUDB.dat (1808 => 2225, svchost0).


System errors:
=============
Error: (05/21/2014 02:09:15 PM) (Source: DCOM) (EventID: 10010) (User: MOREFUNNER)
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (05/21/2014 01:09:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213657

Error: (05/21/2014 01:09:17 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (05/21/2014 01:08:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {78FD0120-D39C-45D8-A9BE-2B802B3C23E5}

Error: (05/21/2014 01:08:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {78FD0120-D39C-45D8-A9BE-2B802B3C23E5}

Error: (05/21/2014 01:02:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Energy Server Service service hung on starting.

Error: (05/21/2014 00:57:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213657

Error: (05/21/2014 00:57:01 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (05/21/2014 00:56:32 PM) (Source: DCOM) (EventID: 10005) (User: MOREFUNNER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/21/2014 00:54:48 PM) (Source: DCOM) (EventID: 10005) (User: MOREFUNNER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (05/21/2014 02:17:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:17:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318

Error: (05/21/2014 02:16:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:16:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318

Error: (05/21/2014 02:15:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:15:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318

Error: (05/21/2014 02:14:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:14:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318

Error: (05/21/2014 02:13:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1500SRUJet: UserIdTimeStamp{973F5D5C-1D90-4944-BE8E-24B94231A174}C:\Windows\system32\SRU\SRUDB.dat0

Error: (05/21/2014 02:13:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost1500SRUJet: -3271045C:\Windows\system32\SRU\SRUDB.dat180822254318


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8064.39 MB
Available physical RAM: 5912.42 MB
Total Pagefile: 9280.39 MB
Available Pagefile: 6552.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:892.84 GB) (Free:817.31 GB) NTFS
Drive d: (May 15 2014) (CDROM) (Total:0.5 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 689160CE)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Thanks for those logs, we continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Let me see those two logs, also give an update on any remaining issues or concerns....

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Okay, following your instructions above:

 

Downloaded the txt file

Started FRST

   Got this message: Error saving file  C:\FRST\HIVES\SYSTEM

Had the option to run anyway, so that is what I did

It wanted to restart, so I restarted

   The fix log is below

 

Downloaded MBAM

Updated MBAM

Ran MBAM scan

   It found 101 items

   Quarantined all using Apply Action button

Restarted

 

Exported MBAM file is attached

 

This seems to have removed the Search Safer box on startup. Yay!

Windows Defender is no longer being turned off. Another yay!

 

The only remaining oddity I see is a window flashing open and then closed on startup

When starting up, once the tile screen comes up, I usually click on the desktop so that I can see when everything has loaded

The window flashes up during the loading, with a green icon flashing in the toolbar

Do you think it is malware related?

 

Thank you so much for your help. What a relief to get that junk removed.

 

Here is the fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by Renee at 2014-05-22 18:07:10 Run:1
Running from C:\Users\Renee\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
C:\Program Files\pcreg
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [89816 2014-04-25] ()
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\MountPoints2: {925fab48-dd9b-11e2-be7d-083e8ed75186} - "E:\VZW_Software_upgrade_assistant_installer.exe"
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\MountPoints2: {925fab63-dd9b-11e2-be7d-083e8ed75186} - "E:\VZW_Software_upgrade_assistant_installer.exe"
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\...\MountPoints2: {925fab9b-dd9b-11e2-be7d-083e8ed75186} - "E:\VZW_Software_upgrade_assistant.exe"
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
R2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [3543056 2014-05-18] (Aztec Media Inc)
C:\Program Files (x86)\Settings Manager
C:\Windows\System32\Tasks\pcreg
C:\Users\Renee\AppData\Local\Temp\dlLogic.exe
C:\Users\Renee\AppData\Local\Temp\dltr.exe
C:\Users\Renee\AppData\Local\Temp\Execute2App.exe
C:\Users\Renee\AppData\Local\Temp\file_to_run5548.exe
C:\Users\Renee\AppData\Local\Temp\GCVerifier.dll
C:\Users\Renee\AppData\Local\Temp\GLF2338.EXE
C:\Users\Renee\AppData\Local\Temp\GLF2740.EXE
C:\Users\Renee\AppData\Local\Temp\GLF2749.EXE
C:\Users\Renee\AppData\Local\Temp\GLF2892.EXE
C:\Users\Renee\AppData\Local\Temp\GLF4628.EXE
C:\Users\Renee\AppData\Local\Temp\GLF4A11.EXE
C:\Users\Renee\AppData\Local\Temp\GLF67EA.EXE
C:\Users\Renee\AppData\Local\Temp\GLF6FEA.EXE
C:\Users\Renee\AppData\Local\Temp\GLF7038.EXE
C:\Users\Renee\AppData\Local\Temp\GLF7153.EXE
C:\Users\Renee\AppData\Local\Temp\GLF9AE2.EXE
C:\Users\Renee\AppData\Local\Temp\GLF9BED.EXE
C:\Users\Renee\AppData\Local\Temp\GLFA5AC.EXE
C:\Users\Renee\AppData\Local\Temp\GLFB211.EXE
C:\Users\Renee\AppData\Local\Temp\GLFB437.EXE
C:\Users\Renee\AppData\Local\Temp\GLFB541.EXE
C:\Users\Renee\AppData\Local\Temp\GLFDF82.EXE
C:\Users\Renee\AppData\Local\Temp\GLFE455.EXE
C:\Users\Renee\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Renee\AppData\Local\Temp\msvcp90.dll
C:\Users\Renee\AppData\Local\Temp\msvcr90.dll
C:\Users\Renee\AppData\Local\Temp\nsg722C.exe
C:\Users\Renee\AppData\Local\Temp\nsk9559.exe
C:\Users\Renee\AppData\Local\Temp\nsr6AA3.exe
C:\Users\Renee\AppData\Local\Temp\nsr73A4.exe
C:\Users\Renee\AppData\Local\Temp\nsu93C2.exe
C:\Users\Renee\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Renee\AppData\Local\Temp\oi_{A10EBE45-9568-44AA-A303-BAF8AF275085}.exe
C:\Users\Renee\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Renee\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_8f3ca50c-cc7c-4f36-878a-23e074f0433a_TX_PR_(1).exe
C:\Users\Renee\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_8f3ca50c-cc7c-4f36-878a-23e074f0433a_TX_PR_(2).exe
C:\Users\Renee\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Renee\AppData\Local\Temp\speed.exe
C:\Users\Renee\AppData\Local\Temp\temp_3813306787.exe
C:\Users\Renee\AppData\Local\Temp\tmp_160173.exe
C:\Users\Renee\AppData\Local\Temp\verifier.exe
Task: {4C02F03D-BB2D-4BB7-88A1-3AEC96261DDF} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-04-25] () <==== ATTENTION
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
C:\Program Files\pcreg => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{925fab48-dd9b-11e2-be7d-083e8ed75186} => Key deleted successfully.
HKCR\CLSID\{925fab48-dd9b-11e2-be7d-083e8ed75186} => Key not found.
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{925fab63-dd9b-11e2-be7d-083e8ed75186} => Key deleted successfully.
HKCR\CLSID\{925fab63-dd9b-11e2-be7d-083e8ed75186} => Key not found.
HKU\S-1-5-21-3889557589-1445315533-4073486364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{925fab9b-dd9b-11e2-be7d-083e8ed75186} => Key deleted successfully.
HKCR\CLSID\{925fab9b-dd9b-11e2-be7d-083e8ed75186} => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully.
pcregservice => Unable to stop service
pcregservice => Service deleted successfully.
SystemkService => Unable to stop service
SystemkService => Error deleting Service

"C:\Program Files (x86)\Settings Manager" directory move:

Could not move "C:\Program Files (x86)\Settings Manager\systemk\del_DM_DLL_nsr77F0.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\del_DM_LL_nsr77EF.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\del_mg_nsr77F0.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\favicon.ico" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\Helper.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\systemk.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\systemkbho.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\systemkChrome.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\systemkmgrc1.cfg" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\systemku.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\Uninstall.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Settings Manager" directory. => Scheduled to move on reboot.

C:\Windows\System32\Tasks\pcreg => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\dlLogic.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\dltr.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\Execute2App.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\file_to_run5548.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GCVerifier.dll => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF2338.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF2740.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF2749.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF2892.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF4628.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF4A11.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF67EA.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF6FEA.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF7038.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF7153.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF9AE2.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLF9BED.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLFA5AC.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLFB211.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLFB437.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLFB541.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLFDF82.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\GLFE455.EXE => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\LiveUpdater.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\msvcp90.dll => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\msvcr90.dll => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\nsg722C.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\nsk9559.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\nsr6AA3.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\nsr73A4.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\nsu93C2.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\oi_{A10EBE45-9568-44AA-A303-BAF8AF275085}.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\SettingsManagerSetup.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_8f3ca50c-cc7c-4f36-878a-23e074f0433a_TX_PR_(1).exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\Setup.X86.en-US_O365HomePremRetail_8f3ca50c-cc7c-4f36-878a-23e074f0433a_TX_PR_(2).exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\Shockwave_Installer_FF.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\speed.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\temp_3813306787.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\tmp_160173.exe => Moved successfully.
C:\Users\Renee\AppData\Local\Temp\verifier.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C02F03D-BB2D-4BB7-88A1-3AEC96261DDF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C02F03D-BB2D-4BB7-88A1-3AEC96261DDF} => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-22 18:09:07)<=

"C:\Program Files (x86)\Settings Manager\systemk\del_DM_DLL_nsr77F0.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\del_DM_LL_nsr77EF.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\del_mg_nsr77F0.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\favicon.ico" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\Helper.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\systemk.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\systemkbho.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\systemkChrome.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\systemkmgrc1.cfg" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\systemku.exe" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\Uninstall.exe" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll" => File could not move.
"C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg" => File could not move.
"C:\Program Files (x86)\Settings Manager" => Directory could not move.

==== End of Fixlog ====Mbam scan log.txt

 

 

Link to post
Share on other sites

Run the following...

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Kevin, thank you for all the help so far. I'm back at this this morning. You've given me a couple of lengthy scans to run this round and I need to do some work today, so wanted to let you know that I may not get all the logs posted for 12-24 hrs.

Best regards,

Renee

Link to post
Share on other sites

Here are the AdwCleaner and Junkware Removal logs. AV scan report to follow later on.

 

AdwCleaner log:

 

# AdwCleaner v3.210 - Report created 23/05/2014 at 07:30:52
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Renee - MOREFUNNER
# Running from : C:\Users\Renee\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Renee\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Renee\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Renee\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Renee\Documents\PC Speed Maximizer
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\wt71xa9k.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "default-search.net");

*************************

AdwCleaner[R0].txt - [8103 octets] - [23/05/2014 07:29:58]
AdwCleaner[s0].txt - [7584 octets] - [23/05/2014 07:30:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7644 octets] ##########

 

 

 

Junkware Removal log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Renee on Fri 05/23/2014 at  7:42:36.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Renee\AppData\Roaming\mozilla\firefox\profiles\wt71xa9k.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/23/2014 at  7:47:28.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Here are the ESET and Checkup logs.

I still see the window flashing on startup. I'm thinking it is either Evernote or Intuit. Otherwise, everything seems good.

Windows Defender and AVG are both staying turned on now and no more Search Safer popup.

 

ESET:

 

C:\FRST\Quarantine\C\Program Files\pcreg\a.exe    Win32/Conduit.SearchProtect.M potentially unwanted application
C:\FRST\Quarantine\C\Program Files\pcreg\pcreg.exe    a variant of Win32/Conduit.SearchProtect.O potentially unwanted application
C:\FRST\Quarantine\C\Program Files\pcreg\service.exe    Win32/Conduit.SearchProtect.O potentially unwanted application
C:\FRST\Quarantine\C\Users\Renee\AppData\Local\Temp\file_to_run5548.exe.xBAD    Win32/Conduit.SearchProtect.M potentially unwanted application
C:\FRST\Quarantine\C\Users\Renee\AppData\Local\Temp\temp_3813306787.exe.xBAD    a variant of Win32/SpeedingUpMyPC application
C:\FRST\Quarantine\C\Users\Renee\AppData\Local\Temp\tmp_160173.exe.xBAD    Win32/Conduit.SearchProtect.O potentially unwanted application
C:\Users\Renee\AppData\Local\Temp\nsc3347.tmp\Helper.dll    a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\Users\Renee\AppData\Local\Temp\nsq5731\SpSetup.exe    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WhiteUS139[2].exe    Win32/Conduit.SearchProtect.M potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WhiteUS139[2].exe    Win32/Conduit.SearchProtect.M potentially unwanted application
C:\Windows\Temp\file_25988.exe    Win32/Conduit.SearchProtect.M potentially unwanted application
C:\Windows\Temp\file_to_run55835.exe    Win32/Conduit.SearchProtect.M potentially unwanted application
 

 

 

Checkup:

 

 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Windows Defender                  
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 5  
 Java version out of Date!
 Adobe Flash Player     13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\Users\Renee\AppData\Local\Temp\nsc3347.tmp\Helper.dllC:\Users\Renee\AppData\Local\Temp\nsq5731\SpSetup.exe  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WhiteUS139[2].exeC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WhiteUS139[2].exe  C:\Windows\Temp\file_25988.exe   C:\Windows\Temp\file_to_run55835.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

Make sure to update AVG and active realtime scanning.

 

Let me see log from OTM, also confirm if Java updated successfully. Let me know if any remaining issues or concerns.

 

 

Kevin

Link to post
Share on other sites

I upgraded and turned on AVG. It seems to be running okay.

I will do the Java upgrade now.

Here is the OTM:

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Renee\Desktop\cmd.bat deleted successfully.
C:\Users\Renee\Desktop\cmd.txt deleted successfully.
DllUnregisterServer procedure not found in C:\Users\Renee\AppData\Local\Temp\nsc3347.tmp\Helper.dll
C:\Users\Renee\AppData\Local\Temp\nsc3347.tmp\Helper.dll moved successfully.
C:\Users\Renee\AppData\Local\Temp\nsq5731\SpSetup.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WhiteUS139[2].exe moved successfully.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WhiteUS139[2].exe not found.
C:\Windows\Temp\file_25988.exe moved successfully.
C:\Windows\Temp\file_to_run55835.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Renee
->Temp folder emptied: 411876300 bytes
->Temporary Internet Files folder emptied: 40847118 bytes
->Java cache emptied: 50439 bytes
->FireFox cache emptied: 6162679 bytes
->Flash cache emptied: 506 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608351062 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8330520 bytes
RecycleBin emptied: 59810715 bytes
 
Total Files Cleaned = 1,083.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 05232014_133024

Files moved on Reboot...
C:\Users\Renee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Renee\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\MOREFUNNER-20140523-1240.log moved successfully.
File C:\Windows\temp\officeclicktorun.exe_c2ruidll(201405231240187EC).log not found!
File C:\Windows\temp\officeclicktorun.exe_streamserver(201405231240187EC).log not found!
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Thank you for the update Renee, run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out..

 

Kevin..... ;)

Link to post
Share on other sites

One more thing before the cleanup.

 

Now that I have AVG upgraded and running, it insists on putting up an AVG logo and search bar on all new tabs in Firefox (but not Internet Explorer).

I have Firefox set to show a blank page on start up. I can click on 'Restore default new tab' on the upper right, which brings up the option to untick the box for the AVG search box, but it is reticked and displaying the search box when I restart Firefox. Is there a way to get rid of this short of uninstalling AVG? If not, do I really need AVG? Thanks.

Link to post
Share on other sites

The following is from the AVG link, my notes are in green:

 

1. Click the small arrow next to the search provider icon and select Manage Search Engines…
2. Select the AVG Secure Search and Remove it as seen on this screenshot.

     AVG Secure Search was not in the list, I have Google, Yahoo, Amazon, eBay, & Wikipedia
3. Open the Firefox menu and select Options -> Options (or open the Tools menu and select the Options item).
4. Select the General tab and reset your home page as seen on this screenshot.

     I did this, no problems
5. Type about:config in the address bar and press Enter.
6. Press the I’ll be careful, I promise! Button.
7. Type search in the Search text box.
8. Right-click the browser.search.defaultenginename and select Reset from the context menu.

     Reset was not an allowed option
9. Type keyword in the Search text box.
10. Right-click the keyword.URL item and select Reset from the context menu.

        Keyword.URL did not appear in the list
11. Type browser.startup in the Search text box.
12. Right-click the browser.startup.homepage_override.mstone item and select Reset from the context menu.

     I did this, no problem
13. Restart the Mozilla Firefox.
14. AVG Secure Search is now completely removed from the Mozilla Firefox browser.

       AVG Secure Search is still showing up when I open a new tab

       I also restarted my computer, still showing up

 

 

I've had enough for today. I'm thinking I'll uninstall Java tomorrow; Firefox says one of the new ones I just installed is a security threat. I think I can live without Java, and will just reinstall if I find I need it.

 

Renee

Link to post
Share on other sites

Hi Kevin, I think AVG is finally gone. Here is what we did:

 

Ran the second link for AVG removal from your post above - still did not remove

 

My son did the following:

   deleted the folder containing the AVG executable file

   disabled the startup entry in task manager

   deleted the startup entry from the registry

 

It was still showing up.

 

I then uninstalled Firefox and did a new download and install. AVG seems to be gone. Whew!

 

 

Now what remains are the alterations to my Metro interface. On successive startups, I've had these changes:

   Rearrangement of tiles

   Rearrangement of tiles plus a high contrast background and loss of lockscreen picture

   Rearrangement of tiles, high contrast backgroud, loss of lockscreen picture and deletion of most tiles

 

After getting rid of AVG, my son reset the background contrast and the lockscreen picture is back without our doing anything to set it. Most of the tiles are still missing.

 

Are these changes likely the result of the cleanup/reset we did? Part of the AVG hijack? Some other infection? Thanks.

Renee

Link to post
Share on other sites

Apologies for the late reply, had some unfortunate bad news to deal with....

 

Yes probably removal of hijacker has reset metro tiles to defaults, the start screen you see after boot has default tiles plus any others that you have set yourself, they are all basically shortcuts. You can easily reset any shortcuts that you want to add back to the start screen.

 

Open your Start Screen and go to the "All Apps" view by clicking on the “down” arrow at the bottom left side of the start screen. You should now see an index of all available apps on your system, they will be listed icons in alphabetical order. Right click on a preferred app, select > Pin to Start from the list or one of the other commands that are available to you.... Does that help?

 

Other that the tile issue what is your current status, did you run Delfix? are there any remaining issues or concerns?

 

Thank you,

 

Kevin

Link to post
Share on other sites

Kevin, my condolences on your bad news.

 

I was waiting to run Delfix until I heard your opinion on the tile reset. In retrospect, I'm rather glad the tiles reset. I tend to be a packrat, and hadn't dumped much of anything that came preinstalled. The hijack cleanup removed all but about 5 tiles. I've only put back the ones I really use from that interface, so the whole thing is much more streamlined now.

 

It looks like there was quite a delay in this notice coming to my email, as it seems you posted yesterday; I just got the email notification a couple of hours ago.

 

I'll run the cleanup from your earlier email and report back.

 

Renee

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.