1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Laptop extremely slow and redirects

Discussion in 'Virus & Other Malware Removal' started by msteacher, Jan 8, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. msteacher

    msteacher Thread Starter

    Joined:
    Jan 8, 2015
    Messages:
    4
    Hi all
    New here and would appreciate any help thanks. My laptop is very slow and I think I might have a virus.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5
    Processor Count: 4
    RAM: 3890 Mb
    Graphics Card: Intel(R) HD Graphics, 1721 Mb
    Hard Drives: C: Total - 576655 MB, Free - 434711 MB;
    Motherboard: TOSHIBA, NALAA
    Antivirus: Norton 360, Updated and Enabled
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi msteacher,

    A few things to do here, but you can handle it. Just take one step at a time.
    If you run into trouble, just stop and tell me about it.
    -------------------------------------------------------
    IF You Don't Have Firefox, get it here and install it : http://www.getfirefox.net/
    During the installation you can likely import settings from Internet Explorer if you wish.
    ---------------------------------------------------------
    Set Firefox as Default and Always Ask Where to Save Downloads
    Open Firefox, then hit the Alt key once if necessary, so you can see the menu bar at the top.
    In the top menu bar, click on Tools, and select Options.
    In the new dialog window that pops up:
    Click on the General icon in the top bar, and click the radiobutton labeled "Always ask me where to save files"
    Click on the Advanced icon in the top bar.
    Click the radiobutton labeled, "Always check to see if Firefox is the Default browser on startup."
    Click OK.
    -----------------------------------------------------------
    Change Settings to View File Extensions and Hidden Files
    Go to Start, and type Show hidden into the box.
    When you see the Show hidden files and folders listing appear in the popup, click on it.
    Click on the View tab
    Under "Files and Folders",
    • Uncheck "Hide Extensions for known File Types"
    • Check "Show Hidden Files Folders and Drives"
    Click Apply and OK.
    ----------------------------------------------
    Download and Run Temp File Cleaner (TFC.exe)
    Download Temp File Cleaner and save it to your desktop.
    You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
    Right click the TFC icon and choose Run as administrator.
    If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
    When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
    After Restart, log back in to your usual account.
    You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please copy and paste each of them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  3. msteacher

    msteacher Thread Starter

    Joined:
    Jan 8, 2015
    Messages:
    4
    Here are the scan logs

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
    Ran by Patrizia at 2015-01-08 19:25:56
    Running from C:\Users\Patrizia\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
    FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
    BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10260.0 - Cisco Consumer Products LLC)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DDPB (HKLM-x32\...\{748590DB-44CD-48D2-8585-2496BBFE919F}) (Version: 1.0.9 - DauDen.vn)
    Dropbox (HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Feature Update Service (GFF) (HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\GoforFilesUpdater) (Version: 3.14.24 - ) <==== ATTENTION
    File Opener Packages (HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\File Opener Packages) (Version: - ) <==== ATTENTION
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
    FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
    Flix (HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\9e7b1b6489a0c8a3) (Version: 1.0.0.146 - Daniel Bigham)
    GoforFiles (HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\GoforFiles) (Version: 3.14.24 - http://www.goforfiles.com/) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
    Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
    Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Communicator 2007 (HKLM-x32\...\{E5BA0430-919F-46DD-B656-0796F8A5ADFF}) (Version: 2.0.6362.0 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton 360 (HKLM-x32\...\N360) (Version: 20.6.0.27 - Symantec Corporation)
    Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
    Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
    Piante contro zombi (HKLM-x32\...\Piante contro zombi) (Version: - PopCap Games)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype&#8482; 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
    TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
    vGrabber (HKLM-x32\...\vGrabber) (Version: 1.14 - http://vgrabber.org)
    Web Assistant 2.0.0.572 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.572 - IncrediBar) <==== ATTENTION
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION!
    XBMC (HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\XBMC) (Version: - Team XBMC)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Patrizia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Patrizia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    12-12-2014 03:00:20 Windows Update
    18-12-2014 03:00:20 Windows Update
    26-12-2014 21:40:11 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00D4717C-5453-4C5D-A647-0E56905E219E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {0BF72978-13F2-4076-A44C-F9E85E63FEC0} - System32\Tasks\{78A26B59-62A8-43F5-BC4E-AAD6FA9AFE90} => pcalua.exe -a "C:\Users\Patrizia\Downloads\for PC\WBFSManager3.1-RTW-x86\setup.exe" -d "C:\Users\Patrizia\Downloads\for PC\WBFSManager3.1-RTW-x86"
    Task: {0C4160EE-ED03-4AAA-9D21-6CA6DB4AC43C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
    Task: {1A14A1F2-3A53-451C-A19B-DE16FC134F5A} - System32\Tasks\5017 => Wscript.exe C:\Users\Patrizia\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {272AEB99-410C-4FF6-988F-AA13E2B25C78} - System32\Tasks\{5FCF91F4-2FA4-4E8C-A4F3-5EDA9BDB6E90} => Iexplore.exe http://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsBing
    Task: {3BB702C3-7E9F-456D-AEE7-D9BB8F34513F} - System32\Tasks\WSE_Vosteran => C:\Users\Patrizia\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2015-01-08] () <==== ATTENTION
    Task: {4CDAA154-9852-427C-A0A9-F72930C59B5A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {4E921B79-239C-4CAF-9E90-FAAA21621CA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
    Task: {502E236D-7E52-4553-9090-68541BFB83F7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {51EEAB9C-1884-4AAB-B97B-AE6C1E42910E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {68FE4F6E-A4F0-4861-9067-540F81E02A62} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {9300ED2E-EA15-4244-A6DB-64DC67616D28} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {95ADDFBD-C91E-41F4-B90A-AF1CE137E013} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3728344445-2624263655-1912729208-1000UA => C:\Users\Patrizia\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
    Task: {9CD61137-7B61-4B76-8AE5-51CA6DA55C95} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
    Task: {9D8B7B03-0E2F-4C04-9651-1FDDA5FB85BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
    Task: {9DF86DDA-EF3F-4551-925A-03CB1FA327F3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
    Task: {9E9456DC-8C8E-4FA5-B27C-7E9E8BCC5914} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
    Task: {C1472012-076F-480D-9B1B-174A4AB39367} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
    Task: {CBDC0BBE-A4D7-4AE7-B6E4-2E88C8DEA659} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles Updater\GFFUpdater.exe [2014-06-15] (http://goforfiles.com/) <==== ATTENTION
    Task: {D33A581A-A6F0-4D83-9892-9B0A173F4280} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3728344445-2624263655-1912729208-1000Core => C:\Users\Patrizia\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
    Task: {DEAABE49-01D8-4F5A-903B-5523F67D1710} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728344445-2624263655-1912729208-1000Core.job => C:\Users\Patrizia\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728344445-2624263655-1912729208-1000UA.job => C:\Users\Patrizia\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\WSE_Vosteran.job => C:\Users\Patrizia\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2014-06-25 20:28 - 2014-07-17 06:43 - 02610992 _____ () C:\windows\system32\dmwu.exe
    2013-03-12 19:46 - 2013-01-29 13:28 - 00188760 _____ () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2009-01-30 20:11 - 2009-01-30 20:11 - 01091072 _____ () C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCtrl.dll
    2009-01-30 20:10 - 2009-01-30 20:10 - 01043456 _____ () C:\Program Files\Toshiba\SmartFaceV\FaceRec.dll
    2009-01-30 20:11 - 2009-01-30 20:11 - 07861248 _____ () C:\Program Files\Toshiba\SmartFaceV\FaceHI.dll
    2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
    2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
    2014-12-11 06:35 - 2012-05-30 01:51 - 00699280 ____R () C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\wincfi39.dll
    2014-12-11 06:35 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\NORTON 360\ENGINE\20.6.0.27\wincfi39.dll
    2014-12-13 09:52 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-13 09:52 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-13 09:52 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-13 09:52 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2014-12-13 09:52 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
    2015-01-08 19:25 - 2014-04-28 15:53 - 00572739 _____ () C:\Users\Patrizia\AppData\Local\Temp\6373842.Uninstall\uninstaller.exe

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
    AlternateDataStreams: C:\ProgramData\TEMP:D3A96964
    AlternateDataStreams: C:\Users\Patrizia\Documents\CATSA - PREP & FLY &#8211; your packing list.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Patrizia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: 00TCrdMain => C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: Flix => "C:\Users\Patrizia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daniel Bigham\Flix.appref-ms"
    MSCONFIG\startupreg: Google Update => "C:\Users\Patrizia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: NortonUtilities => C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Rim.DesktopHelper.exe => "C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
    MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    MSCONFIG\startupreg: Shockwave Updater => "C:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3728344445-2624263655-1912729208-500 - Administrator - Disabled)
    Guest (S-1-5-21-3728344445-2624263655-1912729208-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-3728344445-2624263655-1912729208-1005 - Limited - Enabled)
    Kids (S-1-5-21-3728344445-2624263655-1912729208-1007 - Limited - Enabled) => C:\Users\Kids.Patrizia-PC
    Patrizia (S-1-5-21-3728344445-2624263655-1912729208-1000 - Administrator - Enabled) => C:\Users\Patrizia

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/08/2015 03:58:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11872

    Error: (01/08/2015 03:58:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11872

    Error: (01/08/2015 03:58:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/08/2015 03:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9766

    Error: (01/08/2015 03:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9766

    Error: (01/08/2015 03:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/08/2015 03:58:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8767

    Error: (01/08/2015 03:58:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8767

    Error: (01/08/2015 03:58:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/08/2015 03:58:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7738


    System errors:
    =============
    Error: (01/08/2015 07:18:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (01/08/2015 07:18:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/08/2015 05:40:15 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:37:52 PM on &#8206;08/&#8206;01/&#8206;2015 was unexpected.

    Error: (12/29/2014 11:18:25 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.

    Error: (12/28/2014 04:12:34 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0CD0710D-2402-4573-B9D1-4E8E1938AD0B} because another computer on the network has the same name. The server could not start.

    Error: (12/28/2014 04:12:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (12/24/2014 08:54:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
    %%1053

    Error: (12/24/2014 08:54:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

    Error: (12/24/2014 08:52:57 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 8:25:53 PM on &#8206;24/&#8206;12/&#8206;2014 was unexpected.

    Error: (12/24/2014 08:14:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-13 10:39:21.987
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-13 10:39:21.972
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-13 10:36:11.492
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-13 10:36:11.455
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-12 04:06:07.703
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-12 04:06:07.703
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-12 04:06:07.688
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-12 04:06:07.672
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-12 04:04:21.341
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-12 04:04:21.279
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
    Percentage of memory in use: 60%
    Total physical RAM: 3890.67 MB
    Available physical RAM: 1519.59 MB
    Total Pagefile: 7779.52 MB
    Available Pagefile: 4931.12 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (S3A9506D005) (Fixed) (Total:563.14 GB) (Free:424.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 01F07CA6)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=563.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=20.4 GB) - (Type=17)
    Partition 4: (Not Active) - (Size=11.2 GB) - (Type=17)

    ==================== End Of Log ============================








    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
    Ran by Patrizia (administrator) on PATRIZIA-PC on 08-01-2015 19:22:56
    Running from C:\Users\Patrizia\Downloads
    Loaded Profiles: Patrizia & Kids (Available profiles: Patrizia & Kids)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    () C:\Windows\System32\dmwu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\ccsvchst.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\ccsvchst.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\ccsvchst.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTime.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
    (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Run: [GoogleChromeAutoLaunch_20AE4A401FBC688C25C1A623BCA86CFE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\RunOnce: [WSE_Vosteran] => wscript /E:vbscript /B "C:\Users\Patrizia\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1007\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    AppInit_DLLs-x32: C:/PROGRA~3/{F7511~1/171~1.0/sene.dll => C:/PROGRA~3/{F7511~1/171~1.0/sene.dll [649216 2015-01-08] ()
    Startup: C:\Users\Patrizia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Patrizia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
    GroupPolicyUsers\S-1-5-21-3728344445-2624263655-1912729208-1007\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://Vosteran.com/?f=1&a=vst_ggfc...GtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
    URLSearchHook: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
    URLSearchHook: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6OyIxiBJSW&loc=skw&search={searchTerms}&i=26
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1007 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1007 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1007 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PRIj5z4fi&loc=skw&search={searchTerms}&i=26
    BHO: Web Assistant -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\Web Assistant\Extension64.dll ()
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Web Assistant -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\Web Assistant\Extension32.dll ()
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    Toolbar: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    Toolbar: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://mytdsb.on.ca/+CSCOL+/csvrloader32.cab
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default
    FF DefaultSearchEngine: Vosteran
    FF SelectedSearchEngine: Vosteran
    FF Homepage: hxxp://Vosteran.com/?f=1&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1212152.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3728344445-2624263655-1912729208-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Patrizia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-3728344445-2624263655-1912729208-1000: @talk.google.com/O1DPlugin -> C:\Users\Patrizia\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-3728344445-2624263655-1912729208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Patrizia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3728344445-2624263655-1912729208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Patrizia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF user.js: detected! => C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Users\Patrizia\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Patrizia\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default\searchplugins\MyStart Search.xml
    FF SearchPlugin: C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default\searchplugins\MyStart.xml
    FF SearchPlugin: C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default\searchplugins\Vosteran.xml
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
    FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
    FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-07-20]
    FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: &#1052;&#1086;&#1076;&#1091;&#1083;&#1100; &#1087;&#1077;&#1088;&#1077;&#1074;&#1110;&#1088;&#1082;&#1080; &#1087;&#1086;&#1089;&#1080;&#1083;&#1072;&#1085;&#1100; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-28]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: &#1042;&#1110;&#1088;&#1090;&#1091;&#1072;&#1083;&#1100;&#1085;&#1072; &#1082;&#1083;&#1072;&#1074;&#1110;&#1072;&#1090;&#1091;&#1088;&#1072; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-28]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: &#1052;&#1086;&#1076;&#1091;&#1083;&#1100; &#1073;&#1083;&#1086;&#1082;&#1091;&#1074;&#1072;&#1085;&#1085;&#1103; &#1085;&#1077;&#1073;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1080;&#1093; &#1074;&#1077;&#1073;-&#1089;&#1072;&#1081;&#1090;&#1110;&#1074; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-28]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: Ch&#7863;n qu&#7843;ng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-28]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
    FF Extension: &#1041;&#1077;&#1079;&#1087;&#1077;&#1095;&#1085;&#1110; &#1087;&#1083;&#1072;&#1090;&#1077;&#1078;&#1110; - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-28]
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn [2015-01-08]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir="
    CHR DefaultSearchKeyword: Default -> vosteran.com
    CHR DefaultSearchURL: Default -> http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR Profile: C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
    CHR Extension: (Kaspersky Protection) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-20]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-02-28]
    CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-01-05]
    CHR Extension: (Norton Identity Safe) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-24]
    CHR Extension: (Google Wallet) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
    CHR Extension: (Anti-Banner) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-02-28]
    CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11]
    CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-07-20]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Patrizia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-31]
    CHR HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11]
    CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-07-04]
    CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-07-20]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-07-04]
    CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - No Path
    CHR StartMenuInternet: Google Chrome - chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-02-28] (Kaspersky Lab ZAO)
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
    S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [2610992 2014-07-17] ()
    R2 N360; C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
    R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
    R2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] () [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
    R3 EuMusDesignVirtualAudioCableWdm_flx; C:\Windows\System32\DRIVERS\vacflxkd.sys [90880 2014-03-28] (Daniel Bigham)
    R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20150107.001\IDSvia64.sys [637656 2014-11-19] (Symantec Corporation)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-28] (Kaspersky Lab ZAO)
    S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-02-28] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-28] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-02-28] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-28] (Kaspersky Lab ZAO)
    R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20150108.001\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20150108.001\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-02-12] (SMART Technologies) [File not signed]
    S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-02-12] (SMART Technologies) [File not signed]
    S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-02-12] (SMART Technologies ULC) [File not signed]
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-01-28] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-01-30] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-11-15] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
    S3 usbrndis6; C:\Windows\system32\drivers\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-08 19:22 - 2015-01-08 19:24 - 00039431 _____ () C:\Users\Patrizia\Downloads\FRST.txt
    2015-01-08 19:22 - 2015-01-08 19:23 - 00000000 ____D () C:\FRST
    2015-01-08 19:21 - 2015-01-08 19:21 - 02124288 _____ (Farbar) C:\Users\Patrizia\Downloads\FRST64.exe
    2015-01-08 19:21 - 2015-01-08 19:21 - 00244104 _____ () C:\Users\Patrizia\Downloads\Firefox Setup Stub 34.0.5 (1).exe
    2015-01-08 19:17 - 2015-01-08 19:17 - 00448512 _____ (OldTimer Tools) C:\Users\Patrizia\Downloads\TFC.exe
    2015-01-08 19:07 - 2015-01-08 19:07 - 00244104 _____ () C:\Users\Patrizia\Downloads\Firefox Setup Stub 34.0.5.exe
    2015-01-08 19:06 - 2015-01-08 19:06 - 00004026 _____ () C:\windows\System32\Tasks\LaunchSignup
    2015-01-08 19:05 - 2015-01-08 19:06 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
    2015-01-08 19:04 - 2015-01-08 19:04 - 00003256 _____ () C:\windows\System32\Tasks\WSE_Vosteran
    2015-01-08 19:04 - 2015-01-08 19:04 - 00000304 _____ () C:\windows\Tasks\WSE_Vosteran.job
    2015-01-08 19:03 - 2015-01-08 19:04 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\WSE_Vosteran
    2015-01-08 19:03 - 2015-01-08 19:04 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
    2015-01-08 19:03 - 2015-01-08 19:03 - 00001121 _____ () C:\Users\Public\Desktop\FileOpener.lnk
    2015-01-08 19:03 - 2015-01-08 19:03 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\1H1Q1V1N1N1O1R
    2015-01-08 19:03 - 2015-01-08 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
    2015-01-08 19:03 - 2015-01-08 19:03 - 00000000 ____D () C:\ProgramData\{F7511F92-A7D3-CE14-1655-BE96C6D76D18}
    2015-01-08 19:03 - 2015-01-08 19:03 - 00000000 ____D () C:\Program Files (x86)\Tweaks
    2015-01-08 18:59 - 2015-01-08 18:59 - 00798080 _____ ( ) C:\Users\Patrizia\Downloads\FileOpenerSetup.exe
    2015-01-08 17:49 - 2015-01-08 17:49 - 00509440 _____ (Tech Support Guy System) C:\Users\Patrizia\Downloads\SysInfo (3).exe
    2015-01-08 17:48 - 2015-01-08 17:48 - 00509440 _____ (Tech Support Guy System) C:\Users\Patrizia\Downloads\SysInfo (2).exe
    2015-01-08 17:46 - 2015-01-08 17:47 - 00509440 _____ (Tech Support Guy System) C:\Users\Patrizia\Downloads\SysInfo (1).exe
    2015-01-08 17:46 - 2015-01-08 17:46 - 00509440 _____ (Tech Support Guy System) C:\Users\Patrizia\Downloads\SysInfo.exe
    2014-12-24 20:15 - 2014-12-24 20:16 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
    2014-12-17 18:24 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-12-17 18:24 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-12-16 05:54 - 2014-12-16 05:54 - 00000000 ____D () C:\Users\Patrizia\AppData\Local\{D5A14F5C-54C8-4874-AB2F-573D1BFE6C03}
    2014-12-12 03:16 - 2014-12-12 03:16 - 00000000 ____D () C:\windows\system32\appraiser
    2014-12-12 03:02 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
    2014-12-12 03:02 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
    2014-12-12 03:02 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
    2014-12-12 03:02 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
    2014-12-12 03:02 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
    2014-12-12 03:02 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
    2014-12-12 03:02 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
    2014-12-12 03:02 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
    2014-12-12 03:02 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
    2014-12-12 03:02 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
    2014-12-11 23:09 - 2015-01-08 17:40 - 00001972 _____ () C:\windows\setupact.log
    2014-12-11 23:09 - 2014-12-24 20:07 - 00099560 _____ () C:\windows\PFRO.log
    2014-12-11 23:09 - 2014-12-11 23:09 - 00000000 _____ () C:\windows\setuperr.log
    2014-12-11 23:05 - 2014-12-11 23:05 - 00330144 _____ () C:\Users\Patrizia\Documents\cc_20141211_230505.reg
    2014-12-11 22:44 - 2014-12-11 22:44 - 00000000 ____D () C:\windows\pss
    2014-12-11 06:39 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-12-11 06:39 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-12-11 06:39 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
    2014-12-11 06:39 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-11 06:39 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-11 06:38 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-11 06:38 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-11 06:38 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-11 06:38 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-12-11 06:38 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-12-11 06:38 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-12-11 06:38 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-12-11 06:38 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-11 06:38 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-12-11 06:38 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-12-11 06:38 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-12-11 06:38 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-12-11 06:38 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-12-11 06:38 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-12-11 06:38 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-11 06:38 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-12-11 06:38 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-12-11 06:38 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-11 06:38 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-12-11 06:38 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-12-11 06:38 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-12-11 06:38 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-12-11 06:38 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-11 06:38 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-12-11 06:38 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-12-11 06:38 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-12-11 06:38 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-11 06:38 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-12-11 06:38 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-11 06:38 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-12-11 06:38 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-12-11 06:38 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-12-11 06:38 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-12-11 06:38 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-11 06:38 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-11 06:38 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-12-11 06:38 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-11 06:38 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-12-11 06:38 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-11 06:38 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-11 06:38 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-12-11 06:38 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-11 06:38 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-11 06:38 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-11 06:38 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-11 06:38 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-11 06:38 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-11 06:38 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-12-11 06:38 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-11 06:38 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-11 06:38 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-12-11 06:38 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-11 06:38 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-11 06:38 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-12-11 06:38 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
    2014-12-11 06:37 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-12-11 06:37 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2014-12-11 06:37 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
    2014-12-11 06:37 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
    2014-12-11 06:37 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-12-11 06:37 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
    2014-12-11 06:37 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
    2014-12-11 06:37 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
    2014-12-11 06:37 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
    2014-12-11 06:37 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-12-11 06:37 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-11 06:37 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
    2014-12-11 06:37 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
    2014-12-11 06:37 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-08 19:09 - 2013-06-05 08:01 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-08 19:09 - 2013-06-05 08:01 - 00001122 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-01-08 19:09 - 2013-06-05 08:01 - 00000000 ____D () C:\Users\Patrizia\AppData\Local\Mozilla
    2015-01-08 19:09 - 2013-06-05 08:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-08 19:09 - 2012-07-20 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-08 19:02 - 2013-10-24 20:26 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728344445-2624263655-1912729208-1000UA.job
    2015-01-08 18:49 - 2012-04-07 12:33 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-08 18:49 - 2011-06-04 08:43 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-08 18:48 - 2010-11-02 04:44 - 01371603 _____ () C:\windows\WindowsUpdate.log
    2015-01-08 18:07 - 2014-02-28 09:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-01-08 18:07 - 2011-06-04 08:43 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-08 17:56 - 2011-01-17 00:14 - 00000000 ____D () C:\Program Files\WBFS
    2015-01-08 17:55 - 2011-01-17 13:28 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\uTorrent
    2015-01-08 17:49 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-08 17:49 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-08 17:42 - 2014-06-25 22:29 - 00000000 ___RD () C:\Users\Patrizia\Dropbox
    2015-01-08 17:42 - 2014-06-25 22:26 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\Dropbox
    2015-01-08 17:40 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-08 12:47 - 2013-10-24 20:26 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728344445-2624263655-1912729208-1000Core.job
    2015-01-07 17:10 - 2012-08-25 19:09 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\XBMC
    2015-01-04 17:37 - 2011-02-21 15:05 - 00000000 ____D () C:\Users\Patrizia\Documents\Recipes
    2014-12-28 10:54 - 2014-04-21 06:32 - 00000000 ____D () C:\Users\Patrizia\Documents\websites
    2014-12-26 20:07 - 2013-01-08 20:03 - 01879040 ___SH () C:\Users\Patrizia\Desktop\Thumbs.db
    2014-12-24 20:57 - 2014-06-25 22:27 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-12-24 20:10 - 2012-12-30 20:22 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
    2014-12-24 20:09 - 2014-04-08 20:23 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration
    2014-12-24 20:09 - 2014-04-08 20:23 - 00002479 _____ () C:\Users\Public\Desktop\Norton 360.lnk
    2014-12-24 20:09 - 2014-04-08 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    2014-12-22 15:31 - 2009-07-14 00:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-18 02:51 - 2010-11-02 05:25 - 00000000 ____D () C:\ProgramData\Norton
    2014-12-15 20:18 - 2011-05-15 16:00 - 00000000 ____D () C:\Users\Patrizia\AppData\Local\CrashDumps
    2014-12-12 04:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
    2014-12-12 03:16 - 2014-05-07 05:55 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-12-12 03:16 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-12-12 03:16 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
    2014-12-12 03:13 - 2010-12-31 13:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-12 03:12 - 2013-07-18 09:38 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-12 03:04 - 2010-12-27 04:21 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-12-10 19:38 - 2012-04-07 12:33 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-12-10 19:38 - 2012-04-07 12:33 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-10 19:38 - 2011-10-08 15:12 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-04 16:11

    ==================== End Of Log ============================
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    msteacher,
    -----------------------------------------------------------
    You have two antivirus programs on your PC at the same time. They will conflict with each other and cause system instability and/or improper AntiVirus protection.
    Choose to keep just one: either the Norton 360 or Kaspersky Internet Security, and Uninstall the other.
    From Start, Control Panel, click on Programs and Features.
    Right click the Entry you want to remove, choose Uninstall/Change, and give permission to Continue.

    ------------------------------------------------
    There are a few other programs to remove.
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Feature Update Service
    File Opener Packages
    GoforFiles
    Java 7 Update 10 (64-bit)
    Java(TM) 6 Update 17
    Piante contro zombi
    Web Assistant 2.0.0.572
    WSE_Vosteran

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------

    REBOOT (RESTART) Your Machine

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    This is the attachment.
     

    Attached Files:

  6. msteacher

    msteacher Thread Starter

    Joined:
    Jan 8, 2015
    Messages:
    4
    Thanks again for your help here is the latest log.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
    Ran by Patrizia at 2015-01-09 21:19:27 Run:1
    Running from C:\Users\Patrizia\Desktop
    Loaded Profile: Patrizia (Available profiles: Patrizia & Kids)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Task: {1A14A1F2-3A53-451C-A19B-DE16FC134F5A} - System32\Tasks\5017 => Wscript.exe C:\Users\Patrizia\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {3BB702C3-7E9F-456D-AEE7-D9BB8F34513F} - System32\Tasks\WSE_Vosteran => C:\Users\Patrizia\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2015-01-08] () <==== ATTENTION
    Task: {4CDAA154-9852-427C-A0A9-F72930C59B5A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {502E236D-7E52-4553-9090-68541BFB83F7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: C:\windows\Tasks\WSE_Vosteran.job => C:\Users\Patrizia\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\RunOnce: [WSE_Vosteran] => wscript /E:vbscript /B "C:\Users\Patrizia\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    C:\Program Files (x86)\MyPC Backup
    GroupPolicyUsers\S-1-5-21-3728344445-2624263655-1912729208-1007\User: Group Policy restriction detected <======= ATTENTION
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://Vosteran.com/?f=1&a=vst_ggfc_...1719504333&ir=
    URLSearchHook: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
    SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6OyIxiBJSW&loc=skw&search={searchTerms}&i=26
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1007 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PRIj5z4fi&loc=skw&search={searchTerms}&i=26
    BHO: Web Assistant -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\Web Assistant\Extension64.dll ()
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: Web Assistant -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\Web Assistant\Extension32.dll ()
    Toolbar: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    Toolbar: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    FF DefaultSearchEngine: Vosteran
    FF SelectedSearchEngine: Vosteran
    FF Homepage: hxxp://Vosteran.com/?f=1&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDy CtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G 1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0 EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtB tG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
    FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-07-20]
    FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
    CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDy CtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G 1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0 EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtB tG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDy CtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G 1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0 EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtB tG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir="
    CHR DefaultSearchKeyword: Default -> vosteran.com
    CHR DefaultSearchURL: Default -> http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz 0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1 CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByE tBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCy EyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=171950 4333&ir=
    CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-07-20]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-07-20]
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
    R2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] () [File not signed]
    C:\Program Files (x86)\MyPC Backup
    C:\windows\System32\Tasks\WSE_Vosteran
    C:\windows\Tasks\WSE_Vosteran.job
    C:\Users\Patrizia\AppData\Roaming\WSE_Vosteran
    C:\Program Files (x86)\WSE_Vosteran
    C:\Users\Patrizia\AppData\Roaming\uTorrent

    *****************

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A14A1F2-3A53-451C-A19B-DE16FC134F5A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A14A1F2-3A53-451C-A19B-DE16FC134F5A}" => Key deleted successfully.
    C:\Windows\System32\Tasks\5017 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5017" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB702C3-7E9F-456D-AEE7-D9BB8F34513F} => Key not found.
    C:\Windows\System32\Tasks\WSE_Vosteran not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CDAA154-9852-427C-A0A9-F72930C59B5A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CDAA154-9852-427C-A0A9-F72930C59B5A}" => Key deleted successfully.
    C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{502E236D-7E52-4553-9090-68541BFB83F7}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{502E236D-7E52-4553-9090-68541BFB83F7}" => Key deleted successfully.
    C:\Windows\System32\Tasks\0 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
    C:\windows\Tasks\WSE_Vosteran.job not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WSE_Vosteran => Value not found.
    C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
    "C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
    C:\windows\system32\GroupPolicyUsers\S-1-5-21-3728344445-2624263655-1912729208-1007\User => Moved successfully.
    C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
    HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
    "HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key deleted successfully.
    HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
    HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.
    HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.
    HKCR\Wow6432Node\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key not found.
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => value deleted successfully.
    HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Key not found.
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => value deleted successfully.
    HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox SelectedSearchEngine deleted successfully.
    Firefox homepage deleted successfully.
    "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2" => Key deleted successfully.
    C:\windows\system32\npDeployJava1.dll => Moved successfully.
    HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2 => Key not found.
    "C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll" => not found.
    HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value deleted successfully.
    C:\Program Files\Web Assistant\Firefox not found.
    HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value deleted successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value deleted successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value deleted successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    Chrome DefaultSearchURL deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => Key deleted successfully.
    "C:\Program Files\Web Assistant\source.crx" => File/Directory not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => Key deleted successfully.
    "C:\Program Files\Web Assistant\source.crx" => File/Directory not found.
    BackupStack => Service not found.
    Web Assistant Updater => Service deleted successfully.
    "C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
    "C:\windows\System32\Tasks\WSE_Vosteran" => File/Directory not found.
    "C:\windows\Tasks\WSE_Vosteran.job" => File/Directory not found.
    "C:\Users\Patrizia\AppData\Roaming\WSE_Vosteran" => File/Directory not found.
    "C:\Program Files (x86)\WSE_Vosteran" => File/Directory not found.
    C:\Users\Patrizia\AppData\Roaming\uTorrent => Moved successfully.


    The system needed a reboot.

    ==== End of Fixlog 21:19:32 ====
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    msteacher,
    That fix result looks good.
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST64.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents in your next reply.

    askey127
     
  8. msteacher

    msteacher Thread Starter

    Joined:
    Jan 8, 2015
    Messages:
    4
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
    Ran by Patrizia (administrator) on PATRIZIA-PC on 10-01-2015 20:43:12
    Running from C:\Users\Patrizia\Desktop
    Loaded Profile: Patrizia (Available profiles: Patrizia & Kids)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    () C:\Windows\System32\dmwu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\N360.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\N360.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Dropbox, Inc.) C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\coNatHst.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Run: [GoogleChromeAutoLaunch_20AE4A401FBC688C25C1A623BCA86CFE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    Startup: C:\Users\Patrizia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Patrizia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
    URLSearchHook: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0Fzz0CtC0FyCtAtAtDyCtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDyEtDzytCzzyE0EtGtByCyCyEtGtByEtBtBtGtCtAyE0CtGyDyBtAtBzy0EyCyE0Dzy0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0C0EtCyEyEtC0FtGzztBzy0CtGyEtC0BtBtG0B0E0CzytGtCtAtC0CyCyEtCyCyCyDtBtA2Q&cr=1719504333&ir=
    SearchScopes: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-3728344445-2624263655-1912729208-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://mytdsb.on.ca/+CSCOL+/csvrloader32.cab
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default
    FF DefaultSearchEngine: Vosteran
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1212152.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3728344445-2624263655-1912729208-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Patrizia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-3728344445-2624263655-1912729208-1000: @talk.google.com/O1DPlugin -> C:\Users\Patrizia\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-3728344445-2624263655-1912729208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Patrizia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3728344445-2624263655-1912729208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Patrizia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF user.js: detected! => C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Users\Patrizia\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Patrizia\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default\searchplugins\MyStart Search.xml
    FF SearchPlugin: C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default\searchplugins\MyStart.xml
    FF SearchPlugin: C:\Users\Patrizia\AppData\Roaming\Mozilla\Firefox\Profiles\b0jrkzbk.default\searchplugins\Vosteran.xml
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-01-10]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2015-01-10]

    Chrome:
    =======
    CHR Profile: C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
    CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-01-05]
    CHR Extension: (Norton Identity Safe) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-24]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-10]
    CHR Extension: (Google Wallet) - C:\Users\Patrizia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-09]
    CHR HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Patrizia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-31]
    CHR HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKU\S-1-5-21-3728344445-2624263655-1912729208-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-09]
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - No Path
    CHR StartMenuInternet: Google Chrome - chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [2610992 2014-07-17] ()
    R2 N360; C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
    R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-25] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
    R3 EuMusDesignVirtualAudioCableWdm_flx; C:\Windows\System32\DRIVERS\vacflxkd.sys [90880 2014-03-28] (Daniel Bigham)
    R1 IDSVia64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20140717.001\IDSVia64.sys [525016 2014-08-25] (Symantec Corporation)
    S3 NAVENG; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141103.034\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141103.034\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-02-12] (SMART Technologies) [File not signed]
    S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-02-12] (SMART Technologies) [File not signed]
    S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-02-12] (SMART Technologies ULC) [File not signed]
    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-09] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
    S3 usbrndis6; C:\Windows\system32\drivers\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-10 20:43 - 2015-01-10 20:45 - 00026074 _____ () C:\Users\Patrizia\Desktop\FRST.txt
    2015-01-10 02:26 - 2015-01-10 02:26 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
    2015-01-10 02:24 - 2015-01-10 02:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    2015-01-09 22:23 - 2015-01-09 22:22 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
    2015-01-09 21:18 - 2015-01-09 21:18 - 02124288 _____ (Farbar) C:\Users\Patrizia\Desktop\FRST64.exe
    2015-01-09 21:17 - 2015-01-09 21:17 - 00005973 _____ () C:\Users\Patrizia\Downloads\FixList.txt
    2015-01-09 18:02 - 2015-01-09 18:02 - 03822592 _____ () C:\Users\Patrizia\Downloads\Bernard_StudentSuccessDay.ppt
    2015-01-08 19:25 - 2015-01-08 19:27 - 00036918 _____ () C:\Users\Patrizia\Downloads\Addition.txt
    2015-01-08 19:22 - 2015-01-10 20:43 - 00000000 ____D () C:\FRST
    2015-01-08 19:22 - 2015-01-08 19:27 - 00058236 _____ () C:\Users\Patrizia\Downloads\FRST.txt
    2015-01-08 19:21 - 2015-01-08 19:21 - 02124288 _____ (Farbar) C:\Users\Patrizia\Downloads\FRST64.exe
    2015-01-08 19:21 - 2015-01-08 19:21 - 00244104 _____ () C:\Users\Patrizia\Downloads\Firefox Setup Stub 34.0.5 (1).exe
    2015-01-08 19:17 - 2015-01-08 19:17 - 00448512 _____ (OldTimer Tools) C:\Users\Patrizia\Downloads\TFC.exe
    2015-01-08 19:07 - 2015-01-08 19:07 - 00244104 _____ () C:\Users\Patrizia\Downloads\Firefox Setup Stub 34.0.5.exe
    2015-01-08 18:59 - 2015-01-08 18:59 - 00798080 _____ ( ) C:\Users\Patrizia\Downloads\FileOpenerSetup.exe
    2015-01-08 17:49 - 2015-01-08 17:49 - 00509440 _____ (Tech Support Guy System) C:\Users\Patrizia\Downloads\SysInfo (3).exe
    2015-01-08 17:48 - 2015-01-08 17:48 - 00509440 _____ (Tech Support Guy System) C:\Users\Patrizia\Downloads\SysInfo (2).exe
    2015-01-08 17:46 - 2015-01-08 17:47 - 00509440 _____ (Tech Support Guy System) C:\Users\Patrizia\Downloads\SysInfo (1).exe
    2015-01-08 17:46 - 2015-01-08 17:46 - 00509440 _____ (Tech Support Guy System) C:\Users\Patrizia\Downloads\SysInfo.exe
    2014-12-17 18:24 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-12-17 18:24 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-12-16 05:54 - 2014-12-16 05:54 - 00000000 ____D () C:\Users\Patrizia\AppData\Local\{D5A14F5C-54C8-4874-AB2F-573D1BFE6C03}
    2014-12-12 03:16 - 2014-12-12 03:16 - 00000000 ____D () C:\windows\system32\appraiser
    2014-12-12 03:02 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
    2014-12-12 03:02 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
    2014-12-12 03:02 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
    2014-12-12 03:02 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
    2014-12-12 03:02 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
    2014-12-12 03:02 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
    2014-12-12 03:02 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
    2014-12-12 03:02 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
    2014-12-12 03:02 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
    2014-12-12 03:02 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
    2014-12-11 23:09 - 2015-01-10 20:38 - 00104246 _____ () C:\windows\PFRO.log
    2014-12-11 23:09 - 2015-01-10 20:38 - 00002140 _____ () C:\windows\setupact.log
    2014-12-11 23:09 - 2014-12-11 23:09 - 00000000 _____ () C:\windows\setuperr.log
    2014-12-11 23:05 - 2014-12-11 23:05 - 00330144 _____ () C:\Users\Patrizia\Documents\cc_20141211_230505.reg
    2014-12-11 22:44 - 2014-12-11 22:44 - 00000000 ____D () C:\windows\pss
    2014-12-11 06:39 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-12-11 06:39 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-12-11 06:39 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-12-11 06:39 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
    2014-12-11 06:39 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-11 06:39 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-11 06:38 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-11 06:38 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-11 06:38 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-11 06:38 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-12-11 06:38 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-12-11 06:38 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-12-11 06:38 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-12-11 06:38 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-11 06:38 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-12-11 06:38 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-12-11 06:38 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-12-11 06:38 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-12-11 06:38 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-12-11 06:38 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-12-11 06:38 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-11 06:38 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-12-11 06:38 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-12-11 06:38 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-11 06:38 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-12-11 06:38 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-12-11 06:38 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-12-11 06:38 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-12-11 06:38 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-11 06:38 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-12-11 06:38 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-12-11 06:38 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-12-11 06:38 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-11 06:38 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-12-11 06:38 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-11 06:38 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-12-11 06:38 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-12-11 06:38 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-12-11 06:38 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-12-11 06:38 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-11 06:38 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-11 06:38 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-12-11 06:38 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-11 06:38 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-12-11 06:38 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-11 06:38 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-11 06:38 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-12-11 06:38 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-11 06:38 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-11 06:38 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-11 06:38 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-11 06:38 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-11 06:38 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-11 06:38 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-12-11 06:38 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-11 06:38 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-11 06:38 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-12-11 06:38 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-11 06:38 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-11 06:38 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-12-11 06:38 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
    2014-12-11 06:37 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-12-11 06:37 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2014-12-11 06:37 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
    2014-12-11 06:37 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
    2014-12-11 06:37 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
    2014-12-11 06:37 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
    2014-12-11 06:37 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
    2014-12-11 06:37 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
    2014-12-11 06:37 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
    2014-12-11 06:37 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
    2014-12-11 06:37 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-11 06:37 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
    2014-12-11 06:37 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
    2014-12-11 06:37 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-10 20:45 - 2010-11-02 04:44 - 01429074 _____ () C:\windows\WindowsUpdate.log
    2015-01-10 20:42 - 2014-06-25 22:29 - 00000000 ___RD () C:\Users\Patrizia\Dropbox
    2015-01-10 20:42 - 2014-06-25 22:26 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\Dropbox
    2015-01-10 20:39 - 2011-06-04 08:43 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-10 20:38 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-10 20:32 - 2011-06-04 08:43 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-10 20:02 - 2013-10-24 20:26 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728344445-2624263655-1912729208-1000UA.job
    2015-01-10 19:38 - 2012-04-07 12:33 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-10 08:25 - 2012-08-25 19:09 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\XBMC
    2015-01-10 08:03 - 2013-01-08 20:03 - 01897472 ___SH () C:\Users\Patrizia\Desktop\Thumbs.db
    2015-01-10 07:45 - 2014-04-21 06:32 - 00000000 ____D () C:\Users\Patrizia\Documents\websites
    2015-01-10 07:35 - 2013-10-29 16:47 - 00000000 ____D () C:\Users\Patrizia\Documents\Mothers day video Stick Around for One Min. and See What Made This Tough Mom Cry &#8211; FaithIt_files
    2015-01-10 02:25 - 2012-12-30 20:22 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
    2015-01-10 02:24 - 2014-04-08 20:23 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration
    2015-01-10 02:24 - 2014-04-08 20:23 - 00002479 _____ () C:\Users\Public\Desktop\Norton 360.lnk
    2015-01-09 22:45 - 2010-11-02 05:25 - 00000000 ____D () C:\ProgramData\Norton
    2015-01-09 22:22 - 2012-12-30 20:24 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    2015-01-09 22:02 - 2013-10-24 20:26 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728344445-2624263655-1912729208-1000Core.job
    2015-01-09 21:28 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-09 21:28 - 2009-07-13 23:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-09 21:21 - 2011-01-01 08:26 - 00000008 __RSH () C:\Users\Patrizia\ntuser.pol
    2015-01-09 21:21 - 2011-01-01 08:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-01-09 21:21 - 2010-12-25 23:52 - 00000000 ____D () C:\Users\Patrizia
    2015-01-09 21:19 - 2006-11-02 06:18 - 00000000 ___HD () C:\windows\system32\GroupPolicy
    2015-01-09 21:13 - 2013-06-05 08:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-09 21:10 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-09 21:07 - 2014-06-15 12:26 - 00000000 ____D () C:\Program Files (x86)\GoforFiles
    2015-01-09 21:01 - 2014-02-28 09:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-01-09 20:58 - 2012-12-31 09:08 - 00000000 ____D () C:\Users\Kids
    2015-01-09 20:58 - 2008-02-23 08:26 - 00000000 ____D () C:\Users\TEMP
    2015-01-08 19:09 - 2013-06-05 08:01 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-08 19:09 - 2013-06-05 08:01 - 00001122 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-01-08 19:09 - 2013-06-05 08:01 - 00000000 ____D () C:\Users\Patrizia\AppData\Local\Mozilla
    2015-01-08 19:09 - 2012-07-20 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-08 17:56 - 2011-01-17 00:14 - 00000000 ____D () C:\Program Files\WBFS
    2015-01-04 17:37 - 2011-02-21 15:05 - 00000000 ____D () C:\Users\Patrizia\Documents\Recipes
    2014-12-24 20:57 - 2014-06-25 22:27 - 00000000 ____D () C:\Users\Patrizia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-12-22 15:31 - 2009-07-14 00:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-15 20:18 - 2011-05-15 16:00 - 00000000 ____D () C:\Users\Patrizia\AppData\Local\CrashDumps
    2014-12-12 04:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
    2014-12-12 03:16 - 2014-05-07 05:55 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-12-12 03:16 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-12-12 03:16 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
    2014-12-12 03:13 - 2010-12-31 13:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-12 03:12 - 2013-07-18 09:38 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-12 03:04 - 2010-12-27 04:21 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    Some content of TEMP:
    ====================
    C:\Users\Patrizia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1jx1wa.dll
    C:\Users\Patrizia\AppData\Local\Temp\htmlayout.dll
    C:\Users\Patrizia\AppData\Local\Temp\uninstall98821141.exe
    C:\Users\Patrizia\AppData\Local\Temp\uninstall98821172.exe
    C:\Users\Patrizia\AppData\Local\Temp\uninstall98851097.exe
    C:\Users\Patrizia\AppData\Local\Temp\uninstall98851128.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-04 16:11

    ==================== End Of Log ============================
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    msteacher,
    Only one item in the Fix this time.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.
    ------------------------------------------------------------
    Java Issue
    You may want to read here before you decide whether to keep Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

    If You Decide to Keep it,
    Download and Install the latest versions of Java Runtime Environment
    from here :
    http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html, and install them to your computer.
    If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
    Check the button to agree to the license.
    Select the links for your Platform, both jre-8u25-windows-i586.exe and jre-8u25-windows-x64.exe
    Click them one at a time, download each and save them to your desktop.
    Then doubleclick each on your desktop, and they will install the newest versions of Java for you to use.

    During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
    When it finishes, you can remove the Installer(s) from your desktop.
    (I don't have any Java on my system).

    ---------------------------------------------------------------
    Avoid Unwanted Adware
    There are a couple seriously important tips about avoiding unwanted adware.
    Adware purveyors are getting more devious and unethical, so you have to be more diligent.

    • Never agree to download anything, if prompted to do so while Online.
      that goes for, "Your codec/browser/flash... needs to be updated to do this, blah, blah.."
      or "you need to first download the xyz.. program to do what you want".
      It's OK to download updates if prompted by legitimate suppliers, when the machine boots, while not yet online.

    • Don't download anything from sites known for adware bundling.
      For any online downloads, best avoid using CNET, Download.com, BrotherSoft, or Softonic
      They package their own "downloaders" and, without notice, deliver serious adware in addition to the desired programs.
      Unfortunately, the results may be disastrous for your machine.
      FileHippo and MajorGeeks have been better, so far, as sources for downloading software.
      The website of any program's original author is best of all.

    • Avoid Using P2P file sharing programs
      This includes µTorrent, Bearshare, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
      The Unethical have "planted" thousands upon thousands of infections and Adware items in the shared torrent files.

    You should be good to go.
    askey127
     

    Attached Files:

  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1140799

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice