Toshiba Satellite P845T-S4310 Laptop infected

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
I am requesting help with my daughters Toshiba Laptop. Her and her husband complained that they they have been infectected with a virus which does not allow them to go online now. I downloaded combofix to see if that would atleast get the the ability to get online to request help from your site, but now I see that combofix no longer supports Windows XP. I downloaded the system info and have pasted it below. I promised to try submitting it to you to see if you could help them clean their laptop. what would you recommend?


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 8096 Mb
Graphics Card: Intel(R) HD Graphics, -1988 Mb
Hard Drives: C: Total - 936545 MB, Free - 869466 MB; D: Total - 17220 MB, Free - 2151 MB;
Motherboard: Foxconn, 2ABF
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Please download Farbar Recovery Scan Tool 64bit and save it to a USB stick.

Please download MiniToolBox and save it to your USB stick.

Using the USB stick, please transfer the two programs to the Desktop of the 'infected' machine.

FRST
On the infected machine, run the following:
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy the log onto the USB stick and paste the log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also copy this log on to the USB stick and paste that along with the FRST.txt into your reply.

MiniToolBox
Double click on MiniToolBox.exe to run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go; the tool will create a log file on the desktop called Result.txt. Please copy Result.txt to the USB stick and post it in a reply here.

Information to Reply with >>>>
  • Any questions or concerns you may have for me.
  • The FRST.txt log text.
  • The Addition.txt log text.
  • The MiniToolBox Result.txt log text.


Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
DBreeze, thank you for helping me with my daughters Laptop. I know very little of what is going on but I notice they have a huge amount of junk programs that start on start up, all they've told me is They can't get online and they get multiple error messages. Thanks again for your help

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Leticia (administrator) on GUERRAFAMILY on 20-01-2015 17:40:30
Running from C:\Users\Leticia\Desktop
Loaded Profiles: Leticia (Available profiles: Leticia & michael)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Users\Leticia\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
() C:\Program Files (x86)\PennyBee\PennyBee.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
() C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
() C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
() C:\Users\Leticia\AppData\Local\fst_us_148\upfst_us_148.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe
(Exent Technologies Ltd.) C:\Program Files (x86)\Hoopla\GPlayer.exe
() C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Local Weather LLC) C:\Users\Leticia\AppData\Local\WeatherAlerts\WeatherAlerts.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Pay By Ads LTD) C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe
() C:\Program Files (x86)\findopolis\updatefindopolis.exe
() C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FileProperties_CompanyName) C:\Program Files (x86)\PalMall\PalMall-nova.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-06] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [Coupon Alert Home Page Guard 64 bit] => C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe [548936 2013-06-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2049896 2013-12-20] (YTDownloader)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe [3211776 2014-07-08] ()
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2014-03-16] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Coupon Alert Search Scope Monitor] => "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [CouponAlert_2p Browser Plugin Loader] => C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe [30096 2013-06-04] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [fst_us_148] => "C:\Program Files (x86)\fst_us_148\fst_us_148.exe"
HKLM-x32\...\RunOnce: [upfst_us_148.exe] => C:\Users\Leticia\AppData\Local\fst_us_148\upfst_us_148.exe [3352544 2014-07-07] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe [3211776 2014-07-08] ()
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Exetender] => C:\Program Files (x86)\Hoopla\GPlayer.exe [5043096 2014-03-05] (Exent Technologies Ltd.)
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Easy Speed PC] => C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Yahoo! Search] => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [634624 2014-12-21] (Pay By Ads LTD)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AddonNP.lnk
ShortcutTarget: AddonNP.lnk -> C:\Program Files (x86)\NewPlayer\AddonNP.exe ()
Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Leticia\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe ()
Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\Leticia\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files (x86)\FrostWire 5\FrostWire.exe (FrostWire)
Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-580940030-35127617-3160781262-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-580940030-35127617-3160781262-1001] => http=127.0.0.1:13828
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXITVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXITVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-580940030-35127617-3160781262-1001 - (No Name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXITVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXITVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321728&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP65083C4B-FD76-441B-98F1-9677FF492F31&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=bndl1_14_26&cd=2XzuyEtN2Y1L1Qzuzy0CyE0EtAyCyByCzz0DtBtCyCzyzy0DtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1Czu1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2StAzy0E0AyC0A0A0FtG0AyEtByEtGyBtA0AtBtGyCtBzzyBtGtAyBzy0A0B0A0CyD0CtD0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0FyEtByCtBtDyCtGzyyCtCyDtG0D0E0CtCtGzy0Fzz0FtGtBtC0A0ByEyCtB0CtC0B0DyC2Q&cr=460057618&ir=
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1Qzuzy0CyE0EtAyCyByCzz0DtBtCyCzyzy0DtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzztD0DtA0AyBtAtG0B0CtD0BtGyD0CyCzytGyBtAzyyEtGtCyEtB0CtBtCzztCzzyEyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0FyEtByCtBtDyCtGzyyCtCyDtG0D0E0CtCtGzy0Fzz0FtGtBtC0A0ByEyCtB0CtC0B0DyC2Q&cr=582362969&ir=
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {B45B6130-384E-452D-A2DB-0F3910B9CAB7} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=241
BHO: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: PalMall -> {11111111-1111-1111-1111-110511801132} -> C:\Program Files (x86)\PalMall\PalMall-bho64.dll (BND)
BHO: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho64.dll (Cinema Plus)
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll (Compete, Inc.)
BHO: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll (Innovative Apps)
BHO-x32: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll No File
BHO-x32: PalMall -> {11111111-1111-1111-1111-110511801132} -> C:\Program Files (x86)\PalMall\PalMall-bho.dll (BND)
BHO-x32: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho.dll (Cinema Plus)
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Toolbar BHO -> {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} -> C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll No File
BHO-x32: SearchDonkey -> {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> C:\Program Files (x86)\SearchDonkey\IE\common.dll (WebAppTech Coding, LLC)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: getsav-in 5.0 -> {57437FFF-AF43-472E-9BBD-41AA710B1297} -> C:\Users\michael\AppData\Local\getsav-in\ie\getsav-in_1368186302.dll ()
BHO-x32: Search Assistant BHO -> {60e91567-ef8a-4520-bce2-83aba5256799} -> C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: NetCrawl 1.0.0.5 -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlBHO.dll (NetCrawl)
BHO-x32: Playtopus Games -> {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} -> C:\Users\michael\AppData\Local\Playtopus\Playtopus.dll (Playtopus)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
BHO-x32: MyStart Toolbar -> {ccb24e92-62c4-4c53-95d2-65f9eed476bc} -> C:\Program Files (x86)\mystarttb\mystartDx.dll No File
BHO-x32: findopolis 1.0.0.5 -> {ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} -> C:\Program Files (x86)\findopolis\findopolisBHO.dll (findopolis)
BHO-x32: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" No File
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: PennyBee -> {ECCD8756-E877-457F-8C44-4EC20055DDB5} -> C:\Program Files (x86)\PennyBee\InternetExplorerBHO.dll No File
BHO-x32: No Name -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll No File
Toolbar: HKLM-x32 - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" No File
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll No File
Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> No Name - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - No File
Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Hoopla\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Hoopla\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-580940030-35127617-3160781262-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]_2p.com] - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2013-06-04]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Firefox\Extensions: [{8a1a43a3-ee9f-4fff-9c5c-b3063ee1f0e0}] - C:\Program Files (x86)\Re-markit-soft\157.xpi
FF HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,"
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-10]
CHR Extension: (YouTube) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10]
CHR Extension: (iWebar) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam [2014-07-10]
CHR Extension: (Search) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-10]
CHR Extension: (video MediaPlay-Air) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf [2014-07-10]
CHR Extension: (Safe Money) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-10]
CHR Extension: (MySearchDial) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-07-10]
CHR Extension: (Rocket New Tab) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-10]
CHR Extension: (Virtual Keyboard) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-10]
CHR Extension: (Kaspersky Protection) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Norton Identity Protection) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-07-10]
CHR Extension: (findopolis) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlbmmdblljkdkicbjdfplphhplkndeg [2014-12-21]
CHR Extension: (Gmail) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10]
CHR Extension: (Anti-Banner) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-10]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
CHR HKLM\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
CHR HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\michael\AppData\Local\Wajam\Chrome\wajam.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-03-16] (Kaspersky Lab ZAO)
R4 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-24] (Just Develop It) <==== ATTENTION
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-03-08] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-03-08] (ConsumerInput)
R4 CouponAlert_2pService; C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe [42504 2013-06-04] (COMPANYVERS_NAME)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [130104 2014-03-11] (Symantec Corporation)
R4 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-06-30] () [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2015-01-05] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R4 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [54272 2014-07-07] () [File not signed] <==== ATTENTION
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
R4 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe [195072 2014-03-08] () [File not signed] <==== ATTENTION
R4 servervo; C:\Users\Leticia\AppData\Roaming\VOPackage\VOsrv.exe [71680 2014-07-10] () [File not signed] <==== ATTENTION
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2708328 2014-08-27] (Search Module Ltd.)
S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-07-08] (ShopperPro)
R2 Update findopolis; C:\Program Files (x86)\findopolis\updatefindopolis.exe [529136 2015-01-05] ()
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [524576 2014-12-21] ()
R2 Util findopolis; C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe [529136 2015-01-05] ()
R4 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-16] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627296 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-16] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-16] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2014-03-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2014-03-16] (Kaspersky Lab ZAO)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42856 2014-08-27] ()
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R2 X5XSEx_Pr152; C:\Program Files (x86)\Hoopla\X5XSEx_Pr152.Sys [56584 2013-07-18] (Exent Technologies Ltd.)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)
R1 {173745cd-3937-468f-98f6-d68898d32d98}w64; C:\Windows\System32\drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys [48784 2015-01-05] (StdLib)
R1 {1de0dec0-675e-482f-a756-fd24c6796c8e}w64; C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys [48832 2014-12-17] (StdLib)
R4 sbmntr; \??\C:\Program Files (x86)\YTDownloader\sbmntr.sys [X]
R4 SPDRIVER_1.35.1.155; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [X]
R2 SPDRIVER_1.37.0.193; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 17:40 - 2015-01-20 17:41 - 00042779 _____ () C:\Users\Leticia\Desktop\FRST.txt
2015-01-20 17:39 - 2015-01-20 17:40 - 00000000 ____D () C:\FRST
2015-01-20 17:36 - 2015-01-19 22:46 - 00401920 _____ (Farbar) C:\Users\Leticia\Desktop\MiniToolBox (1).exe
2015-01-20 17:34 - 2015-01-19 22:44 - 02126848 _____ (Farbar) C:\Users\Leticia\Desktop\FRST64.exe
2015-01-05 22:51 - 2015-01-05 13:26 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys
2014-12-21 22:19 - 2014-12-21 22:19 - 00000000 ____D () C:\Users\Leticia\AppData\Roaming\ASP
2014-12-21 22:09 - 2014-12-21 22:09 - 00003506 _____ () C:\WINDOWS\System32\Tasks\Yahoo! Search
2014-12-21 22:08 - 2014-12-21 22:08 - 00003510 _____ () C:\WINDOWS\System32\Tasks\Yahoo! Search Updater
2014-12-21 22:08 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Leticia\AppData\Local\Pay-By-Ads
2014-12-21 22:08 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Leticia\AppData\Local\Local_Weather_LLC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 17:41 - 2014-03-08 08:32 - 00000390 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001.job
2015-01-20 17:37 - 2014-07-10 13:37 - 00001460 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7.job
2015-01-20 17:37 - 2014-03-21 02:06 - 01185822 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-20 17:36 - 2014-03-08 08:31 - 00000998 _____ () C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-01-20 17:32 - 2013-03-10 07:17 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 17:28 - 2014-04-02 11:18 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7EA05828-C408-4DC3-92FE-A0E8E0E8484C}
2015-01-20 17:25 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-18 09:17 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-18 09:16 - 2013-08-22 08:46 - 00326720 _____ () C:\WINDOWS\setupact.log
2015-01-18 09:13 - 2013-02-10 21:23 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-580940030-35127617-3160781262-1001
2015-01-18 09:01 - 2014-07-10 13:46 - 00001538 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7.job
2015-01-18 08:59 - 2013-02-11 00:16 - 00000000 ____D () C:\Users\Leticia\AppData\Local\CrashDumps
2015-01-18 08:57 - 2013-03-10 07:18 - 00002370 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-18 08:57 - 2013-02-10 21:15 - 00001593 _____ () C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-05 23:02 - 2013-06-22 17:53 - 00000000 ____D () C:\Program Files (x86)\PC Checkup
2015-01-05 22:53 - 2014-07-10 13:31 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2015-01-05 22:51 - 2014-12-17 13:49 - 00001350 _____ () C:\Users\Leticia\Desktop\Clean Registry for Free!.lnk
2015-01-05 22:50 - 2014-07-10 13:45 - 00000000 ____D () C:\Users\Leticia\AppData\Local\fst_us_148
2015-01-05 22:50 - 2014-07-10 13:21 - 00000000 ____D () C:\Program Files (x86)\findopolis
2015-01-05 22:50 - 2013-08-22 07:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-12-21 22:14 - 2014-03-08 10:14 - 00002520 _____ () C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job
2014-12-21 22:14 - 2014-03-08 10:13 - 00003438 _____ () C:\WINDOWS\Tasks\iWebar-chromeinstaller.job
2014-12-21 22:09 - 2014-03-16 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-21 22:08 - 2014-12-17 13:53 - 00003076 _____ () C:\WINDOWS\System32\Tasks\Advanced-System Protector_startup
2014-12-21 22:08 - 2014-07-10 13:33 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
2014-12-21 22:08 - 2014-04-02 11:17 - 00000000 __RDO () C:\Users\Leticia\SkyDrive
2014-12-21 22:08 - 2013-03-10 07:17 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00003830 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00003156 _____ () C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00002460 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00002240 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00001600 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00001600 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00001390 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00002140 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00002112 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00002112 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00001522 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00001336 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job
2014-12-21 22:07 - 2014-07-10 13:37 - 00003470 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job
2014-12-21 22:07 - 2014-07-10 13:37 - 00002814 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job
2014-12-21 22:07 - 2014-03-08 08:31 - 00000994 _____ () C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2014-12-21 22:06 - 2014-07-10 13:31 - 00000000 ____D () C:\Program Files (x86)\NetCrawl

==================== Files in the root of some directories =======
2014-07-10 13:31 - 2014-07-10 13:33 - 0001196 _____ () C:\Users\Leticia\AppData\Roaming\aps.scan.quick.results
2014-07-10 13:31 - 2014-07-10 13:33 - 0002934 _____ () C:\Users\Leticia\AppData\Roaming\aps.scan.results
2014-07-10 13:31 - 2014-07-10 13:33 - 0000320 _____ () C:\Users\Leticia\AppData\Roaming\aps.uninstall.scan.results
2014-07-10 13:31 - 2014-07-10 14:37 - 0573493 _____ (ClickMeIn Limited) C:\Users\Leticia\AppData\Local\AnyProtectScannerSetup.exe
2013-08-06 13:02 - 2013-08-06 13:02 - 0000095 _____ () C:\ProgramData\SAH_Install.ini

Some content of TEMP:
====================
C:\Users\Leticia\AppData\Local\Temp\ShopperProJSFull.exe
C:\Users\Leticia\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Leticia\AppData\Local\Temp\SPSetup.exe
C:\Users\Leticia\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_31441.exe
C:\Users\michael\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 23:00

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Leticia at 2015-01-20 17:41:33
Running from C:\Users\Leticia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.14452 - systweak.com) <==== ATTENTION
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C0F01}) (Version: 12.15.1.17 - APN, LLC) <==== ATTENTION
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon MX510 series User Registration (HKLM-x32\...\Canon MX510 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cinema-Plus-1.2 (HKLM-x32\...\Cinema-Plus-1.2) (Version: 1.34.7.1 - Cinema Plus) <==== ATTENTION
ClearViewSE (HKLM-x32\...\{67E80218-05FB-45B3-852F-AF06908A1014}) (Version: 5.5.0 - Happy Bytes LLC)
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
CouponAlert Toolbar (HKLM-x32\...\CouponAlert_2pbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopWeatherAlerts (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD) <==== ATTENTION
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FastAgain PC Booster (HKLM-x32\...\FastAgain PC Booster_is1) (Version: 1.0 - Activeris) <==== ATTENTION
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
findopolis (HKLM\...\findopolis) (Version: 2014.07.10.160549 - findopolis) <==== ATTENTION!
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
FreeSoftToday 025.148 (HKLM-x32\...\fst_us_148_is1) (Version: - FREESOFTTODAY) <==== ATTENTION
FrostWire 5.6.8 (HKLM-x32\...\FrostWire 5) (Version: 5.6.8.1 - FrostWire LLC)
getsav-in (HKLM-x32\...\getsav-in) (Version: 1.1368186317 - Adpeak, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hoopla (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
iWebar (HKLM-x32\...\iWebar) (Version: 1.34.2.13 - iWebar) <==== ATTENTION!
JFileManager (HKLM-x32\...\JFileManager) (Version: v1.0.0.1 - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LibreOffice 3.5 (HKLM-x32\...\{EF790F1C-CB0C-4B95-8C54-60783F3B6661}) (Version: 3.5.4.2 - The Document Foundation)
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader)
Microsoft SkyDrive (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
Mysearchdial (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION!
MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.4.1.4 - Visicom Media Inc.)
NetCrawl (HKLM\...\NetCrawl) (Version: 2014.07.10.161444 - NetCrawl) <==== ATTENTION!
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.2.1 - ) <==== ATTENTION
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.43 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
PalMall (HKLM-x32\...\PalMall) (Version: 1.34.7.1 - BND)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PennyBee (HKLM-x32\...\PennyBee) (Version: 1.00.00.00 - PennyBee) <==== ATTENTION!
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - systweak.com) <==== ATTENTION
Re-markit (HKLM-x32\...\1366f773-3476-4d68-acc0-219e692e6fd3) (Version: - Re-markit Software) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
Rocket (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
SavetheChildren Reminder by We-Care.com v4.1.22.4 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.4 - We-Care.com)
Search module (HKLM-x32\...\Search module) (Version: - Search Module) <==== ATTENTION!
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.13.48 - Client Connect LTD) <==== ATTENTION
SearchDonkey (HKLM-x32\...\SearchDonkey) (Version: 2.5.91 - WebAppTech Coding, LLC) <==== ATTENTION
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\{91111a15-7be0-41a5-b756-644a8f10085b}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Solid Savings (HKLM-x32\...\Solid Savings) (Version: 1.27.153.0 - Innovative Apps)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.9 - Uniblue Systems Limited) <==== ATTENTION
SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4700 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM\...\TosPU_is1) (Version: 0.0.64.19B - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B483D427-9702-4BE1-B171-756D0C3E230E}) (Version: 2.4.6 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.18.82 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
video MediaPlay-Air (HKLM-x32\...\video MediaPlay-Air) (Version: 1.34.7.1 - enter) <==== ATTENTION
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wajam (HKLM-x32\...\Wajam) (Version: 1.79 - Wajam) <==== ATTENTION!
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
WSE Rocket (HKLM-x32\...\WSE Rocket) (Version: - WSE Rocket) <==== ATTENTION!
Yahoo! Search (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== ATTENTION
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

17-12-2014 05:27:56 Windows Update
05-01-2015 23:06:36 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05BA58FC-E08D-461E-B55A-FCEF0DC33154} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {06A8DB4B-697B-4937-A068-F07D3CDF4853} - System32\Tasks\iWebar-chromeinstaller => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe <==== ATTENTION
Task: {0764F78F-264B-4817-AFAE-90D757395FA8} - System32\Tasks\{E5428C95-CA2F-40EF-961A-A50957D5AFCD} => pcalua.exe -a "C:\Program Files (x86)\FMS\Uninstall.exe"
Task: {0B9DE1FD-6C98-4658-B995-F485959034C2} - System32\Tasks\SPBIW_UpdateTask_Time_333836343835303334352d2d5b50342a4155456c5a236c => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {0EC8C596-E560-4896-8725-FB0CCDE72253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {121CD599-9FDE-4C4D-A726-6D7440767531} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1 => C:\Program Files (x86)\PalMall\PalMall-codedownloader.exe [2014-07-10] (BND) <==== ATTENTION
Task: {127F24EA-D86D-48DC-A28F-DB5AA16F8E4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {16229990-4EAF-4D96-AEBA-AB7FA0AC9D4A} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe [2014-07-10] (BND) <==== ATTENTION
Task: {17965C67-2C46-4B4C-A453-002C32CE88D0} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-03-08] (ConsumerInput) <==== ATTENTION
Task: {285B017D-14AB-4DE4-8374-FA4A703FA34F} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {2930FB7C-EB87-46CD-BC4B-824B9D4979C3} - System32\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-11-26] () <==== ATTENTION
Task: {29F60423-AF23-4493-83A0-73A4F892E4D8} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {2BC6A59F-CA65-42E2-9F99-D74285AE19D8} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-11.exe [2014-07-10] (BND) <==== ATTENTION
Task: {2E8E3D23-1F09-4B15-8EAF-FDF5353E7679} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-2.exe [2014-07-10] (BND) <==== ATTENTION
Task: {331D2001-C1B4-466F-9D84-F2DABC4DC27D} - System32\Tasks\Updater26278.exe => C:\Users\michael\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: {37D99F27-D4AE-4635-A258-40294D5C787C} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe <==== ATTENTION
Task: {3FF9023A-3D72-46D6-8A8A-5FD3012D7697} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2015-01-05] (Symantec Corporation)
Task: {41233670-5E85-4A6E-B050-39EEB0DAEBEE} - System32\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-11-26] () <==== ATTENTION
Task: {41978C42-8932-4E56-A176-012B8111F094} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {42719407-214D-4D8A-BC82-8CFA2F5BFB63} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-4.exe [2014-07-10] (BND) <==== ATTENTION
Task: {48BA66C5-9CE5-4F6C-9B0C-7F91D9CBE1D5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {60E68DCF-CA13-40CC-AFC2-CADABCC81EFB} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {6157D02B-B06E-481B-B9DE-B6BF5D9E3646} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6C59312F-3E0C-46D2-9043-0D85E52B9485} - System32\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {733F4A68-09B5-45DB-90DE-2AA2C8621D00} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {7613DA2A-23C5-4EB6-B4BA-CD8873A5F804} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {79524917-C578-4213-82D3-82BD2487BCC2} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-11.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {80730C5E-5979-443F-AF57-8764F688DE02} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {86F14AD5-AEE3-43DC-B1AA-7ADE31829B4A} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-11] (Systweak)
Task: {931367DF-98DD-4FA5-A3AE-AAC77F7A6B25} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-4.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {A4EA2991-D0EA-4538-B5E6-1B00D1B7D584} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-12-09] () <==== ATTENTION
Task: {A7D3A41C-2C1A-43E6-BA3D-FBEE3D6B2CB3} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {AA29CA7A-D0D4-493E-AEA7-537FCEE051F9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {ACF03591-CAAA-4893-9852-26CAEE647C1D} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {B76D503E-28B5-4F6E-9C84-D817454EB592} - System32\Tasks\iWebar-firefoxinstaller => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe <==== ATTENTION
Task: {C94A7158-F559-4C74-ACAD-362157ADDB2F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)
Task: {CC3DB9BC-6B77-41F4-A297-B5261BD9793A} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-03-08] (ConsumerInput) <==== ATTENTION
Task: {DE50D567-8466-439B-B1D5-DE6DE7CD057F} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-3.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {E2A4AA41-14D6-41C2-9BDC-5F21B97346BB} - System32\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3 => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.exe [2014-07-10] (enter) <==== ATTENTION
Task: {E3E359BD-21F1-403E-A745-D1E0BA925049} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {EDF770DA-FE8D-43C5-BAA1-810147FEE27B} - System32\Tasks\Yahoo! Search Updater => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrsetup.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION
Task: {EEA0FC31-811F-4D14-86AD-53F73EB27D8E} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe [2014-07-10] (BND) <==== ATTENTION
Task: {F7A9DCD4-1569-49E3-AFA8-65865697C144} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7 => C:\Program Files (x86)\PalMall\PalMall-nova.exe [2014-10-06] (FileProperties_CompanyName) <==== ATTENTION
Task: {FB804D2A-5867-41B3-BD6C-0A0CAD6D3610} - System32\Tasks\Yahoo! Search => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION
Task: {FC5B2C3D-8693-4E07-BE3D-E0E04438AF8B} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6 => C:\Program Files (x86)\PalMall\PalMall-nova.exe [2014-10-06] (FileProperties_CompanyName) <==== ATTENTION
Task: C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.job => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job => C:\Program Files (x86)\PalMall\PalMall-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job => C:\Program Files (x86)\PalMall\PalMall-nova.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7.job => C:\Program Files (x86)\PalMall\PalMall-nova.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\iWebar-chromeinstaller.job => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-03-08 08:30 - 2014-03-08 08:30 - 00195072 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe
2010-04-18 07:32 - 2010-04-18 07:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-07-10 13:19 - 2014-07-10 13:19 - 00071680 _____ () C:\Users\Leticia\AppData\Roaming\VOPackage\VOsrv.exe
2014-06-30 04:16 - 2014-06-30 04:16 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-07-07 07:55 - 2014-07-07 07:55 - 00054272 _____ () C:\Program Files (x86)\PennyBee\PennyBee.exe
2014-07-10 10:14 - 2014-12-21 22:05 - 00524576 _____ () C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
2014-12-17 13:53 - 2014-12-09 13:48 - 06715176 _____ () C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
2013-06-04 10:28 - 2013-06-04 10:28 - 00292424 _____ () C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegratorStub64.dll
2014-07-10 13:45 - 2014-07-07 11:33 - 03352544 _____ () C:\Users\Leticia\AppData\Local\fst_us_148\upfst_us_148.exe
2013-11-04 18:22 - 2013-11-04 18:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-04 17:01 - 2012-08-04 17:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2012-08-13 21:13 - 2012-08-13 21:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2014-11-26 05:38 - 2014-11-26 05:38 - 01111936 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2013-06-04 10:28 - 2013-06-04 10:28 - 00548936 _____ () C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe
2013-06-04 10:28 - 2013-06-04 10:28 - 00442952 _____ () C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\HPG64.DLL
2014-02-21 19:05 - 2014-02-21 19:05 - 00317720 ____N () C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
2013-08-22 01:19 - 2013-08-22 00:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 01:19 - 2013-08-22 00:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2013-08-22 01:19 - 2013-08-22 00:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2014-07-10 10:07 - 2015-01-05 22:53 - 00529136 _____ () C:\Program Files (x86)\findopolis\updatefindopolis.exe
2014-12-17 13:32 - 2015-01-05 22:56 - 00529136 _____ () C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 20:39 - 2014-03-16 09:40 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-11-12 07:17 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-17 13:54 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2014-12-17 13:53 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\ASP\System.Data.SQLite.dll
2014-12-17 13:53 - 2014-12-09 13:48 - 01730856 _____ () C:\Program Files (x86)\ASP\aspsys.dll
2014-12-17 13:53 - 2012-07-25 12:03 - 00168448 _____ () C:\Program Files (x86)\ASP\UNRAR.DLL
2014-12-17 13:53 - 2014-12-09 13:48 - 00064296 _____ () C:\Program Files (x86)\ASP\ScanDll.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-08-17 20:40 - 2012-08-17 20:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Leticia\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\michael\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Coupon Alert Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"

========================= Accounts: ==========================

Administrator (S-1-5-21-580940030-35127617-3160781262-500 - Administrator - Disabled)
Guest (S-1-5-21-580940030-35127617-3160781262-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-580940030-35127617-3160781262-1003 - Limited - Enabled)
Leticia (S-1-5-21-580940030-35127617-3160781262-1001 - Administrator - Enabled) => C:\Users\Leticia
michael (S-1-5-21-580940030-35127617-3160781262-1004 - Administrator - Enabled) => C:\Users\michael

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 09:11:29 AM) (Source: MsiInstaller) (EventID: 10005) (User: GUERRAFAMILY)
Description: Product: iTunes -- A later version of iTunes is already installed on this computer.

Error: (01/18/2015 08:59:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.16384, time stamp: 0x5215d806
Exception code: 0xc000027b
Fault offset: 0x0000000000056960
Faulting process id: 0x1174c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (12/21/2014 10:05:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xec58
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (12/17/2014 01:55:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program speedupmypc.exe version 6.0.3.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bd4

Start Time: 01d01a3279272282

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe

Report Id: b0ded71d-8626-11e4-be9b-001edef8f426

Faulting package full name:

Faulting package-relative application ID:

Error: (12/17/2014 05:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0x4358
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (12/17/2014 05:27:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29484

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29484

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2014 06:17:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14047


System errors:
=============
Error: (01/20/2015 05:42:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:42:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:42:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:42:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:42:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:42:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:42:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:42:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:41:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:41:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.


Microsoft Office Sessions:
=========================
Error: (01/18/2015 09:11:29 AM) (Source: MsiInstaller) (EventID: 10005) (User: GUERRAFAMILY)
Description: Product: iTunes -- A later version of iTunes is already installed on this computer.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/18/2015 08:59:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.163845215d806c000027b00000000000569601174c01d0332ef0dda404C:\WINDOWS\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll96035cdd-9f22-11e4-be9b-001edef8f42654490MartinSuchan.APOD_2.0.0.0_neutral__aabn1bapetf12App

Error: (12/21/2014 10:05:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: spbia.exe1.0.0.453bba89cspbia.exe1.0.0.453bba89cc0000005000000000000a746ec5801d01d9c6c45b8c2C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exed15ddb2c-898f-11e4-be9b-001edef8f426

Error: (12/17/2014 01:55:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: speedupmypc.exe6.0.3.91bd401d01a32792722824294967295C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exeb0ded71d-8626-11e4-be9b-001edef8f426

Error: (12/17/2014 05:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: spbia.exe1.0.0.453bba89cspbia.exe1.0.0.453bba89cc0000005000000000000a746435801d019ec535eda88C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exebae7a100-85df-11e4-be9b-001edef8f426

Error: (12/17/2014 05:27:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29484

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29484

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2014 06:17:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14047


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 33%
Total physical RAM: 6045.84 MB
Available physical RAM: 4034.21 MB
Total Pagefile: 7005.84 MB
Available Pagefile: 4011.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI10650100G) (Fixed) (Total:687.99 GB) (Free:589.47 GB) NTFS
Drive d: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.38 GB) FAT32
Drive e: (Letty) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A03A30D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End Of Log ============================
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
MiniToolBox by Farbar Version: 30-11-2014
Ran by Leticia (administrator) on 20-01-2015 at 17:50:36
Running from "C:\Users\Leticia\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:13828
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel(R) Centrino(R) Wireless-N 2200 = Wi-Fi (Connected)
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.2.103 metric=1 publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=10.241.128.74 metric=1 publish=Yes
set interface interface="Ethernet-WFP Native MAC Layer LightWeight Filter-0000" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Guerrafamily
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : attlocal.net

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 9C-4E-36-76-8D-21
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 2200
Physical Address. . . . . . . . . : 9C-4E-36-76-8D-20
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:306:b830:3160:e503:c25f:caee:cf39(Preferred)
Link-local IPv6 Address . . . . . : fe80::e503:c25f:caee:cf39%4(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 20, 2015 5:25:15 PM
Lease Expires . . . . . . . . . . : Wednesday, January 21, 2015 5:25:15 PM
Default Gateway . . . . . . . . . : fe80::96c1:50ff:fe4f:b301%4
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 329010742
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-32-B0-27-00-1E-DE-F8-F4-26
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
Physical Address. . . . . . . . . : 00-1E-DE-F8-F4-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:383e:3027:3f57:febf(Preferred)
Link-local IPv6 Address . . . . . : fe80::383e:3027:3f57:febf%8(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-32-B0-27-00-1E-DE-F8-F4-26
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.attlocal.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4000:805::1003
74.125.227.206
74.125.227.194
74.125.227.200
74.125.227.196
74.125.227.198
74.125.227.193
74.125.227.199
74.125.227.195
74.125.227.192
74.125.227.201
74.125.227.197


Pinging google.com [2607:f8b0:4000:805::1003] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 2607:f8b0:4000:805::1003:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=97ms TTL=46
Reply from 206.190.36.45: bytes=32 time=96ms TTL=46

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 96ms, Maximum = 97ms, Average = 96ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...9c 4e 36 76 8d 21 ......Microsoft Wi-Fi Direct Virtual Adapter
4...9c 4e 36 76 8d 20 ......Intel(R) Centrino(R) Wireless-N 2200
2...00 1e de f8 f4 26 ......Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
1...........................Software Loopback Interface 1
8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 281
192.168.1.64 255.255.255.255 On-link 192.168.1.64 281
192.168.1.255 255.255.255.255 On-link 192.168.1.64 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.2.103 1
169.254.0.0 255.255.0.0 10.241.128.74 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
4 281 ::/0 fe80::96c1:50ff:fe4f:b301
1 306 ::1/128 On-link
8 306 2001::/32 On-link
8 306 2001:0:5ef5:79fd:383e:3027:3f57:febf/128
On-link
4 281 2602:306:b830:3160::/64 On-link
4 281 2602:306:b830:3160:e503:c25f:caee:cf39/128
On-link
4 281 fe80::/64 On-link
8 306 fe80::/64 On-link
8 306 fe80::383e:3027:3f57:febf/128
On-link
4 281 fe80::e503:c25f:caee:cf39/128
On-link
1 306 ff00::/8 On-link
4 281 ff00::/8 On-link
8 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/18/2015 09:11:29 AM) (Source: MsiInstaller) (User: GUERRAFAMILY)
Description: Product: iTunes -- A later version of iTunes is already installed on this computer.

Error: (01/18/2015 08:59:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.16384, time stamp: 0x5215d806
Exception code: 0xc000027b
Fault offset: 0x0000000000056960
Faulting process id: 0x1174c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (12/21/2014 10:05:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0xec58
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (12/17/2014 01:55:47 PM) (Source: Application Hang) (User: )
Description: The program speedupmypc.exe version 6.0.3.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bd4

Start Time: 01d01a3279272282

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe

Report Id: b0ded71d-8626-11e4-be9b-001edef8f426

Faulting package full name:

Faulting package-relative application ID:

Error: (12/17/2014 05:27:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0x4358
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (12/17/2014 05:27:19 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29484

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29484

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2014 06:17:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14047


System errors:
=============
Error: (01/20/2015 05:50:49 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:49 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:38 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (01/20/2015 05:50:38 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.


Microsoft Office Sessions:
=========================
Error: (01/18/2015 09:11:29 AM) (Source: MsiInstaller)(User: GUERRAFAMILY)
Description: Product: iTunes -- A later version of iTunes is already installed on this computer.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/18/2015 08:59:23 AM) (Source: Application Error)(User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.163845215d806c000027b00000000000569601174c01d0332ef0dda404C:\WINDOWS\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll96035cdd-9f22-11e4-be9b-001edef8f42654490MartinSuchan.APOD_2.0.0.0_neutral__aabn1bapetf12App

Error: (12/21/2014 10:05:52 PM) (Source: Application Error)(User: )
Description: spbia.exe1.0.0.453bba89cspbia.exe1.0.0.453bba89cc0000005000000000000a746ec5801d01d9c6c45b8c2C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exed15ddb2c-898f-11e4-be9b-001edef8f426

Error: (12/17/2014 01:55:47 PM) (Source: Application Hang)(User: )
Description: speedupmypc.exe6.0.3.91bd401d01a32792722824294967295C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exeb0ded71d-8626-11e4-be9b-001edef8f426

Error: (12/17/2014 05:27:49 AM) (Source: Application Error)(User: )
Description: spbia.exe1.0.0.453bba89cspbia.exe1.0.0.453bba89cc0000005000000000000a746435801d019ec535eda88C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exebae7a100-85df-11e4-be9b-001edef8f426

Error: (12/17/2014 05:27:19 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29484

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29484

Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2014 06:17:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14047



=========================== Installed Programs ============================
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.14452 - systweak.com)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C0F01}) (Version: 12.15.1.17 - APN, LLC)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon MX510 series User Registration (HKLM-x32\...\Canon MX510 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp)
Cinema-Plus-1.2 (HKLM-x32\...\Cinema-Plus-1.2) (Version: 1.34.7.1 - Cinema Plus)
ClearViewSE (HKLM-x32\...\{67E80218-05FB-45B3-852F-AF06908A1014}) (Version: 5.5.0 - Happy Bytes LLC)
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
CouponAlert Toolbar (HKLM-x32\...\CouponAlert_2pbar Uninstall) (Version: - Mindspark Interactive Network)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC)
Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FastAgain PC Booster (HKLM-x32\...\FastAgain PC Booster_is1) (Version: 1.0 - Activeris)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
findopolis (HKLM\...\findopolis) (Version: 2014.07.10.160549 - findopolis)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
FreeSoftToday 025.148 (HKLM-x32\...\fst_us_148_is1) (Version: - FREESOFTTODAY)
FrostWire 5.6.8 (HKLM-x32\...\FrostWire 5) (Version: 5.6.8.1 - FrostWire LLC)
getsav-in (HKLM-x32\...\getsav-in) (Version: 1.1368186317 - Adpeak, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hoopla (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
iWebar (HKLM-x32\...\iWebar) (Version: 1.34.2.13 - iWebar)
JFileManager (HKLM-x32\...\JFileManager) (Version: v1.0.0.1 - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LibreOffice 3.5 (HKLM-x32\...\{EF790F1C-CB0C-4B95-8C54-60783F3B6661}) (Version: 3.5.4.2 - The Document Foundation)
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden
Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup)
Mysearchdial (HKCU\...\mysearchdial) (Version: - Mysearchdial)
MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.4.1.4 - Visicom Media Inc.)
NetCrawl (HKLM\...\NetCrawl) (Version: 2014.07.10.161444 - NetCrawl)
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.2.1 - )
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.43 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
PalMall (HKLM-x32\...\PalMall) (Version: 1.34.7.1 - BND)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PennyBee (HKLM-x32\...\PennyBee) (Version: 1.00.00.00 - PennyBee)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - systweak.com)
Re-markit (HKLM-x32\...\1366f773-3476-4d68-acc0-219e692e6fd3) (Version: - Re-markit Software)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
Rocket (HKCU\...\Rocket) (Version: 31.0.1650.23 - Rocket)
SavetheChildren Reminder by We-Care.com v4.1.22.4 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.4 - We-Care.com)
Search module (HKLM-x32\...\Search module) (Version: - Search Module)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.13.48 - Client Connect LTD)
SearchDonkey (HKLM-x32\...\SearchDonkey) (Version: 2.5.91 - WebAppTech Coding, LLC)
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - )
Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.)
Snap.Do Engine (HKCU\...\{91111a15-7be0-41a5-b756-644a8f10085b}) (Version: 11.77.1.18240 - ReSoft Ltd.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - )
Solid Savings (HKLM-x32\...\Solid Savings) (Version: 1.27.153.0 - Innovative Apps)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.9 - Uniblue Systems Limited)
SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4700 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM\...\TosPU_is1) (Version: 0.0.64.19B - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B483D427-9702-4BE1-B171-756D0C3E230E}) (Version: 2.4.6 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.18.82 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC)
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
video MediaPlay-Air (HKLM-x32\...\video MediaPlay-Air) (Version: 1.34.7.1 - enter)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wajam (HKLM-x32\...\Wajam) (Version: 1.79 - Wajam)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
WSE Rocket (HKLM-x32\...\WSE Rocket) (Version: - WSE Rocket)
Yahoo! Search (HKCU\...\Yahoo! Search) (Version: - Pay-By-Ads)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 6045.84 MB
Available physical RAM: 4057.46 MB
Total Pagefile: 7005.84 MB
Available Pagefile: 4028.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.27 MB

========================= Partitions: =====================================

1 Drive c: (TI10650100G) (Fixed) (Total:687.99 GB) (Free:589.47 GB) NTFS
2 Drive d: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.38 GB) FAT32
3 Drive e: (Letty) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\GUERRAFAMILY

Administrator Guest Leticia
michael

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
We have a lot of work to do on this system. You may want to print out these instructions if you can (or at least write down the list of programs to uninstall).

STEP1 - Manual Uninstalls

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Advanced-System Protector
AnyProtect
Ask Shopping Toolbar
Catalina Savings Printer
Cinema-Plus-1.2
Consumer Input (remove only)
Coupon Printer for Windows
CouponAlert Toolbar
DesktopWeatherAlerts
Easy Speed PC
FastAgain PC Booster
findopolis
FreeSoftToday 025.148
FrostWire 5.6.8
getsav-in
Hoopla
MyPC Backup
Mysearchdial
MyStart Toolbar
NetCrawl
NewPlayer
Optimizer Pro v3.2
PalMall
PricePeep
RegClean-Pro
Re-markit
Remote Desktop Access
Rocket
SavetheChildren Reminder by We-Care.com v4.1.22.4
Search module
SearchDonkey
Shopper-Pro
Snap.Do
Snap.Do Engine
Software Version Updater
Solid Savings
SpeedUpMyPC
Uninstall Helper
video MediaPlay-Air
Wajam
WSE Rocket
Yahoo! Search
YTDownloader


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Also if the software will not uninstall, just make a note of that software and move onto the next on the list. We will get them one way or the other but this can make the job easier somewhat.


STEP2 - Run a FRST Fixlist script


Download the attached fixlist.txt file (located at the bottom of this post) and save it to the USB stick and then transfer it to the Desktop of the infected machine.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

NOTE: Please disable your AntiVirus while the Fixlist process is running. When the process is done (the system restarted and the log file made) you can enable the AntiVirus then.

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy that file to the USB stick (if the system still does not have internet access) to post it a reply here.


STEP3 - Rescan with FRST to check for leftovers

We need to get a fresh scan from FRST.
  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

In this case, if the system still does not have internet access then copy the two new log files (FRST.txt and Addition.txt) to the USB stick and post them here.



Information to Reply with >>>>
  • How did the uninstalls go?
  • The Fixlog.txt log file text.
  • The new FRST.txt log file text
  • The new Addition.txt log file text
  • How is the system running now?
 

Attachments

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
David, Yes I do, had several serious family issues come up. I will continue working on it. Still haven't removed all of the programs. Please give me a bit more, thank you for your patience!
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
Not a problem as real world always comes first and this comes second. Reply when you can.
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
thank you for your patience, I ran the FRST here is the first log


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Leticia (administrator) on GUERRAFAMILY on 22-03-2015 17:22:08
Running from D:\
Loaded Profiles: Leticia (Available profiles: Leticia & michael)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Farbar) D:\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-06] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2014-03-16] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321728&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP65083C4B-FD76-441B-98F1-9677FF492F31&q={searchTerms}&SSPV=
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-16] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-16] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-02] (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-16] (Kaspersky Lab ZAO)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2013-05-01] (Yahoo! Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-16] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-16] (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-02] (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-16] (Kaspersky Lab ZAO)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-02] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2013-05-01] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-06-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-03-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www-search.net/?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR Profile: C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-10]
CHR Extension: (YouTube) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-10]
CHR Extension: (Safe Money) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-10]
CHR Extension: (Virtual Keyboard) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-10]
CHR Extension: (Wajam) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2015-01-21]
CHR Extension: (Google Wallet) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Gmail) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10]
CHR Extension: (Anti-Banner) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-03-16] (Kaspersky Lab ZAO)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [130104 2014-03-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2015-01-06] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-16] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627296 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-16] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-16] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2014-03-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2014-03-16] (Kaspersky Lab ZAO)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 21:38 - 2015-03-18 21:38 - 00000615 _____ () C:\Users\Leticia\Desktop\Fixlist - Shortcut.lnk
2015-03-18 21:24 - 2015-03-18 21:24 - 00000642 _____ () C:\Users\Leticia\Desktop\FRST64 (1) - Shortcut.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 17:22 - 2015-01-20 18:39 - 00000000 ____D () C:\FRST
2015-03-22 17:22 - 2014-03-21 03:06 - 01421339 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-22 17:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-18 22:33 - 2013-03-10 08:17 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 21:54 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-18 21:51 - 2014-03-16 10:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-18 21:50 - 2014-05-14 01:33 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-18 21:50 - 2014-04-02 12:17 - 00000000 __RDO () C:\Users\Leticia\SkyDrive
2015-03-18 21:50 - 2013-03-10 08:17 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 21:49 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-18 21:48 - 2013-11-14 02:20 - 00177546 _____ () C:\WINDOWS\PFRO.log
2015-03-18 21:48 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-18 21:48 - 2012-09-11 01:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-18 21:41 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-18 21:22 - 2013-08-22 09:46 - 00327514 _____ () C:\WINDOWS\setupact.log
2015-03-18 20:36 - 2013-02-10 22:23 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-580940030-35127617-3160781262-1001
2015-03-18 20:31 - 2013-05-10 06:49 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin

==================== Files in the root of some directories =======

2014-07-10 14:31 - 2014-07-10 14:33 - 0001196 _____ () C:\Users\Leticia\AppData\Roaming\aps.scan.quick.results
2014-07-10 14:31 - 2014-07-10 14:33 - 0002934 _____ () C:\Users\Leticia\AppData\Roaming\aps.scan.results
2014-07-10 14:31 - 2014-07-10 14:33 - 0000320 _____ () C:\Users\Leticia\AppData\Roaming\aps.uninstall.scan.results
2013-08-06 14:02 - 2013-08-06 14:02 - 0000095 _____ () C:\ProgramData\SAH_Install.ini

Some content of TEMP:
====================
C:\Users\Leticia\AppData\Local\Temp\res.dll
C:\Users\Leticia\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-18 22:02

==================== End Of Log ============================
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Leticia at 2015-03-22 17:22:52
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon MX510 series User Registration (HKLM-x32\...\Canon MX510 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
ClearViewSE (HKLM-x32\...\{67E80218-05FB-45B3-852F-AF06908A1014}) (Version: 5.5.0 - Happy Bytes LLC)
CouponAlert Toolbar (HKLM-x32\...\CouponAlert_2pbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopWeatherAlerts (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD) <==== ATTENTION
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
iWebar (HKLM-x32\...\iWebar) (Version: 1.34.2.13 - iWebar) <==== ATTENTION
JFileManager (HKLM-x32\...\JFileManager) (Version: v1.0.0.1 - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LibreOffice 3.5 (HKLM-x32\...\{EF790F1C-CB0C-4B95-8C54-60783F3B6661}) (Version: 3.5.4.2 - The Document Foundation)
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader)
Microsoft SkyDrive (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mysearchdial (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION
MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.4.1.4 - Visicom Media Inc.)
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.2.1 - ) <==== ATTENTION
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.43 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PennyBee (HKLM-x32\...\PennyBee) (Version: 1.00.00.00 - PennyBee) <==== ATTENTION!
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Re-markit (HKLM-x32\...\1366f773-3476-4d68-acc0-219e692e6fd3) (Version: - Re-markit Software) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
Rocket (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.13.48 - Client Connect LTD) <==== ATTENTION
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\{91111a15-7be0-41a5-b756-644a8f10085b}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.9 - Uniblue Systems Limited) <==== ATTENTION
SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4700 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM\...\TosPU_is1) (Version: 0.0.64.19B - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B483D427-9702-4BE1-B171-756D0C3E230E}) (Version: 2.4.6 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.18.82 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wajam (HKLM-x32\...\Wajam) (Version: 1.79 - Wajam) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
WSE Rocket (HKLM-x32\...\WSE Rocket) (Version: - WSE Rocket) <==== ATTENTION!
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

21-01-2015 19:46:25 Removed SavetheChildren Reminder by We-Care.com v4.1.22.4
18-03-2015 20:31:05 Removed Uninstall Helper
18-03-2015 21:41:06 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05BA58FC-E08D-461E-B55A-FCEF0DC33154} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {0EC8C596-E560-4896-8725-FB0CCDE72253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {127F24EA-D86D-48DC-A28F-DB5AA16F8E4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {3FF9023A-3D72-46D6-8A8A-5FD3012D7697} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2015-01-06] (Symantec Corporation)
Task: {6157D02B-B06E-481B-B9DE-B6BF5D9E3646} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {80730C5E-5979-443F-AF57-8764F688DE02} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {86F14AD5-AEE3-43DC-B1AA-7ADE31829B4A} - \Right Backup_startup No Task File <==== ATTENTION
Task: {A7D3A41C-2C1A-43E6-BA3D-FBEE3D6B2CB3} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {AA29CA7A-D0D4-493E-AEA7-537FCEE051F9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {C94A7158-F559-4C74-ACAD-362157ADDB2F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-04 18:01 - 2012-08-04 18:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-08-22 02:19 - 2013-08-22 01:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 02:19 - 2013-08-22 01:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2015-01-21 20:23 - 2015-01-21 20:23 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\8d0f16d53c303f545bdc3bdeeb2a7fb3\Windows.Foundation.ni.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2014-03-16 10:40 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2014-12-17 14:54 - 2013-08-02 20:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
2012-11-12 08:17 - 2012-06-26 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Leticia\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\michael\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Coupon Alert Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"

==================== Accounts: =============================

Administrator (S-1-5-21-580940030-35127617-3160781262-500 - Administrator - Disabled)
Guest (S-1-5-21-580940030-35127617-3160781262-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-580940030-35127617-3160781262-1003 - Limited - Enabled)
Leticia (S-1-5-21-580940030-35127617-3160781262-1001 - Administrator - Enabled) => C:\Users\Leticia
michael (S-1-5-21-580940030-35127617-3160781262-1004 - Administrator - Enabled) => C:\Users\michael

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2015 09:41:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr152.

System Error:
The system cannot find the file specified.
.

Error: (03/18/2015 08:31:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr152.

System Error:
The system cannot find the file specified.
.

Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8969

Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8969

Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7469

Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7469

Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2015 11:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5969

Error: (01/21/2015 11:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5969


System errors:
=============
Error: (03/22/2015 05:13:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/18/2015 09:48:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/18/2015 09:48:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/18/2015 09:48:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VO Service component service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (03/18/2015 09:41:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr152.

System Error:
The system cannot find the file specified.

Error: (03/18/2015 08:31:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr152.

System Error:
The system cannot find the file specified.

Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8969

Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8969

Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7469

Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7469

Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2015 11:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5969

Error: (01/21/2015 11:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5969


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 20%
Total physical RAM: 6045.84 MB
Available physical RAM: 4821.55 MB
Total Pagefile: 7005.84 MB
Available Pagefile: 5424.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (TI10650100G) (Fixed) (Total:687.99 GB) (Free:592.71 GB) NTFS
Drive d: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.38 GB) FAT32
Drive e: (Letty) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A03A30D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End Of Log ============================
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Leticia at 2015-03-18 21:41:05 Run:1
Running from D:\
Loaded Profiles: Leticia (Available profiles: Leticia & michael)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [Coupon Alert Home Page Guard 64 bit] => C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe [548936 2013-06-04] ()
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2049896 2013-12-20] (YTDownloader)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe [3211776 2014-07-08] ()
HKLM-x32\...\Run: [Coupon Alert Search Scope Monitor] => "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [CouponAlert_2p Browser Plugin Loader] => C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe [30096 2013-06-04] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [fst_us_148] => "C:\Program Files (x86)\fst_us_148\fst_us_148.exe"
HKLM-x32\...\RunOnce: [upfst_us_148.exe] => C:\Users\Leticia\AppData\Local\fst_us_148\upfst_us_148.exe [3352544 2014-07-07] ()
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe [3211776 2014-07-08] ()
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Exetender] => C:\Program Files (x86)\Hoopla\GPlayer.exe [5043096 2014-03-05] (Exent Technologies Ltd.)
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Easy Speed PC] => C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe
HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Yahoo! Search] => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [634624 2014-12-21] (Pay By Ads LTD)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AddonNP.lnk
ShortcutTarget: AddonNP.lnk -> C:\Program Files (x86)\NewPlayer\AddonNP.exe ()
Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Leticia\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe ()
Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\Leticia\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files (x86)\FrostWire 5\FrostWire.exe (FrostWire)
Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-580940030-35127617-3160781262-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-580940030-35127617-3160781262-1001] => http=127.0.0.1:13828
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXI TVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR 31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXI TVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR 31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-580940030-35127617-3160781262-1001 - (No Name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll No File
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXI TVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR 31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXI TVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR 31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= 4&UP=SP65083C4B-FD76-441B-98F1-9677FF492F31&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=bndl1_14_26&cd=2XzuyEtN2Y1L1Qzuzy0CyE0EtA yCyByCzz0DtBtCyCzyzy0DtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1Czu1S1 G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2StAzy0E0AyC0A0A0FtG0AyEtByEtGyBtA0A tBtGyCtBzzyBtGtAyBzy0A0B0A0CyD0CtD0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0FyEtByCt BtDyCtGzyyCtCyDtG0D0E0CtCtGzy0Fzz0FtGtBtC0A0ByEyCtB0CtC0B0DyC2Q&cr=46005761 8&ir=
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1Qzuzy0C yE0EtAyCyByCzz0DtBtCyCzyzy0DtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCyEtFtBtN1L1 CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzztD0DtA0AyBtAtG0B0CtD0BtGyD0CyC zytGyBtAzyyEtGtCyEtB0CtBtCzztCzzyEyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0FyEtByCt BtDyCtGzyyCtCyDtG0D0E0CtCtGzy0Fzz0FtGtBtC0A0ByEyCtB0CtC0B0DyC2Q&cr=58236296 9&ir=
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {B45B6130-384E-452D-A2DB-0F3910B9CAB7} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=241
BHO: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: PalMall -> {11111111-1111-1111-1111-110511801132} -> C:\Program Files (x86)\PalMall\PalMall-bho64.dll (BND)
BHO: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho64.dll (Cinema Plus)
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll No File
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll (Compete, Inc.)
BHO: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll (Innovative Apps)
BHO-x32: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll No File
BHO-x32: PalMall -> {11111111-1111-1111-1111-110511801132} -> C:\Program Files (x86)\PalMall\PalMall-bho.dll (BND)
BHO-x32: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho.dll (Cinema Plus)
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Toolbar BHO -> {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} -> C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll No File
BHO-x32: SearchDonkey -> {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> C:\Program Files (x86)\SearchDonkey\IE\common.dll (WebAppTech Coding, LLC)
BHO-x32: getsav-in 5.0 -> {57437FFF-AF43-472E-9BBD-41AA710B1297} -> C:\Users\michael\AppData\Local\getsav-in\ie\getsav-in_1368186302.dll ()
BHO-x32: Search Assistant BHO -> {60e91567-ef8a-4520-bce2-83aba5256799} -> C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll No File
BHO-x32: NetCrawl 1.0.0.5 -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlBHO.dll (NetCrawl)
BHO-x32: Playtopus Games -> {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} -> C:\Users\michael\AppData\Local\Playtopus\Playtopus.dll (Playtopus)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll No File
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
BHO-x32: MyStart Toolbar -> {ccb24e92-62c4-4c53-95d2-65f9eed476bc} -> C:\Program Files (x86)\mystarttb\mystartDx.dll No File
BHO-x32: findopolis 1.0.0.5 -> {ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} -> C:\Program Files (x86)\findopolis\findopolisBHO.dll (findopolis)
BHO-x32: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" No File
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: PennyBee -> {ECCD8756-E877-457F-8C44-4EC20055DDB5} -> C:\Program Files (x86)\PennyBee\InternetExplorerBHO.dll No File
BHO-x32: No Name -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
Toolbar: HKLM - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll No File
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll No File
Toolbar: HKLM-x32 - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" No File
Toolbar: HKLM-x32 - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll No File
Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> No Name - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - No File
FF Plugin-x32: @CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Hoopla\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin HKU\S-1-5-21-580940030-35127617-3160781262-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]_2p.com] - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2013-06-04]
FF HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Firefox\Extensions: [{8a1a43a3-ee9f-4fff-9c5c-b3063ee1f0e0}] - C:\Program Files (x86)\Re-markit-soft\157.xpi
FF HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,"
CHR DefaultSuggestURL: Default -> https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Extension: (iWebar) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam [2014-07-10]
CHR Extension: (Search) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10]
CHR Extension: (video MediaPlay-Air) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf [2014-07-10]
CHR Extension: (MySearchDial) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-07-10]
CHR Extension: (Rocket New Tab) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-10]
CHR Extension: (findopolis) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlbmmdblljkdkicbjdfplphhplkndeg [2014-12-21]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
CHR HKLM\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
CHR HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\michael\AppData\Local\Wajam\Chrome\wajam.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
R4 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-24] (Just Develop It) <==== ATTENTION
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-03-08] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-03-08] (ConsumerInput)
R4 CouponAlert_2pService; C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe [42504 2013-06-04] (COMPANYVERS_NAME)
R4 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-06-30] () [File not signed]
R4 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [54272 2014-07-07] () [File not signed] <==== ATTENTION
R4 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe [195072 2014-03-08] () [File not signed] <==== ATTENTION
R4 servervo; C:\Users\Leticia\AppData\Roaming\VOPackage\VOsrv.exe [71680 2014-07-10] () [File not signed] <==== ATTENTION
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2708328 2014-08-27] (Search Module Ltd.)
S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-07-08] (ShopperPro)
R2 Update findopolis; C:\Program Files (x86)\findopolis\updatefindopolis.exe [529136 2015-01-05] ()
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [524576 2014-12-21] ()
R2 Util findopolis; C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe [529136 2015-01-05] ()
R4 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam) [File not signed] <==== ATTENTION
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42856 2014-08-27] ()
R2 X5XSEx_Pr152; C:\Program Files (x86)\Hoopla\X5XSEx_Pr152.Sys [56584 2013-07-18] (Exent Technologies Ltd.)
R1 {173745cd-3937-468f-98f6-d68898d32d98}w64; C:\Windows\System32\drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys [48784 2015-01-05] (StdLib)
R1 {1de0dec0-675e-482f-a756-fd24c6796c8e}w64; C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys [48832 2014-12-17] (StdLib)
R4 sbmntr; \??\C:\Program Files (x86)\YTDownloader\sbmntr.sys [X]
R4 SPDRIVER_1.35.1.155; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [X]
R2 SPDRIVER_1.37.0.193; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.sys [X]
Task: {06A8DB4B-697B-4937-A068-F07D3CDF4853} - System32\Tasks\iWebar-chromeinstaller => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe <==== ATTENTION
Task: {0764F78F-264B-4817-AFAE-90D757395FA8} - System32\Tasks\{E5428C95-CA2F-40EF-961A-A50957D5AFCD} => pcalua.exe -a "C:\Program Files (x86)\FMS\Uninstall.exe"
Task: {0B9DE1FD-6C98-4658-B995-F485959034C2} - System32\Tasks\SPBIW_UpdateTask_Time_333836343835303334352d2d5b50342a415545 6c5a236c => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {121CD599-9FDE-4C4D-A726-6D7440767531} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1 => C:\Program Files (x86)\PalMall\PalMall-codedownloader.exe [2014-07-10] (BND) <==== ATTENTION
Task: {16229990-4EAF-4D96-AEBA-AB7FA0AC9D4A} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe [2014-07-10] (BND) <==== ATTENTION
Task: {17965C67-2C46-4B4C-A453-002C32CE88D0} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-03-08] (ConsumerInput) <==== ATTENTION
Task: {285B017D-14AB-4DE4-8374-FA4A703FA34F} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {2930FB7C-EB87-46CD-BC4B-824B9D4979C3} - System32\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-11-26] () <==== ATTENTION
Task: {29F60423-AF23-4493-83A0-73A4F892E4D8} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {2BC6A59F-CA65-42E2-9F99-D74285AE19D8} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-11.exe [2014-07-10] (BND) <==== ATTENTION
Task: {2E8E3D23-1F09-4B15-8EAF-FDF5353E7679} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-2.exe [2014-07-10] (BND) <==== ATTENTION
Task: {331D2001-C1B4-466F-9D84-F2DABC4DC27D} - System32\Tasks\Updater26278.exe => C:\Users\michael\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
Task: {37D99F27-D4AE-4635-A258-40294D5C787C} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe <==== ATTENTION
Task: {41233670-5E85-4A6E-B050-39EEB0DAEBEE} - System32\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-11-26] () <==== ATTENTION
Task: {41978C42-8932-4E56-A176-012B8111F094} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {42719407-214D-4D8A-BC82-8CFA2F5BFB63} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-4.exe [2014-07-10] (BND) <==== ATTENTION
Task: {48BA66C5-9CE5-4F6C-9B0C-7F91D9CBE1D5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {60E68DCF-CA13-40CC-AFC2-CADABCC81EFB} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {6C59312F-3E0C-46D2-9043-0D85E52B9485} - System32\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {733F4A68-09B5-45DB-90DE-2AA2C8621D00} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {7613DA2A-23C5-4EB6-B4BA-CD8873A5F804} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {79524917-C578-4213-82D3-82BD2487BCC2} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-11.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {931367DF-98DD-4FA5-A3AE-AAC77F7A6B25} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-4.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {A4EA2991-D0EA-4538-B5E6-1B00D1B7D584} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-12-09] () <==== ATTENTION
Task: {ACF03591-CAAA-4893-9852-26CAEE647C1D} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {B76D503E-28B5-4F6E-9C84-D817454EB592} - System32\Tasks\iWebar-firefoxinstaller => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe <==== ATTENTION
Task: {CC3DB9BC-6B77-41F4-A297-B5261BD9793A} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-03-08] (ConsumerInput) <==== ATTENTION
Task: {DE50D567-8466-439B-B1D5-DE6DE7CD057F} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-3.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
Task: {E2A4AA41-14D6-41C2-9BDC-5F21B97346BB} - System32\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3 => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.exe [2014-07-10] (enter) <==== ATTENTION
Task: {E3E359BD-21F1-403E-A745-D1E0BA925049} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
Task: {EDF770DA-FE8D-43C5-BAA1-810147FEE27B} - System32\Tasks\Yahoo! Search Updater => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrsetup.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION
Task: {EEA0FC31-811F-4D14-86AD-53F73EB27D8E} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe [2014-07-10] (BND) <==== ATTENTION
Task: {F7A9DCD4-1569-49E3-AFA8-65865697C144} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7 => C:\Program Files (x86)\PalMall\PalMall-nova.exe [2014-10-06] (FileProperties_CompanyName) <==== ATTENTION
Task: {FB804D2A-5867-41B3-BD6C-0A0CAD6D3610} - System32\Tasks\Yahoo! Search => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION
Task: {FC5B2C3D-8693-4E07-BE3D-E0E04438AF8B} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6 => C:\Program Files (x86)\PalMall\PalMall-nova.exe [2014-10-06] (FileProperties_CompanyName) <==== ATTENTION
Task: C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.job => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job => C:\Program Files (x86)\PalMall\PalMall-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job => C:\Program Files (x86)\PalMall\PalMall-nova.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7.job => C:\Program Files (x86)\PalMall\PalMall-nova.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\iWebar-chromeinstaller.job => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe <==== ATTENTION
C:\Program Files (x86)\CouponAlert_2p
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\YTDownloader
C:\Program Files (x86)\ShopperPro
C:\PROGRA~2\COUPON~2
C:\Program Files (x86)\AnyProtectEx
C:\Program Files (x86)\fst_us_148
C:\Users\Leticia\AppData\Local\fst_us_148
C:\Program Files (x86)\ShopperPro
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\Hoopla
C:\Program Files (x86)\Probit Software
C:\Users\Leticia\AppData\Local\Pay-By-Ads
C:\Program Files (x86)\NewPlayer
C:\Users\Leticia\AppData\Local\WeatherAlerts
C:\Program Files (x86)\PricePeep
C:\Program Files (x86)\FrostWire 5
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\iWebar
C:\Program Files (x86)\PalMall
C:\Program Files (x86)\Cinema-Plus-1.2
C:\ProgramData\ShopperPro
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\Solid Savings
C:\Program Files (x86)\SearchDonkey
C:\Users\michael\AppData\Local\getsav-in
C:\Program Files (x86)\NetCrawl
C:\Users\michael\AppData\Local\Playtopus
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\mystarttb
C:\Program Files (x86)\findopolis
C:\ProgramData\WeCareReminder
C:\Program Files (x86)\PennyBee
C:\Program Files (x86)\Re-markit-soft
C:\ProgramData\AskPartnerNetwork
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\CouponAlert_2p
C:\Program Files (x86)\NewPlayer
C:\Program Files (x86)\PennyBee
C:\Program Files (x86)\Re-markit-soft
C:\Users\Leticia\AppData\Roaming\VOPackage
C:\Program Files\Common Files\Goobzo
C:\Program Files\Common Files\ShopperPro
C:\Program Files (x86)\findopolis
C:\Program Files (x86)\NetCrawl
C:\Windows\System32\drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys
C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys
C:\Program Files (x86)\YTDownloader
C:\Program Files (x86)\FMS
C:\Program Files (x86)\RegClean Pro
C:\Users\michael\AppData\Local\Updater26278
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\Program Files (x86)\ASP
2015-01-05 22:51 - 2015-01-05 13:26 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys
2014-12-21 22:19 - 2014-12-21 22:19 - 00000000 ____D () C:\Users\Leticia\AppData\Roaming\ASP
2014-12-21 22:09 - 2014-12-21 22:09 - 00003506 _____ () C:\WINDOWS\System32\Tasks\Yahoo! Search
2014-12-21 22:08 - 2014-12-21 22:08 - 00003510 _____ () C:\WINDOWS\System32\Tasks\Yahoo! Search Updater
2014-12-21 22:08 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Leticia\AppData\Local\Pay-By-Ads
2014-12-21 22:08 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Leticia\AppData\Local\Local_Weather_LLC
2015-01-05 22:53 - 2014-07-10 13:31 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2015-01-05 22:51 - 2014-12-17 13:49 - 00001350 _____ () C:\Users\Leticia\Desktop\Clean Registry for Free!.lnk
2015-01-05 22:50 - 2014-07-10 13:45 - 00000000 ____D () C:\Users\Leticia\AppData\Local\fst_us_148
2015-01-05 22:50 - 2014-07-10 13:21 - 00000000 ____D () C:\Program Files (x86)\findopolis
2014-12-21 22:08 - 2014-12-17 13:53 - 00003076 _____ () C:\WINDOWS\System32\Tasks\Advanced-System Protector_startup
2014-12-21 22:08 - 2014-07-10 13:33 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
2014-12-21 22:07 - 2014-07-10 13:46 - 00003830 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00003156 _____ () C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00002460 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00002240 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00001600 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00001600 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job
2014-12-21 22:07 - 2014-07-10 13:46 - 00001390 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00002140 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00002112 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00002112 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00001522 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job
2014-12-21 22:07 - 2014-07-10 13:38 - 00001336 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job
2014-12-21 22:07 - 2014-07-10 13:37 - 00003470 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job
2014-12-21 22:07 - 2014-07-10 13:37 - 00002814 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job
2014-12-21 22:06 - 2014-07-10 13:31 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-07-10 13:31 - 2014-07-10 14:37 - 0573493 _____ (ClickMeIn Limited) C:\Users\Leticia\AppData\Local\AnyProtectScannerSetup.exe
C:\Users\Leticia\AppData\Local\Temp\ShopperProJSFull.exe
C:\Users\Leticia\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Leticia\AppData\Local\Temp\SPSetup.exe
C:\Users\Leticia\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_31441.exe
C:\Users\michael\AppData\Local\Temp\SPSetup.exe
File: C:\windows\system32\mscoree.dll
File: C:\windows\SysWOW64\mscoree.dll
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reboot:
end


*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Coupon Alert Home Page Guard 64 bit => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Coupon Alert Search Scope Monitor => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CouponAlert_2p Browser Plugin Loader => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_148 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upfst_us_148.exe => Value not found.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Speed PC => value deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => Value not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AddonNP.lnk => Moved successfully.
C:\Program Files (x86)\NewPlayer\AddonNP.exe => Moved successfully.
C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk => Moved successfully.
C:\Users\Leticia\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk => Moved successfully.
C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe => Moved successfully.
C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk => Moved successfully.
C:\Users\Leticia\AppData\Local\WeatherAlerts\WeatherAlerts.exe => Moved successfully.
C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk => Moved successfully.
C:\Program Files (x86)\FrostWire 5\FrostWire.exe not found.
C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1004\User => Moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1001\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= => Value not found.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B45B6130-384E-452D-A2DB-0F3910B9CAB7}" => Key deleted successfully.
HKCR\CLSID\{B45B6130-384E-452D-A2DB-0F3910B9CAB7} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110311551110}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801132} => Key not found.
HKCR\CLSID\{11111111-1111-1111-1111-110511801132} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611051148} => Key not found.
HKCR\CLSID\{11111111-1111-1111-1111-110611051148} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
"HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully.
"HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178} => Key not found.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211621178} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311551110}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801132} => Key not found.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511801132} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611051148} => Key not found.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611051148} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} => Key not found.
HKCR\Wow6432Node\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57437FFF-AF43-472E-9BBD-41AA710B1297}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{57437FFF-AF43-472E-9BBD-41AA710B1297}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769a91da-209f-47fe-88b9-b0321b0982c8} => Key not found.
HKCR\Wow6432Node\CLSID\{769a91da-209f-47fe-88b9-b0321b0982c8} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
HKCR\Wow6432Node\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} => Key not found.
HKCR\Wow6432Node\CLSID\{ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
"HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} => Key not found.
"HKCR\Wow6432Node\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECCD8756-E877-457F-8C44-4EC20055DDB5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ECCD8756-E877-457F-8C44-4EC20055DDB5}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} => value deleted successfully.
"HKCR\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3462c343-be19-4143-af70-cefb56f46fc6} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} => Key not found.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3462C343-BE19-4143-AF70-CEFB56F46FC6} => value deleted successfully.
HKCR\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@CouponAlert_2p.com/Plugin" => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0 => Key not found.
C:\Program Files (x86)\Hoopla\npExentCtl.dll not found.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]_2p.com => value deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin => Moved successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Mozilla\Firefox\Extensions\\{8a1a43a3-ee9f-4fff-9c5c-b3063ee1f0e0} => value deleted successfully.
HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam => Moved successfully.
C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => Moved successfully.
C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf directory not found.
C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa => Moved successfully.
C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom => Moved successfully.
C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlbmmdblljkdkicbjdfplphhplkndeg directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa" => Key deleted successfully.
"HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp" => Key deleted successfully.
C:\Users\michael\AppData\Local\Wajam\Chrome\wajam.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => Key deleted successfully.
BackupStack => Service not found.
consumerinput_update => Service not found.
consumerinput_updatem => Service not found.
CouponAlert_2pService => Service not found.
NewPlayerUpdaterService => Service not found.
PennyBee => Service not found.
Re-markit => Service not found.
servervo => Service not found.
SMUpd => Service not found.
SPBIUpd => Service deleted successfully.
Update findopolis => Service not found.
Update NetCrawl => Service not found.
Util findopolis => Service not found.
WajamUpdater => Service not found.
SMUpdd => Service deleted successfully.
X5XSEx_Pr152 => Service not found.
{173745cd-3937-468f-98f6-d68898d32d98}w64 => Unable to stop service
{173745cd-3937-468f-98f6-d68898d32d98}w64 => Service deleted successfully.
{1de0dec0-675e-482f-a756-fd24c6796c8e}w64 => Unable to stop service
{1de0dec0-675e-482f-a756-fd24c6796c8e}w64 => Service deleted successfully.
sbmntr => Unable to stop service
sbmntr => Service deleted successfully.
SPDRIVER_1.35.1.155 => Unable to stop service
SPDRIVER_1.35.1.155 => Service deleted successfully.
SPDRIVER_1.37.0.193 => Unable to stop service
SPDRIVER_1.37.0.193 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06A8DB4B-697B-4937-A068-F07D3CDF4853}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06A8DB4B-697B-4937-A068-F07D3CDF4853}" => Key deleted successfully.
C:\Windows\System32\Tasks\iWebar-chromeinstaller => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0764F78F-264B-4817-AFAE-90D757395FA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0764F78F-264B-4817-AFAE-90D757395FA8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E5428C95-CA2F-40EF-961A-A50957D5AFCD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5428C95-CA2F-40EF-961A-A50957D5AFCD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B9DE1FD-6C98-4658-B995-F485959034C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B9DE1FD-6C98-4658-B995-F485959034C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333836343835303334352d2d5b50342a415545 6c5a236c not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333836343835303334352d2d5b50342a415545 6c5a236c => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{121CD599-9FDE-4C4D-A726-6D7440767531} => Key not found.
C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16229990-4EAF-4D96-AEBA-AB7FA0AC9D4A} => Key not found.
C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-5_user => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17965C67-2C46-4B4C-A453-002C32CE88D0} => Key not found.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{285B017D-14AB-4DE4-8374-FA4A703FA34F} => Key not found.
C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-6 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2930FB7C-EB87-46CD-BC4B-824B9D4979C3} => Key not found.
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F60423-AF23-4493-83A0-73A4F892E4D8} => Key not found.
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BC6A59F-CA65-42E2-9F99-D74285AE19D8} => Key not found.
C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-11 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E8E3D23-1F09-4B15-8EAF-FDF5353E7679} => Key not found.
C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-2 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331D2001-C1B4-466F-9D84-F2DABC4DC27D} => Key not found.
C:\Windows\System32\Tasks\Updater26278.exe not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37D99F27-D4AE-4635-A258-40294D5C787C} => Key not found.
C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41233670-5E85-4A6E-B050-39EEB0DAEBEE} => Key not found.
C:\Windows\System32\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-580940030-35127617-3160781262-1001 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41978C42-8932-4E56-A176-012B8111F094}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41978C42-8932-4E56-A176-012B8111F094}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42719407-214D-4D8A-BC82-8CFA2F5BFB63} => Key not found.
C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-4 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48BA66C5-9CE5-4F6C-9B0C-7F91D9CBE1D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BA66C5-9CE5-4F6C-9B0C-7F91D9CBE1D5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60E68DCF-CA13-40CC-AFC2-CADABCC81EFB} => Key not found.
C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-2 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C59312F-3E0C-46D2-9043-0D85E52B9485} => Key not found.
C:\Windows\System32\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{733F4A68-09B5-45DB-90DE-2AA2C8621D00} => Key not found.
C:\Windows\System32\Tasks\RegClean Pro not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7613DA2A-23C5-4EB6-B4BA-CD8873A5F804}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7613DA2A-23C5-4EB6-B4BA-CD8873A5F804}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79524917-C578-4213-82D3-82BD2487BCC2} => Key not found.
C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-11 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{931367DF-98DD-4FA5-A3AE-AAC77F7A6B25} => Key not found.
C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-4 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4EA2991-D0EA-4538-B5E6-1B00D1B7D584} => Key not found.
C:\Windows\System32\Tasks\Advanced-System Protector_startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACF03591-CAAA-4893-9852-26CAEE647C1D} => Key not found.
C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-7 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B76D503E-28B5-4F6E-9C84-D817454EB592}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B76D503E-28B5-4F6E-9C84-D817454EB592}" => Key deleted successfully.
C:\Windows\System32\Tasks\iWebar-firefoxinstaller => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-firefoxinstaller" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC3DB9BC-6B77-41F4-A297-B5261BD9793A} => Key not found.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE50D567-8466-439B-B1D5-DE6DE7CD057F} => Key not found.
C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-3 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2A4AA41-14D6-41C2-9BDC-5F21B97346BB} => Key not found.
C:\Windows\System32\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3E359BD-21F1-403E-A745-D1E0BA925049} => Key not found.
C:\Windows\System32\Tasks\RegClean Pro_UPDATES not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDF770DA-FE8D-43C5-BAA1-810147FEE27B} => Key not found.
C:\Windows\System32\Tasks\Yahoo! Search Updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA0FC31-811F-4D14-86AD-53F73EB27D8E} => Key not found.
C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-5 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A9DCD4-1569-49E3-AFA8-65865697C144} => Key not found.
C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-7 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB804D2A-5867-41B3-BD6C-0A0CAD6D3610} => Key not found.
C:\Windows\System32\Tasks\Yahoo! Search not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC5B2C3D-8693-4E07-BE3D-E0E04438AF8B} => Key not found.
C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-6 => Key not found.
C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.job not found.
C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job not found.
C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job not found.
C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job not found.
C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job not found.
C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job not found.
C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job not found.
C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job not found.
C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7.job not found.
C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job not found.
C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job not found.
C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job not found.
C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job not found.
C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job not found.
C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job not found.
C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job not found.
C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7.job not found.
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001.job not found.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001.job not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job not found.
C:\WINDOWS\Tasks\iWebar-chromeinstaller.job => Moved successfully.
C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job => Moved successfully.
C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job not found.
C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job not found.
C:\WINDOWS\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2.job not found.
C:\Program Files (x86)\CouponAlert_2p => Moved successfully.
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
C:\Program Files (x86)\YTDownloader => Moved successfully.
C:\Program Files (x86)\ShopperPro => Moved successfully.
"C:\PROGRA~2\COUPON~2" => File/Directory not found.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
"C:\Program Files (x86)\fst_us_148" => File/Directory not found.
"C:\Users\Leticia\AppData\Local\fst_us_148" => File/Directory not found.
"C:\Program Files (x86)\ShopperPro" => File/Directory not found.
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
"C:\Program Files (x86)\Hoopla" => File/Directory not found.
C:\Program Files (x86)\Probit Software => Moved successfully.
C:\Users\Leticia\AppData\Local\Pay-By-Ads => Moved successfully.
C:\Program Files (x86)\NewPlayer => Moved successfully.
C:\Users\Leticia\AppData\Local\WeatherAlerts => Moved successfully.
C:\Program Files (x86)\PricePeep => Moved successfully.
"C:\Program Files (x86)\FrostWire 5" => File/Directory not found.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
"C:\Program Files (x86)\iWebar" => File/Directory not found.
"C:\Program Files (x86)\PalMall" => File/Directory not found.
"C:\Program Files (x86)\Cinema-Plus-1.2" => File/Directory not found.
C:\ProgramData\ShopperPro => Moved successfully.
"C:\Program Files (x86)\Consumer Input" => File/Directory not found.
"C:\Program Files (x86)\Solid Savings" => File/Directory not found.
"C:\Program Files (x86)\SearchDonkey" => File/Directory not found.
"C:\Users\michael\AppData\Local\getsav-in" => File/Directory not found.
"C:\Program Files (x86)\NetCrawl" => File/Directory not found.
C:\Users\michael\AppData\Local\Playtopus => Moved successfully.
C:\Program Files (x86)\Wajam => Moved successfully.
"C:\Program Files (x86)\mystarttb" => File/Directory not found.
"C:\Program Files (x86)\findopolis" => File/Directory not found.
"C:\ProgramData\WeCareReminder" => File/Directory not found.
C:\Program Files (x86)\PennyBee => Moved successfully.
C:\Program Files (x86)\Re-markit-soft => Moved successfully.
"C:\ProgramData\AskPartnerNetwork" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Program Files (x86)\Consumer Input" => File/Directory not found.
"C:\Program Files (x86)\CouponAlert_2p" => File/Directory not found.
"C:\Program Files (x86)\NewPlayer" => File/Directory not found.
"C:\Program Files (x86)\PennyBee" => File/Directory not found.
"C:\Program Files (x86)\Re-markit-soft" => File/Directory not found.
C:\Users\Leticia\AppData\Roaming\VOPackage => Moved successfully.
C:\Program Files\Common Files\Goobzo => Moved successfully.
C:\Program Files\Common Files\ShopperPro => Moved successfully.
"C:\Program Files (x86)\findopolis" => File/Directory not found.
"C:\Program Files (x86)\NetCrawl" => File/Directory not found.
C:\Windows\System32\drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys => Moved successfully.
C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys => Moved successfully.
"C:\Program Files (x86)\YTDownloader" => File/Directory not found.
"C:\Program Files (x86)\FMS" => File/Directory not found.
"C:\Program Files (x86)\RegClean Pro" => File/Directory not found.
C:\Users\michael\AppData\Local\Updater26278 => Moved successfully.
"C:\PROGRA~1\COMMON~1\System\SysMenu.dll" => File/Directory not found.
"C:\Program Files (x86)\ASP" => File/Directory not found.
"C:\WINDOWS\system32\Drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys" => File/Directory not found.
C:\Users\Leticia\AppData\Roaming\ASP => Moved successfully.
"C:\WINDOWS\System32\Tasks\Yahoo! Search" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\Yahoo! Search Updater" => File/Directory not found.
"C:\Users\Leticia\AppData\Local\Pay-By-Ads" => File/Directory not found.
C:\Users\Leticia\AppData\Local\Local_Weather_LLC => Moved successfully.
"C:\WINDOWS\System32\Tasks\RegClean Pro" => File/Directory not found.
"C:\Users\Leticia\Desktop\Clean Registry for Free!.lnk" => File/Directory not found.
"C:\Users\Leticia\AppData\Local\fst_us_148" => File/Directory not found.
"C:\Program Files (x86)\findopolis" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\Advanced-System Protector_startup" => File/Directory not found.
C:\WINDOWS\System32\Tasks\Right Backup_startup => Moved successfully.
"C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job" => File/Directory not found.
"C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job" => File/Directory not found.
"C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job" => File/Directory not found.
"C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job" => File/Directory not found.
"C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job" => File/Directory not found.
"C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job" => File/Directory not found.
"C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job" => File/Directory not found.
"C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job" => File/Directory not found.
"C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job" => File/Directory not found.
"C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job" => File/Directory not found.
"C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job" => File/Directory not found.
"C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job" => File/Directory not found.
"C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job" => File/Directory not found.
"C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job" => File/Directory not found.
"C:\Program Files (x86)\NetCrawl" => File/Directory not found.
C:\Users\Leticia\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully.
C:\Users\Leticia\AppData\Local\Temp\ShopperProJSFull.exe => Moved successfully.
C:\Users\Leticia\AppData\Local\Temp\ShopperProJSINJFull.exe => Moved successfully.
C:\Users\Leticia\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\Leticia\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_31441.exe => Moved successfully.
C:\Users\michael\AppData\Local\Temp\SPSetup.exe => Moved successfully.

========================= File: C:\windows\system32\mscoree.dll ========================

MD5: 2A857CCAFE18B1D396484AC9CC0B9B80
Creation and modification date: 2013-08-22 06:04 - 2013-08-22 06:04
Size: 0382976
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: mscoree.dll
Original Name: mscoree.dll
Product Name: Microsoft® Windows® Operating System
Description: Microsoft .NET Runtime Execution Engine
File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
Product Version: 6.3.9600.16384
Copyright: © Microsoft Corporation. All rights reserved.

====== End Of File: ======


========================= File: C:\windows\SysWOW64\mscoree.dll ========================

MD5: 84F20198CAE435DE32ABDB4511550BD7
Creation and modification date: 2013-08-21 22:40 - 2013-08-21 22:40
Size: 0330240
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: mscoree.dll
Original Name: mscoree.dll
Product Name: Microsoft® Windows® Operating System
Description: Microsoft .NET Runtime Execution Engine
File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
Product Version: 6.3.9600.16384
Copyright: © Microsoft Corporation. All rights reserved.

====== End Of File: ======


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 21:42:12 ====
 

dbreeze

David
Malware Specialist
Joined
Oct 5, 2014
Messages
431
camsr2000,

Thank you for the logs; I apologize for my late reply. The fixlist script run with FRST seems to have fixed most of the errors originally list in the first logs.

Couple of things to note however:

1) You can have someone try and uninstall anything left over on the list I asked you to uninstall manually. If there are problems and the utility asks if you want the name removed from the list (for example, if there is no uninstall program or the files / directory can no longer be found) then it is OK to let it do so.

2) They need to check on the AntiVirus protection on that system. The Kaspersky Lab software is at least 2 years old and states that it is not up to date. If the subscription is expired, then the protection is not enabled and malware can infiltrate the system. It may be best to clean out Kaspersky and install something free like Avast Free AntiVirus or Microsoft Security Essentials.

3) The laptop should be able to connect to the internet but someone has tried to change it to IPv6 priority; Yahoo was fine but Google was not. I would suggest they remove IPv6 from their system as it is not fully implemented everywhere just yet (that is, of course, as long as they don't have to have it for work or school).

Let me know if I can be of any more help.
 

camsr2000

Thread Starter
Joined
Jul 21, 2009
Messages
185
Thank you! I'll check with my daughter to see how its working! Thank you very much!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top