1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Toshiba Satellite P845T-S4310 Laptop infected

Discussion in 'Virus & Other Malware Removal' started by camsr2000, Jan 18, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. camsr2000

    camsr2000 Thread Starter

    Joined:
    Jul 21, 2009
    Messages:
    185
    I am requesting help with my daughters Toshiba Laptop. Her and her husband complained that they they have been infectected with a virus which does not allow them to go online now. I downloaded combofix to see if that would atleast get the the ability to get online to request help from your site, but now I see that combofix no longer supports Windows XP. I downloaded the system info and have pasted it below. I promised to try submitting it to you to see if you could help them clean their laptop. what would you recommend?


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 2
    RAM: 8096 Mb
    Graphics Card: Intel(R) HD Graphics, -1988 Mb
    Hard Drives: C: Total - 936545 MB, Free - 869466 MB; D: Total - 17220 MB, Free - 2151 MB;
    Motherboard: Foxconn, 2ABF
    Antivirus: Microsoft Security Essentials, Updated and Enabled
     
  2. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Please download Farbar Recovery Scan Tool 64bit and save it to a USB stick.

    Please download MiniToolBox and save it to your USB stick.

    Using the USB stick, please transfer the two programs to the Desktop of the 'infected' machine.

    FRST
    On the infected machine, run the following:
    • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • If an update is available, the program will inform you and download the update. Allow it do this please.
    • Press the Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy the log onto the USB stick and paste the log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also copy this log on to the USB stick and paste that along with the FRST.txt into your reply.

    MiniToolBox
    Double click on MiniToolBox.exe to run it.
    Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
    • List Minidump Files
    Click Go; the tool will create a log file on the desktop called Result.txt. Please copy Result.txt to the USB stick and post it in a reply here.

    Information to Reply with >>>>
    • Any questions or concerns you may have for me.
    • The FRST.txt log text.
    • The Addition.txt log text.
    • The MiniToolBox Result.txt log text.


    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     
  3. camsr2000

    camsr2000 Thread Starter

    Joined:
    Jul 21, 2009
    Messages:
    185
    DBreeze, thank you for helping me with my daughters Laptop. I know very little of what is going on but I notice they have a huge amount of junk programs that start on start up, all they've told me is They can't get online and they get multiple error messages. Thanks again for your help

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Leticia (administrator) on GUERRAFAMILY on 20-01-2015 17:40:30
    Running from C:\Users\Leticia\Desktop
    Loaded Profiles: Leticia (Available profiles: Leticia & michael)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (COMPANYVERS_NAME) C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    () C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    () C:\Users\Leticia\AppData\Roaming\VOPackage\VOsrv.exe
    () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
    () C:\Program Files (x86)\PennyBee\PennyBee.exe
    (globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
    (Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
    () C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    () C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
    () C:\Users\Leticia\AppData\Local\fst_us_148\upfst_us_148.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
    () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    () C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe
    (Exent Technologies Ltd.) C:\Program Files (x86)\Hoopla\GPlayer.exe
    () C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Local Weather LLC) C:\Users\Leticia\AppData\Local\WeatherAlerts\WeatherAlerts.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (VER_COMPANY_NAME) C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Pay By Ads LTD) C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe
    () C:\Program Files (x86)\findopolis\updatefindopolis.exe
    () C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe
    (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    (Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (FileProperties_CompanyName) C:\Program Files (x86)\PalMall\PalMall-nova.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
    HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-06] (SRS Labs, Inc.)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
    HKLM\...\Run: [Coupon Alert Home Page Guard 64 bit] => C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe [548936 2013-06-04] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
    HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2049896 2013-12-20] (YTDownloader)
    HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe [3211776 2014-07-08] ()
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2014-03-16] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [Coupon Alert Search Scope Monitor] => "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
    HKLM-x32\...\Run: [CouponAlert_2p Browser Plugin Loader] => C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe [30096 2013-06-04] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
    HKLM-x32\...\Run: [fst_us_148] => "C:\Program Files (x86)\fst_us_148\fst_us_148.exe"
    HKLM-x32\...\RunOnce: [upfst_us_148.exe] => C:\Users\Leticia\AppData\Local\fst_us_148\upfst_us_148.exe [3352544 2014-07-07] ()
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe [3211776 2014-07-08] ()
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Exetender] => C:\Program Files (x86)\Hoopla\GPlayer.exe [5043096 2014-03-05] (Exent Technologies Ltd.)
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Easy Speed PC] => C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Yahoo! Search] => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [634624 2014-12-21] (Pay By Ads LTD)
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AddonNP.lnk
    ShortcutTarget: AddonNP.lnk -> C:\Program Files (x86)\NewPlayer\AddonNP.exe ()
    Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
    ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Leticia\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
    Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
    ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe ()
    Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
    ShortcutTarget: Weather Alerts.lnk -> C:\Users\Leticia\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
    Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files (x86)\FrostWire 5\FrostWire.exe (FrostWire)
    Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1004\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1001\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-580940030-35127617-3160781262-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-580940030-35127617-3160781262-1001] => http=127.0.0.1:13828
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXITVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXITVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
    URLSearchHook: HKU\S-1-5-21-580940030-35127617-3160781262-1001 - (No Name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll No File
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXITVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
    SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXITVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321728&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP65083C4B-FD76-441B-98F1-9677FF492F31&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=bndl1_14_26&cd=2XzuyEtN2Y1L1Qzuzy0CyE0EtAyCyByCzz0DtBtCyCzyzy0DtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1Czu1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2StAzy0E0AyC0A0A0FtG0AyEtByEtGyBtA0AtBtGyCtBzzyBtGtAyBzy0A0B0A0CyD0CtD0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0FyEtByCtBtDyCtGzyyCtCyDtG0D0E0CtCtGzy0Fzz0FtGtBtC0A0ByEyCtB0CtC0B0DyC2Q&cr=460057618&ir=
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1Qzuzy0CyE0EtAyCyByCzz0DtBtCyCzyzy0DtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzztD0DtA0AyBtAtG0B0CtD0BtGyD0CyCzytGyBtAzyyEtGtCyEtB0CtBtCzztCzzyEyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0FyEtByCtBtDyCtGzyyCtCyDtG0D0E0CtCtGzy0Fzz0FtGtBtC0A0ByEyCtB0CtC0B0DyC2Q&cr=582362969&ir=
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {B45B6130-384E-452D-A2DB-0F3910B9CAB7} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=241
    BHO: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
    BHO: PalMall -> {11111111-1111-1111-1111-110511801132} -> C:\Program Files (x86)\PalMall\PalMall-bho64.dll (BND)
    BHO: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho64.dll (Cinema Plus)
    BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
    BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll (Compete, Inc.)
    BHO: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll (Innovative Apps)
    BHO-x32: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll No File
    BHO-x32: PalMall -> {11111111-1111-1111-1111-110511801132} -> C:\Program Files (x86)\PalMall\PalMall-bho.dll (BND)
    BHO-x32: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho.dll (Cinema Plus)
    BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO-x32: Toolbar BHO -> {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} -> C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll No File
    BHO-x32: SearchDonkey -> {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> C:\Program Files (x86)\SearchDonkey\IE\common.dll (WebAppTech Coding, LLC)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: getsav-in 5.0 -> {57437FFF-AF43-472E-9BBD-41AA710B1297} -> C:\Users\michael\AppData\Local\getsav-in\ie\getsav-in_1368186302.dll ()
    BHO-x32: Search Assistant BHO -> {60e91567-ef8a-4520-bce2-83aba5256799} -> C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll No File
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: NetCrawl 1.0.0.5 -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlBHO.dll (NetCrawl)
    BHO-x32: Playtopus Games -> {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} -> C:\Users\michael\AppData\Local\Playtopus\Playtopus.dll (Playtopus)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
    BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll No File
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
    BHO-x32: MyStart Toolbar -> {ccb24e92-62c4-4c53-95d2-65f9eed476bc} -> C:\Program Files (x86)\mystarttb\mystartDx.dll No File
    BHO-x32: findopolis 1.0.0.5 -> {ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} -> C:\Program Files (x86)\findopolis\findopolisBHO.dll (findopolis)
    BHO-x32: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" No File
    BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: PennyBee -> {ECCD8756-E877-457F-8C44-4EC20055DDB5} -> C:\Program Files (x86)\PennyBee\InternetExplorerBHO.dll No File
    BHO-x32: No Name -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> No File
    Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll No File
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM-x32 - Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll No File
    Toolbar: HKLM-x32 - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" No File
    Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll No File
    Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
    Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> No Name - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - No File
    Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File
    FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Hoopla\npExentCtl.dll (Exent Technologies Ltd.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Hoopla\NPGameTreatPlugin.dll No File
    FF Plugin HKU\S-1-5-21-580940030-35127617-3160781262-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]_2p.com] - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
    FF Extension: No Name - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2013-06-04]
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-07-10]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Firefox\Extensions: [{8a1a43a3-ee9f-4fff-9c5c-b3063ee1f0e0}] - C:\Program Files (x86)\Re-markit-soft\157.xpi
    FF HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,"
    CHR DefaultSearchKeyword: Default -> yahoo.com
    CHR DefaultSuggestURL: Default -> https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Profile: C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10]
    CHR Extension: (Google Drive) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-10]
    CHR Extension: (YouTube) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10]
    CHR Extension: (iWebar) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam [2014-07-10]
    CHR Extension: (Search) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-10]
    CHR Extension: (video MediaPlay-Air) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf [2014-07-10]
    CHR Extension: (Safe Money) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-10]
    CHR Extension: (MySearchDial) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-07-10]
    CHR Extension: (Rocket New Tab) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-10]
    CHR Extension: (Virtual Keyboard) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-10]
    CHR Extension: (Kaspersky Protection) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-07-10]
    CHR Extension: (Google Wallet) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
    CHR Extension: (Norton Identity Protection) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-07-10]
    CHR Extension: (findopolis) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlbmmdblljkdkicbjdfplphhplkndeg [2014-12-21]
    CHR Extension: (Gmail) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10]
    CHR Extension: (Anti-Banner) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-10]
    CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
    CHR HKLM\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
    CHR HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
    CHR HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\michael\AppData\Local\Wajam\Chrome\wajam.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx [2014-03-20]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-03-16] (Kaspersky Lab ZAO)
    R4 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-24] (Just Develop It) <==== ATTENTION
    S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-03-08] (ConsumerInput)
    S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-03-08] (ConsumerInput)
    R4 CouponAlert_2pService; C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe [42504 2013-06-04] (COMPANYVERS_NAME)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
    R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
    R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [130104 2014-03-11] (Symantec Corporation)
    R4 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-06-30] () [File not signed]
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2015-01-05] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
    R4 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [54272 2014-07-07] () [File not signed] <==== ATTENTION
    R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
    R4 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe [195072 2014-03-08] () [File not signed] <==== ATTENTION
    R4 servervo; C:\Users\Leticia\AppData\Roaming\VOPackage\VOsrv.exe [71680 2014-07-10] () [File not signed] <==== ATTENTION
    R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2708328 2014-08-27] (Search Module Ltd.)
    S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-07-08] (ShopperPro)
    R2 Update findopolis; C:\Program Files (x86)\findopolis\updatefindopolis.exe [529136 2015-01-05] ()
    R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [524576 2014-12-21] ()
    R2 Util findopolis; C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe [529136 2015-01-05] ()
    R4 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam) [File not signed] <==== ATTENTION
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-16] (Kaspersky Lab ZAO)
    S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627296 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-16] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-16] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-16] (Kaspersky Lab ZAO)
    R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2014-03-16] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2014-03-16] (Kaspersky Lab ZAO)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
    R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42856 2014-08-27] ()
    S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
    R2 X5XSEx_Pr152; C:\Program Files (x86)\Hoopla\X5XSEx_Pr152.Sys [56584 2013-07-18] (Exent Technologies Ltd.)
    R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)
    R1 {173745cd-3937-468f-98f6-d68898d32d98}w64; C:\Windows\System32\drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys [48784 2015-01-05] (StdLib)
    R1 {1de0dec0-675e-482f-a756-fd24c6796c8e}w64; C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys [48832 2014-12-17] (StdLib)
    R4 sbmntr; \??\C:\Program Files (x86)\YTDownloader\sbmntr.sys [X]
    R4 SPDRIVER_1.35.1.155; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [X]
    R2 SPDRIVER_1.37.0.193; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 17:40 - 2015-01-20 17:41 - 00042779 _____ () C:\Users\Leticia\Desktop\FRST.txt
    2015-01-20 17:39 - 2015-01-20 17:40 - 00000000 ____D () C:\FRST
    2015-01-20 17:36 - 2015-01-19 22:46 - 00401920 _____ (Farbar) C:\Users\Leticia\Desktop\MiniToolBox (1).exe
    2015-01-20 17:34 - 2015-01-19 22:44 - 02126848 _____ (Farbar) C:\Users\Leticia\Desktop\FRST64.exe
    2015-01-05 22:51 - 2015-01-05 13:26 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys
    2014-12-21 22:19 - 2014-12-21 22:19 - 00000000 ____D () C:\Users\Leticia\AppData\Roaming\ASP
    2014-12-21 22:09 - 2014-12-21 22:09 - 00003506 _____ () C:\WINDOWS\System32\Tasks\Yahoo! Search
    2014-12-21 22:08 - 2014-12-21 22:08 - 00003510 _____ () C:\WINDOWS\System32\Tasks\Yahoo! Search Updater
    2014-12-21 22:08 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Leticia\AppData\Local\Pay-By-Ads
    2014-12-21 22:08 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Leticia\AppData\Local\Local_Weather_LLC

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-20 17:41 - 2014-03-08 08:32 - 00000390 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001.job
    2015-01-20 17:37 - 2014-07-10 13:37 - 00001460 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7.job
    2015-01-20 17:37 - 2014-03-21 02:06 - 01185822 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-20 17:36 - 2014-03-08 08:31 - 00000998 _____ () C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
    2015-01-20 17:32 - 2013-03-10 07:17 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-20 17:28 - 2014-04-02 11:18 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7EA05828-C408-4DC3-92FE-A0E8E0E8484C}
    2015-01-20 17:25 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-01-18 09:17 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-01-18 09:16 - 2013-08-22 08:46 - 00326720 _____ () C:\WINDOWS\setupact.log
    2015-01-18 09:13 - 2013-02-10 21:23 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-580940030-35127617-3160781262-1001
    2015-01-18 09:01 - 2014-07-10 13:46 - 00001538 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7.job
    2015-01-18 08:59 - 2013-02-11 00:16 - 00000000 ____D () C:\Users\Leticia\AppData\Local\CrashDumps
    2015-01-18 08:57 - 2013-03-10 07:18 - 00002370 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-18 08:57 - 2013-02-10 21:15 - 00001593 _____ () C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-05 23:02 - 2013-06-22 17:53 - 00000000 ____D () C:\Program Files (x86)\PC Checkup
    2015-01-05 22:53 - 2014-07-10 13:31 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
    2015-01-05 22:51 - 2014-12-17 13:49 - 00001350 _____ () C:\Users\Leticia\Desktop\Clean Registry for Free!.lnk
    2015-01-05 22:50 - 2014-07-10 13:45 - 00000000 ____D () C:\Users\Leticia\AppData\Local\fst_us_148
    2015-01-05 22:50 - 2014-07-10 13:21 - 00000000 ____D () C:\Program Files (x86)\findopolis
    2015-01-05 22:50 - 2013-08-22 07:25 - 00000194 _____ () C:\WINDOWS\win.ini
    2014-12-21 22:14 - 2014-03-08 10:14 - 00002520 _____ () C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job
    2014-12-21 22:14 - 2014-03-08 10:13 - 00003438 _____ () C:\WINDOWS\Tasks\iWebar-chromeinstaller.job
    2014-12-21 22:09 - 2014-03-16 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-12-21 22:08 - 2014-12-17 13:53 - 00003076 _____ () C:\WINDOWS\System32\Tasks\Advanced-System Protector_startup
    2014-12-21 22:08 - 2014-07-10 13:33 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
    2014-12-21 22:08 - 2014-04-02 11:17 - 00000000 __RDO () C:\Users\Leticia\SkyDrive
    2014-12-21 22:08 - 2013-03-10 07:17 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00003830 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00003156 _____ () C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00002460 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00002240 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00001600 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00001600 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00001390 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00002140 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00002112 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00002112 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00001522 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00001336 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job
    2014-12-21 22:07 - 2014-07-10 13:37 - 00003470 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job
    2014-12-21 22:07 - 2014-07-10 13:37 - 00002814 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job
    2014-12-21 22:07 - 2014-03-08 08:31 - 00000994 _____ () C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
    2014-12-21 22:06 - 2014-07-10 13:31 - 00000000 ____D () C:\Program Files (x86)\NetCrawl

    ==================== Files in the root of some directories =======
    2014-07-10 13:31 - 2014-07-10 13:33 - 0001196 _____ () C:\Users\Leticia\AppData\Roaming\aps.scan.quick.results
    2014-07-10 13:31 - 2014-07-10 13:33 - 0002934 _____ () C:\Users\Leticia\AppData\Roaming\aps.scan.results
    2014-07-10 13:31 - 2014-07-10 13:33 - 0000320 _____ () C:\Users\Leticia\AppData\Roaming\aps.uninstall.scan.results
    2014-07-10 13:31 - 2014-07-10 14:37 - 0573493 _____ (ClickMeIn Limited) C:\Users\Leticia\AppData\Local\AnyProtectScannerSetup.exe
    2013-08-06 13:02 - 2013-08-06 13:02 - 0000095 _____ () C:\ProgramData\SAH_Install.ini

    Some content of TEMP:
    ====================
    C:\Users\Leticia\AppData\Local\Temp\ShopperProJSFull.exe
    C:\Users\Leticia\AppData\Local\Temp\ShopperProJSINJFull.exe
    C:\Users\Leticia\AppData\Local\Temp\SPSetup.exe
    C:\Users\Leticia\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_31441.exe
    C:\Users\michael\AppData\Local\Temp\SPSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-05 23:00

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
    Ran by Leticia at 2015-01-20 17:41:33
    Running from C:\Users\Leticia\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
    Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.14452 - systweak.com) <==== ATTENTION
    AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C0F01}) (Version: 12.15.1.17 - APN, LLC) <==== ATTENTION
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
    Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
    Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
    Canon MX510 series User Registration (HKLM-x32\...\Canon MX510 series User Registration) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
    Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
    Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    Cinema-Plus-1.2 (HKLM-x32\...\Cinema-Plus-1.2) (Version: 1.34.7.1 - Cinema Plus) <==== ATTENTION
    ClearViewSE (HKLM-x32\...\{67E80218-05FB-45B3-852F-AF06908A1014}) (Version: 5.5.0 - Happy Bytes LLC)
    Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.) <==== ATTENTION
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
    CouponAlert Toolbar (HKLM-x32\...\CouponAlert_2pbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DesktopWeatherAlerts (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
    Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD) <==== ATTENTION
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FastAgain PC Booster (HKLM-x32\...\FastAgain PC Booster_is1) (Version: 1.0 - Activeris) <==== ATTENTION
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    findopolis (HKLM\...\findopolis) (Version: 2014.07.10.160549 - findopolis) <==== ATTENTION!
    Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
    FreeSoftToday 025.148 (HKLM-x32\...\fst_us_148_is1) (Version: - FREESOFTTODAY) <==== ATTENTION
    FrostWire 5.6.8 (HKLM-x32\...\FrostWire 5) (Version: 5.6.8.1 - FrostWire LLC)
    getsav-in (HKLM-x32\...\getsav-in) (Version: 1.1368186317 - Adpeak, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hoopla (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd) <==== ATTENTION
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)
    iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
    iWebar (HKLM-x32\...\iWebar) (Version: 1.34.2.13 - iWebar) <==== ATTENTION!
    JFileManager (HKLM-x32\...\JFileManager) (Version: v1.0.0.1 - )
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
    Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
    Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
    LibreOffice 3.5 (HKLM-x32\...\{EF790F1C-CB0C-4B95-8C54-60783F3B6661}) (Version: 3.5.4.2 - The Document Foundation)
    Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
    LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
    Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader)
    Microsoft SkyDrive (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
    Mysearchdial (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION!
    MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.4.1.4 - Visicom Media Inc.)
    NetCrawl (HKLM\...\NetCrawl) (Version: 2014.07.10.161444 - NetCrawl) <==== ATTENTION!
    NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.2.1 - ) <==== ATTENTION
    Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
    Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.43 - Symantec Corporation)
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
    Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
    Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
    Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
    Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
    PalMall (HKLM-x32\...\PalMall) (Version: 1.34.7.1 - BND)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PennyBee (HKLM-x32\...\PennyBee) (Version: 1.00.00.00 - PennyBee) <==== ATTENTION!
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC) <==== ATTENTION
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
    RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - systweak.com) <==== ATTENTION
    Re-markit (HKLM-x32\...\1366f773-3476-4d68-acc0-219e692e6fd3) (Version: - Re-markit Software) <==== ATTENTION
    Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
    Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
    Rocket (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    SavetheChildren Reminder by We-Care.com v4.1.22.4 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.4 - We-Care.com)
    Search module (HKLM-x32\...\Search module) (Version: - Search Module) <==== ATTENTION!
    Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.13.48 - Client Connect LTD) <==== ATTENTION
    SearchDonkey (HKLM-x32\...\SearchDonkey) (Version: 2.5.91 - WebAppTech Coding, LLC) <==== ATTENTION
    Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
    Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
    Snap.Do Engine (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\{91111a15-7be0-41a5-b756-644a8f10085b}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
    Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
    Solid Savings (HKLM-x32\...\Solid Savings) (Version: 1.27.153.0 - Innovative Apps)
    SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.9 - Uniblue Systems Limited) <==== ATTENTION
    SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4700 - SRS Labs, Inc.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
    Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM\...\TosPU_is1) (Version: 0.0.64.19B - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM\...\{B483D427-9702-4BE1-B171-756D0C3E230E}) (Version: 2.4.6 - TOSHIBA)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.18.82 - Toshiba Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
    Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    video MediaPlay-Air (HKLM-x32\...\video MediaPlay-Air) (Version: 1.34.7.1 - enter) <==== ATTENTION
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Wajam (HKLM-x32\...\Wajam) (Version: 1.79 - Wajam) <==== ATTENTION!
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
    WSE Rocket (HKLM-x32\...\WSE Rocket) (Version: - WSE Rocket) <==== ATTENTION!
    Yahoo! Search (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== ATTENTION
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
    YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader) <==== ATTENTION!

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    17-12-2014 05:27:56 Windows Update
    05-01-2015 23:06:36 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {05BA58FC-E08D-461E-B55A-FCEF0DC33154} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {06A8DB4B-697B-4937-A068-F07D3CDF4853} - System32\Tasks\iWebar-chromeinstaller => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe <==== ATTENTION
    Task: {0764F78F-264B-4817-AFAE-90D757395FA8} - System32\Tasks\{E5428C95-CA2F-40EF-961A-A50957D5AFCD} => pcalua.exe -a "C:\Program Files (x86)\FMS\Uninstall.exe"
    Task: {0B9DE1FD-6C98-4658-B995-F485959034C2} - System32\Tasks\SPBIW_UpdateTask_Time_333836343835303334352d2d5b50342a4155456c5a236c => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
    Task: {0EC8C596-E560-4896-8725-FB0CCDE72253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
    Task: {121CD599-9FDE-4C4D-A726-6D7440767531} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1 => C:\Program Files (x86)\PalMall\PalMall-codedownloader.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {127F24EA-D86D-48DC-A28F-DB5AA16F8E4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
    Task: {16229990-4EAF-4D96-AEBA-AB7FA0AC9D4A} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {17965C67-2C46-4B4C-A453-002C32CE88D0} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-03-08] (ConsumerInput) <==== ATTENTION
    Task: {285B017D-14AB-4DE4-8374-FA4A703FA34F} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {2930FB7C-EB87-46CD-BC4B-824B9D4979C3} - System32\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-11-26] () <==== ATTENTION
    Task: {29F60423-AF23-4493-83A0-73A4F892E4D8} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
    Task: {2BC6A59F-CA65-42E2-9F99-D74285AE19D8} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-11.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {2E8E3D23-1F09-4B15-8EAF-FDF5353E7679} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-2.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {331D2001-C1B4-466F-9D84-F2DABC4DC27D} - System32\Tasks\Updater26278.exe => C:\Users\michael\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
    Task: {37D99F27-D4AE-4635-A258-40294D5C787C} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe <==== ATTENTION
    Task: {3FF9023A-3D72-46D6-8A8A-5FD3012D7697} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2015-01-05] (Symantec Corporation)
    Task: {41233670-5E85-4A6E-B050-39EEB0DAEBEE} - System32\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-11-26] () <==== ATTENTION
    Task: {41978C42-8932-4E56-A176-012B8111F094} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
    Task: {42719407-214D-4D8A-BC82-8CFA2F5BFB63} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-4.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {48BA66C5-9CE5-4F6C-9B0C-7F91D9CBE1D5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {60E68DCF-CA13-40CC-AFC2-CADABCC81EFB} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {6157D02B-B06E-481B-B9DE-B6BF5D9E3646} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {6C59312F-3E0C-46D2-9043-0D85E52B9485} - System32\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {733F4A68-09B5-45DB-90DE-2AA2C8621D00} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
    Task: {7613DA2A-23C5-4EB6-B4BA-CD8873A5F804} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    Task: {79524917-C578-4213-82D3-82BD2487BCC2} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-11.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {80730C5E-5979-443F-AF57-8764F688DE02} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
    Task: {86F14AD5-AEE3-43DC-B1AA-7ADE31829B4A} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-11] (Systweak)
    Task: {931367DF-98DD-4FA5-A3AE-AAC77F7A6B25} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-4.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {A4EA2991-D0EA-4538-B5E6-1B00D1B7D584} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-12-09] () <==== ATTENTION
    Task: {A7D3A41C-2C1A-43E6-BA3D-FBEE3D6B2CB3} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
    Task: {AA29CA7A-D0D4-493E-AEA7-537FCEE051F9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
    Task: {ACF03591-CAAA-4893-9852-26CAEE647C1D} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {B76D503E-28B5-4F6E-9C84-D817454EB592} - System32\Tasks\iWebar-firefoxinstaller => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe <==== ATTENTION
    Task: {C94A7158-F559-4C74-ACAD-362157ADDB2F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)
    Task: {CC3DB9BC-6B77-41F4-A297-B5261BD9793A} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-03-08] (ConsumerInput) <==== ATTENTION
    Task: {DE50D567-8466-439B-B1D5-DE6DE7CD057F} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-3.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {E2A4AA41-14D6-41C2-9BDC-5F21B97346BB} - System32\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3 => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.exe [2014-07-10] (enter) <==== ATTENTION
    Task: {E3E359BD-21F1-403E-A745-D1E0BA925049} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
    Task: {EDF770DA-FE8D-43C5-BAA1-810147FEE27B} - System32\Tasks\Yahoo! Search Updater => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrsetup.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION
    Task: {EEA0FC31-811F-4D14-86AD-53F73EB27D8E} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {F7A9DCD4-1569-49E3-AFA8-65865697C144} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7 => C:\Program Files (x86)\PalMall\PalMall-nova.exe [2014-10-06] (FileProperties_CompanyName) <==== ATTENTION
    Task: {FB804D2A-5867-41B3-BD6C-0A0CAD6D3610} - System32\Tasks\Yahoo! Search => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION
    Task: {FC5B2C3D-8693-4E07-BE3D-E0E04438AF8B} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6 => C:\Program Files (x86)\PalMall\PalMall-nova.exe [2014-10-06] (FileProperties_CompanyName) <==== ATTENTION
    Task: C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.job => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-11.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-4.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job => C:\Program Files (x86)\PalMall\PalMall-codedownloader.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-11.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-4.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job => C:\Program Files (x86)\PalMall\PalMall-nova.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7.job => C:\Program Files (x86)\PalMall\PalMall-nova.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\iWebar-chromeinstaller.job => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: C:\WINDOWS\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2014-03-08 08:30 - 2014-03-08 08:30 - 00195072 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe
    2010-04-18 07:32 - 2010-04-18 07:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
    2014-07-10 13:19 - 2014-07-10 13:19 - 00071680 _____ () C:\Users\Leticia\AppData\Roaming\VOPackage\VOsrv.exe
    2014-06-30 04:16 - 2014-06-30 04:16 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
    2014-07-07 07:55 - 2014-07-07 07:55 - 00054272 _____ () C:\Program Files (x86)\PennyBee\PennyBee.exe
    2014-07-10 10:14 - 2014-12-21 22:05 - 00524576 _____ () C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
    2014-12-17 13:53 - 2014-12-09 13:48 - 06715176 _____ () C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe
    2013-06-04 10:28 - 2013-06-04 10:28 - 00292424 _____ () C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegratorStub64.dll
    2014-07-10 13:45 - 2014-07-07 11:33 - 03352544 _____ () C:\Users\Leticia\AppData\Local\fst_us_148\upfst_us_148.exe
    2013-11-04 18:22 - 2013-11-04 18:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2012-07-18 20:38 - 2012-07-18 20:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
    2012-08-04 17:01 - 2012-08-04 17:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
    2012-08-13 21:13 - 2012-08-13 21:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
    2014-11-26 05:38 - 2014-11-26 05:38 - 01111936 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
    2013-06-04 10:28 - 2013-06-04 10:28 - 00548936 _____ () C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe
    2013-06-04 10:28 - 2013-06-04 10:28 - 00442952 _____ () C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\HPG64.DLL
    2014-02-21 19:05 - 2014-02-21 19:05 - 00317720 ____N () C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
    2013-08-22 01:19 - 2013-08-22 00:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
    2013-08-22 01:19 - 2013-08-22 00:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
    2013-08-22 01:19 - 2013-08-22 00:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
    2014-07-10 10:07 - 2015-01-05 22:53 - 00529136 _____ () C:\Program Files (x86)\findopolis\updatefindopolis.exe
    2014-12-17 13:32 - 2015-01-05 22:56 - 00529136 _____ () C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe
    2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-08-17 20:39 - 2014-03-16 09:40 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
    2012-11-12 07:17 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2014-12-17 13:54 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
    2014-12-17 13:53 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\ASP\System.Data.SQLite.dll
    2014-12-17 13:53 - 2014-12-09 13:48 - 01730856 _____ () C:\Program Files (x86)\ASP\aspsys.dll
    2014-12-17 13:53 - 2012-07-25 12:03 - 00168448 _____ () C:\Program Files (x86)\ASP\UNRAR.DLL
    2014-12-17 13:53 - 2014-12-09 13:48 - 00064296 _____ () C:\Program Files (x86)\ASP\ScanDll.dll
    2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
    2012-08-17 20:40 - 2012-08-17 20:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Leticia\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\michael\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "ApnUpdater"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Coupon Alert Search Scope Monitor"
    HKLM\...\StartupApproved\Run32: => "ApnTBMon"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-580940030-35127617-3160781262-500 - Administrator - Disabled)
    Guest (S-1-5-21-580940030-35127617-3160781262-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-580940030-35127617-3160781262-1003 - Limited - Enabled)
    Leticia (S-1-5-21-580940030-35127617-3160781262-1001 - Administrator - Enabled) => C:\Users\Leticia
    michael (S-1-5-21-580940030-35127617-3160781262-1004 - Administrator - Enabled) => C:\Users\michael

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/18/2015 09:11:29 AM) (Source: MsiInstaller) (EventID: 10005) (User: GUERRAFAMILY)
    Description: Product: iTunes -- A later version of iTunes is already installed on this computer.

    Error: (01/18/2015 08:59:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
    Faulting module name: twinapi.appcore.dll, version: 6.3.9600.16384, time stamp: 0x5215d806
    Exception code: 0xc000027b
    Fault offset: 0x0000000000056960
    Faulting process id: 0x1174c
    Faulting application start time: 0xbackgroundTaskHost.exe0
    Faulting application path: backgroundTaskHost.exe1
    Faulting module path: backgroundTaskHost.exe2
    Report Id: backgroundTaskHost.exe3
    Faulting package full name: backgroundTaskHost.exe4
    Faulting package-relative application ID: backgroundTaskHost.exe5

    Error: (12/21/2014 10:05:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
    Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
    Exception code: 0xc0000005
    Fault offset: 0x000000000000a746
    Faulting process id: 0xec58
    Faulting application start time: 0xspbia.exe0
    Faulting application path: spbia.exe1
    Faulting module path: spbia.exe2
    Report Id: spbia.exe3
    Faulting package full name: spbia.exe4
    Faulting package-relative application ID: spbia.exe5

    Error: (12/17/2014 01:55:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program speedupmypc.exe version 6.0.3.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1bd4

    Start Time: 01d01a3279272282

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe

    Report Id: b0ded71d-8626-11e4-be9b-001edef8f426

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/17/2014 05:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
    Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
    Exception code: 0xc0000005
    Fault offset: 0x000000000000a746
    Faulting process id: 0x4358
    Faulting application start time: 0xspbia.exe0
    Faulting application path: spbia.exe1
    Faulting module path: spbia.exe2
    Report Id: spbia.exe3
    Faulting package full name: spbia.exe4
    Faulting package-relative application ID: spbia.exe5

    Error: (12/17/2014 05:27:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 29484

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 29484

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/10/2014 06:17:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14047


    System errors:
    =============
    Error: (01/20/2015 05:42:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:42:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:42:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:42:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:42:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:42:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:42:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:42:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:41:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:41:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.


    Microsoft Office Sessions:
    =========================
    Error: (01/18/2015 09:11:29 AM) (Source: MsiInstaller) (EventID: 10005) (User: GUERRAFAMILY)
    Description: Product: iTunes -- A later version of iTunes is already installed on this computer.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (01/18/2015 08:59:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.163845215d806c000027b00000000000569601174c01d0332ef0dda404C:\WINDOWS\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll96035cdd-9f22-11e4-be9b-001edef8f42654490MartinSuchan.APOD_2.0.0.0_neutral__aabn1bapetf12App

    Error: (12/21/2014 10:05:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: spbia.exe1.0.0.453bba89cspbia.exe1.0.0.453bba89cc0000005000000000000a746ec5801d01d9c6c45b8c2C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exed15ddb2c-898f-11e4-be9b-001edef8f426

    Error: (12/17/2014 01:55:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: speedupmypc.exe6.0.3.91bd401d01a32792722824294967295C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exeb0ded71d-8626-11e4-be9b-001edef8f426

    Error: (12/17/2014 05:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: spbia.exe1.0.0.453bba89cspbia.exe1.0.0.453bba89cc0000005000000000000a746435801d019ec535eda88C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exebae7a100-85df-11e4-be9b-001edef8f426

    Error: (12/17/2014 05:27:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 29484

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 29484

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/10/2014 06:17:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14047


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
    Percentage of memory in use: 33%
    Total physical RAM: 6045.84 MB
    Available physical RAM: 4034.21 MB
    Total Pagefile: 7005.84 MB
    Available Pagefile: 4011.2 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (TI10650100G) (Fixed) (Total:687.99 GB) (Free:589.47 GB) NTFS
    Drive d: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.38 GB) FAT32
    Drive e: (Letty) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 3A03A30D)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  4. camsr2000

    camsr2000 Thread Starter

    Joined:
    Jul 21, 2009
    Messages:
    185
    MiniToolBox by Farbar Version: 30-11-2014
    Ran by Leticia (administrator) on 20-01-2015 at 17:50:36
    Running from "C:\Users\Leticia\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is enabled.
    ProxyServer: http=127.0.0.1:13828
    ========================= Hosts content: =================================



    ========================= IP Configuration: ================================

    Intel(R) Centrino(R) Wireless-N 2200 = Wi-Fi (Connected)
    Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled
    add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.2.103 metric=1 publish=Yes
    add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=10.241.128.74 metric=1 publish=Yes
    set interface interface="Ethernet-WFP Native MAC Layer LightWeight Filter-0000" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Guerrafamily
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : attlocal.net

    Wireless LAN adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
    Physical Address. . . . . . . . . : 9C-4E-36-76-8D-21
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wi-Fi:

    Connection-specific DNS Suffix . : attlocal.net
    Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 2200
    Physical Address. . . . . . . . . : 9C-4E-36-76-8D-20
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2602:306:b830:3160:e503:c25f:caee:cf39(Preferred)
    Link-local IPv6 Address . . . . . : fe80::e503:c25f:caee:cf39%4(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Tuesday, January 20, 2015 5:25:15 PM
    Lease Expires . . . . . . . . . . : Wednesday, January 21, 2015 5:25:15 PM
    Default Gateway . . . . . . . . . : fe80::96c1:50ff:fe4f:b301%4
    192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 329010742
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-32-B0-27-00-1E-DE-F8-F4-26
    DNS Servers . . . . . . . . . . . : 192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Ethernet:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
    Physical Address. . . . . . . . . : 00-1E-DE-F8-F4-26
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 12:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:383e:3027:3f57:febf(Preferred)
    Link-local IPv6 Address . . . . . : fe80::383e:3027:3f57:febf%8(Preferred)
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 134217728
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-32-B0-27-00-1E-DE-F8-F4-26
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.attlocal.net:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: homeportal
    Address: 192.168.1.254

    Name: google.com
    Addresses: 2607:f8b0:4000:805::1003
    74.125.227.206
    74.125.227.194
    74.125.227.200
    74.125.227.196
    74.125.227.198
    74.125.227.193
    74.125.227.199
    74.125.227.195
    74.125.227.192
    74.125.227.201
    74.125.227.197


    Pinging google.com [2607:f8b0:4000:805::1003] with 32 bytes of data:
    Request timed out.
    Request timed out.

    Ping statistics for 2607:f8b0:4000:805::1003:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
    Server: homeportal
    Address: 192.168.1.254

    Name: yahoo.com
    Addresses: 206.190.36.45
    98.138.253.109
    98.139.183.24


    Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
    Reply from 206.190.36.45: bytes=32 time=97ms TTL=46
    Reply from 206.190.36.45: bytes=32 time=96ms TTL=46

    Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 96ms, Maximum = 97ms, Average = 96ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    9...9c 4e 36 76 8d 21 ......Microsoft Wi-Fi Direct Virtual Adapter
    4...9c 4e 36 76 8d 20 ......Intel(R) Centrino(R) Wireless-N 2200
    2...00 1e de f8 f4 26 ......Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
    1...........................Software Loopback Interface 1
    8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.64 281
    192.168.1.64 255.255.255.255 On-link 192.168.1.64 281
    192.168.1.255 255.255.255.255 On-link 192.168.1.64 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.64 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.64 281
    ===========================================================================
    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    169.254.0.0 255.255.0.0 192.168.2.103 1
    169.254.0.0 255.255.0.0 10.241.128.74 1
    ===========================================================================

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    4 281 ::/0 fe80::96c1:50ff:fe4f:b301
    1 306 ::1/128 On-link
    8 306 2001::/32 On-link
    8 306 2001:0:5ef5:79fd:383e:3027:3f57:febf/128
    On-link
    4 281 2602:306:b830:3160::/64 On-link
    4 281 2602:306:b830:3160:e503:c25f:caee:cf39/128
    On-link
    4 281 fe80::/64 On-link
    8 306 fe80::/64 On-link
    8 306 fe80::383e:3027:3f57:febf/128
    On-link
    4 281 fe80::e503:c25f:caee:cf39/128
    On-link
    1 306 ff00::/8 On-link
    4 281 ff00::/8 On-link
    8 306 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
    Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
    Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
    Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
    Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (01/18/2015 09:11:29 AM) (Source: MsiInstaller) (User: GUERRAFAMILY)
    Description: Product: iTunes -- A later version of iTunes is already installed on this computer.

    Error: (01/18/2015 08:59:23 AM) (Source: Application Error) (User: )
    Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
    Faulting module name: twinapi.appcore.dll, version: 6.3.9600.16384, time stamp: 0x5215d806
    Exception code: 0xc000027b
    Fault offset: 0x0000000000056960
    Faulting process id: 0x1174c
    Faulting application start time: 0xbackgroundTaskHost.exe0
    Faulting application path: backgroundTaskHost.exe1
    Faulting module path: backgroundTaskHost.exe2
    Report Id: backgroundTaskHost.exe3
    Faulting package full name: backgroundTaskHost.exe4
    Faulting package-relative application ID: backgroundTaskHost.exe5

    Error: (12/21/2014 10:05:52 PM) (Source: Application Error) (User: )
    Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
    Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
    Exception code: 0xc0000005
    Fault offset: 0x000000000000a746
    Faulting process id: 0xec58
    Faulting application start time: 0xspbia.exe0
    Faulting application path: spbia.exe1
    Faulting module path: spbia.exe2
    Report Id: spbia.exe3
    Faulting package full name: spbia.exe4
    Faulting package-relative application ID: spbia.exe5

    Error: (12/17/2014 01:55:47 PM) (Source: Application Hang) (User: )
    Description: The program speedupmypc.exe version 6.0.3.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1bd4

    Start Time: 01d01a3279272282

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe

    Report Id: b0ded71d-8626-11e4-be9b-001edef8f426

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/17/2014 05:27:49 AM) (Source: Application Error) (User: )
    Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
    Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x53bba89c
    Exception code: 0xc0000005
    Fault offset: 0x000000000000a746
    Faulting process id: 0x4358
    Faulting application start time: 0xspbia.exe0
    Faulting application path: spbia.exe1
    Faulting module path: spbia.exe2
    Report Id: spbia.exe3
    Faulting package full name: spbia.exe4
    Faulting package-relative application ID: spbia.exe5

    Error: (12/17/2014 05:27:19 AM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 29484

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 29484

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/10/2014 06:17:46 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14047


    System errors:
    =============
    Error: (01/20/2015 05:50:49 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:49 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:44 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:38 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (01/20/2015 05:50:38 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.


    Microsoft Office Sessions:
    =========================
    Error: (01/18/2015 09:11:29 AM) (Source: MsiInstaller)(User: GUERRAFAMILY)
    Description: Product: iTunes -- A later version of iTunes is already installed on this computer.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (01/18/2015 08:59:23 AM) (Source: Application Error)(User: )
    Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.163845215d806c000027b00000000000569601174c01d0332ef0dda404C:\WINDOWS\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll96035cdd-9f22-11e4-be9b-001edef8f42654490MartinSuchan.APOD_2.0.0.0_neutral__aabn1bapetf12App

    Error: (12/21/2014 10:05:52 PM) (Source: Application Error)(User: )
    Description: spbia.exe1.0.0.453bba89cspbia.exe1.0.0.453bba89cc0000005000000000000a746ec5801d01d9c6c45b8c2C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exed15ddb2c-898f-11e4-be9b-001edef8f426

    Error: (12/17/2014 01:55:47 PM) (Source: Application Hang)(User: )
    Description: speedupmypc.exe6.0.3.91bd401d01a32792722824294967295C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exeb0ded71d-8626-11e4-be9b-001edef8f426

    Error: (12/17/2014 05:27:49 AM) (Source: Application Error)(User: )
    Description: spbia.exe1.0.0.453bba89cspbia.exe1.0.0.453bba89cc0000005000000000000a746435801d019ec535eda88C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exebae7a100-85df-11e4-be9b-001edef8f426

    Error: (12/17/2014 05:27:19 AM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 29484

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 29484

    Error: (07/10/2014 06:18:02 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/10/2014 06:17:46 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14047



    =========================== Installed Programs ============================
    Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
    Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.14452 - systweak.com)
    AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C0F01}) (Version: 12.15.1.17 - APN, LLC)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
    Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
    Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
    Canon MX510 series User Registration (HKLM-x32\...\Canon MX510 series User Registration) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
    Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
    Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp)
    Cinema-Plus-1.2 (HKLM-x32\...\Cinema-Plus-1.2) (Version: 1.34.7.1 - Cinema Plus)
    ClearViewSE (HKLM-x32\...\{67E80218-05FB-45B3-852F-AF06908A1014}) (Version: 5.5.0 - Happy Bytes LLC)
    Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
    CouponAlert Toolbar (HKLM-x32\...\CouponAlert_2pbar Uninstall) (Version: - Mindspark Interactive Network)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC)
    Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD)
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FastAgain PC Booster (HKLM-x32\...\FastAgain PC Booster_is1) (Version: 1.0 - Activeris)
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    findopolis (HKLM\...\findopolis) (Version: 2014.07.10.160549 - findopolis)
    Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
    FreeSoftToday 025.148 (HKLM-x32\...\fst_us_148_is1) (Version: - FREESOFTTODAY)
    FrostWire 5.6.8 (HKLM-x32\...\FrostWire 5) (Version: 5.6.8.1 - FrostWire LLC)
    getsav-in (HKLM-x32\...\getsav-in) (Version: 1.1368186317 - Adpeak, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hoopla (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd)
    Intel PROSet Wireless (Version: - ) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
    iWebar (HKLM-x32\...\iWebar) (Version: 1.34.2.13 - iWebar)
    JFileManager (HKLM-x32\...\JFileManager) (Version: v1.0.0.1 - )
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
    Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
    Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
    LibreOffice 3.5 (HKLM-x32\...\{EF790F1C-CB0C-4B95-8C54-60783F3B6661}) (Version: 3.5.4.2 - The Document Foundation)
    Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
    LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden
    Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
    MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup)
    Mysearchdial (HKCU\...\mysearchdial) (Version: - Mysearchdial)
    MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.4.1.4 - Visicom Media Inc.)
    NetCrawl (HKLM\...\NetCrawl) (Version: 2014.07.10.161444 - NetCrawl)
    NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.2.1 - )
    Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
    Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.43 - Symantec Corporation)
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
    Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
    Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
    Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
    PalMall (HKLM-x32\...\PalMall) (Version: 1.34.7.1 - BND)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PennyBee (HKLM-x32\...\PennyBee) (Version: 1.00.00.00 - PennyBee)
    Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
    RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - systweak.com)
    Re-markit (HKLM-x32\...\1366f773-3476-4d68-acc0-219e692e6fd3) (Version: - Re-markit Software)
    Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited)
    Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
    Rocket (HKCU\...\Rocket) (Version: 31.0.1650.23 - Rocket)
    SavetheChildren Reminder by We-Care.com v4.1.22.4 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.4 - We-Care.com)
    Search module (HKLM-x32\...\Search module) (Version: - Search Module)
    Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.13.48 - Client Connect LTD)
    SearchDonkey (HKLM-x32\...\SearchDonkey) (Version: 2.5.91 - WebAppTech Coding, LLC)
    Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - )
    Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.)
    Snap.Do Engine (HKCU\...\{91111a15-7be0-41a5-b756-644a8f10085b}) (Version: 11.77.1.18240 - ReSoft Ltd.)
    Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - )
    Solid Savings (HKLM-x32\...\Solid Savings) (Version: 1.27.153.0 - Innovative Apps)
    SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.9 - Uniblue Systems Limited)
    SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4700 - SRS Labs, Inc.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
    Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM\...\TosPU_is1) (Version: 0.0.64.19B - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM\...\{B483D427-9702-4BE1-B171-756D0C3E230E}) (Version: 2.4.6 - TOSHIBA)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.18.82 - Toshiba Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC)
    Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    video MediaPlay-Air (HKLM-x32\...\video MediaPlay-Air) (Version: 1.34.7.1 - enter)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Wajam (HKLM-x32\...\Wajam) (Version: 1.79 - Wajam)
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
    WSE Rocket (HKLM-x32\...\WSE Rocket) (Version: - WSE Rocket)
    Yahoo! Search (HKCU\...\Yahoo! Search) (Version: - Pay-By-Ads)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
    YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader)

    ========================= Devices: ================================


    ========================= Memory info: ===================================

    Percentage of memory in use: 32%
    Total physical RAM: 6045.84 MB
    Available physical RAM: 4057.46 MB
    Total Pagefile: 7005.84 MB
    Available Pagefile: 4028.77 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3978.27 MB

    ========================= Partitions: =====================================

    1 Drive c: (TI10650100G) (Fixed) (Total:687.99 GB) (Free:589.47 GB) NTFS
    2 Drive d: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.38 GB) FAT32
    3 Drive e: (Letty) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

    ========================= Users: ========================================

    User accounts for \\GUERRAFAMILY

    Administrator Guest Leticia
    michael

    ========================= Minidump Files ==================================

    No minidump file found


    **** End of log ****
     
  5. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    We have a lot of work to do on this system. You may want to print out these instructions if you can (or at least write down the list of programs to uninstall).

    STEP1 - Manual Uninstalls

    Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

    Advanced-System Protector
    AnyProtect
    Ask Shopping Toolbar
    Catalina Savings Printer
    Cinema-Plus-1.2
    Consumer Input (remove only)
    Coupon Printer for Windows
    CouponAlert Toolbar
    DesktopWeatherAlerts
    Easy Speed PC
    FastAgain PC Booster
    findopolis
    FreeSoftToday 025.148
    FrostWire 5.6.8
    getsav-in
    Hoopla
    MyPC Backup
    Mysearchdial
    MyStart Toolbar
    NetCrawl
    NewPlayer
    Optimizer Pro v3.2
    PalMall
    PricePeep
    RegClean-Pro
    Re-markit
    Remote Desktop Access
    Rocket
    SavetheChildren Reminder by We-Care.com v4.1.22.4
    Search module
    SearchDonkey
    Shopper-Pro
    Snap.Do
    Snap.Do Engine
    Software Version Updater
    Solid Savings
    SpeedUpMyPC
    Uninstall Helper
    video MediaPlay-Air
    Wajam
    WSE Rocket
    Yahoo! Search
    YTDownloader


    To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

    Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

    Also if the software will not uninstall, just make a note of that software and move onto the next on the list. We will get them one way or the other but this can make the job easier somewhat.


    STEP2 - Run a FRST Fixlist script


    Download the attached fixlist.txt file (located at the bottom of this post) and save it to the USB stick and then transfer it to the Desktop of the infected machine.

    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    NOTE: Please disable your AntiVirus while the Fixlist process is running. When the process is done (the system restarted and the log file made) you can enable the AntiVirus then.

    Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

    The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy that file to the USB stick (if the system still does not have internet access) to post it a reply here.


    STEP3 - Rescan with FRST to check for leftovers

    We need to get a fresh scan from FRST.
    • If you still have the Addition.txt file on your desktop, please delete it now.
    • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
    • Please check the Addition.txt in the Option Scan section of FRST.
    • Press the Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

    In this case, if the system still does not have internet access then copy the two new log files (FRST.txt and Addition.txt) to the USB stick and post them here.



    Information to Reply with >>>>
    • How did the uninstalls go?
    • The Fixlog.txt log file text.
    • The new FRST.txt log file text
    • The new Addition.txt log file text
    • How is the system running now?
     

    Attached Files:

  6. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Do you still need any help with this matter?
     
  7. camsr2000

    camsr2000 Thread Starter

    Joined:
    Jul 21, 2009
    Messages:
    185
    David, Yes I do, had several serious family issues come up. I will continue working on it. Still haven't removed all of the programs. Please give me a bit more, thank you for your patience!
     
  8. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Not a problem as real world always comes first and this comes second. Reply when you can.
     
  9. camsr2000

    camsr2000 Thread Starter

    Joined:
    Jul 21, 2009
    Messages:
    185
    thank you for your patience, I ran the FRST here is the first log


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Leticia (administrator) on GUERRAFAMILY on 22-03-2015 17:22:08
    Running from D:\
    Loaded Profiles: Leticia (Available profiles: Leticia & michael)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
    (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    (Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
    () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (Farbar) D:\FRST64 (1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
    HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-06] (SRS Labs, Inc.)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
    HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2014-03-16] (Kaspersky Lab ZAO)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321728&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP65083C4B-FD76-441B-98F1-9677FF492F31&q={searchTerms}&SSPV=
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-16] (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-16] (Kaspersky Lab ZAO)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-02] (Google Inc.)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-16] (Kaspersky Lab ZAO)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2013-05-01] (Yahoo! Inc.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-16] (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-16] (Kaspersky Lab ZAO)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-02] (Google Inc.)
    BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-16] (Kaspersky Lab ZAO)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-02] (Google Inc.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2013-05-01] (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-02] (Google Inc.)
    Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll [2014-03-11] (Symantec Corporation)
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-06-24] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-17] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-03-18]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014-03-16]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www-search.net/?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,
    CHR DefaultSearchKeyword: Default -> yahoo.com
    CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR Profile: C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10]
    CHR Extension: (Google Drive) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-10]
    CHR Extension: (YouTube) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-10]
    CHR Extension: (Safe Money) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-10]
    CHR Extension: (Virtual Keyboard) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-10]
    CHR Extension: (Wajam) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2015-01-21]
    CHR Extension: (Google Wallet) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
    CHR Extension: (Gmail) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10]
    CHR Extension: (Anti-Banner) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-10]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx [2014-03-21]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-03-16] (Kaspersky Lab ZAO)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
    R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
    R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [130104 2014-03-11] (Symantec Corporation)
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2015-01-06] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
    R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-16] (Kaspersky Lab ZAO)
    S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627296 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-16] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-16] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-16] (Kaspersky Lab ZAO)
    R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2014-03-16] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2014-03-16] (Kaspersky Lab ZAO)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
    S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
    R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-18 21:38 - 2015-03-18 21:38 - 00000615 _____ () C:\Users\Leticia\Desktop\Fixlist - Shortcut.lnk
    2015-03-18 21:24 - 2015-03-18 21:24 - 00000642 _____ () C:\Users\Leticia\Desktop\FRST64 (1) - Shortcut.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-22 17:22 - 2015-01-20 18:39 - 00000000 ____D () C:\FRST
    2015-03-22 17:22 - 2014-03-21 03:06 - 01421339 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-03-22 17:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-03-18 22:33 - 2013-03-10 08:17 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-18 21:54 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-03-18 21:51 - 2014-03-16 10:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-03-18 21:50 - 2014-05-14 01:33 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-03-18 21:50 - 2014-04-02 12:17 - 00000000 __RDO () C:\Users\Leticia\SkyDrive
    2015-03-18 21:50 - 2013-03-10 08:17 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-18 21:49 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-03-18 21:48 - 2013-11-14 02:20 - 00177546 _____ () C:\WINDOWS\PFRO.log
    2015-03-18 21:48 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2015-03-18 21:48 - 2012-09-11 01:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-03-18 21:41 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
    2015-03-18 21:22 - 2013-08-22 09:46 - 00327514 _____ () C:\WINDOWS\setupact.log
    2015-03-18 20:36 - 2013-02-10 22:23 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-580940030-35127617-3160781262-1001
    2015-03-18 20:31 - 2013-05-10 06:49 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin

    ==================== Files in the root of some directories =======

    2014-07-10 14:31 - 2014-07-10 14:33 - 0001196 _____ () C:\Users\Leticia\AppData\Roaming\aps.scan.quick.results
    2014-07-10 14:31 - 2014-07-10 14:33 - 0002934 _____ () C:\Users\Leticia\AppData\Roaming\aps.scan.results
    2014-07-10 14:31 - 2014-07-10 14:33 - 0000320 _____ () C:\Users\Leticia\AppData\Roaming\aps.uninstall.scan.results
    2013-08-06 14:02 - 2013-08-06 14:02 - 0000095 _____ () C:\ProgramData\SAH_Install.ini

    Some content of TEMP:
    ====================
    C:\Users\Leticia\AppData\Local\Temp\res.dll
    C:\Users\Leticia\AppData\Local\Temp\tu17p84.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-18 22:02

    ==================== End Of Log ============================
     
  10. camsr2000

    camsr2000 Thread Starter

    Joined:
    Jul 21, 2009
    Messages:
    185
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Leticia at 2015-03-22 17:22:52
    Running from D:\
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
    AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
    Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
    Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
    Canon MX510 series User Registration (HKLM-x32\...\Canon MX510 series User Registration) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
    Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
    Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    ClearViewSE (HKLM-x32\...\{67E80218-05FB-45B3-852F-AF06908A1014}) (Version: 5.5.0 - Happy Bytes LLC)
    CouponAlert Toolbar (HKLM-x32\...\CouponAlert_2pbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DesktopWeatherAlerts (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
    Easy Speed PC (HKLM-x32\...\Easy Speed PC) (Version: 7.0.2 - Probit Software LTD) <==== ATTENTION
    Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)
    iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
    iWebar (HKLM-x32\...\iWebar) (Version: 1.34.2.13 - iWebar) <==== ATTENTION
    JFileManager (HKLM-x32\...\JFileManager) (Version: v1.0.0.1 - )
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
    Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
    Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
    LibreOffice 3.5 (HKLM-x32\...\{EF790F1C-CB0C-4B95-8C54-60783F3B6661}) (Version: 3.5.4.2 - The Document Foundation)
    Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
    LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
    Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader)
    Microsoft SkyDrive (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Mysearchdial (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION
    MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.4.1.4 - Visicom Media Inc.)
    NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.2.1 - ) <==== ATTENTION
    Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
    Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.43 - Symantec Corporation)
    Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
    Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
    Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
    Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
    Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PennyBee (HKLM-x32\...\PennyBee) (Version: 1.00.00.00 - PennyBee) <==== ATTENTION!
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC) <==== ATTENTION
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
    Re-markit (HKLM-x32\...\1366f773-3476-4d68-acc0-219e692e6fd3) (Version: - Re-markit Software) <==== ATTENTION
    Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
    Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
    Rocket (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.13.48 - Client Connect LTD) <==== ATTENTION
    Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
    Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
    Snap.Do Engine (HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\{91111a15-7be0-41a5-b756-644a8f10085b}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
    Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
    SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.9 - Uniblue Systems Limited) <==== ATTENTION
    SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4700 - SRS Labs, Inc.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
    Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM\...\TosPU_is1) (Version: 0.0.64.19B - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM\...\{B483D427-9702-4BE1-B171-756D0C3E230E}) (Version: 2.4.6 - TOSHIBA)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.18.82 - Toshiba Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Wajam (HKLM-x32\...\Wajam) (Version: 1.79 - Wajam) <==== ATTENTION
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
    WSE Rocket (HKLM-x32\...\WSE Rocket) (Version: - WSE Rocket) <==== ATTENTION!
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
    YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-580940030-35127617-3160781262-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Leticia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    21-01-2015 19:46:25 Removed SavetheChildren Reminder by We-Care.com v4.1.22.4
    18-03-2015 20:31:05 Removed Uninstall Helper
    18-03-2015 21:41:06 Restore Point Created by FRST

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {05BA58FC-E08D-461E-B55A-FCEF0DC33154} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {0EC8C596-E560-4896-8725-FB0CCDE72253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
    Task: {127F24EA-D86D-48DC-A28F-DB5AA16F8E4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
    Task: {3FF9023A-3D72-46D6-8A8A-5FD3012D7697} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2015-01-06] (Symantec Corporation)
    Task: {6157D02B-B06E-481B-B9DE-B6BF5D9E3646} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {80730C5E-5979-443F-AF57-8764F688DE02} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: {86F14AD5-AEE3-43DC-B1AA-7ADE31829B4A} - \Right Backup_startup No Task File <==== ATTENTION
    Task: {A7D3A41C-2C1A-43E6-BA3D-FBEE3D6B2CB3} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
    Task: {AA29CA7A-D0D4-493E-AEA7-537FCEE051F9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
    Task: {C94A7158-F559-4C74-ACAD-362157ADDB2F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-08-23] (TOSHIBA Corporation)
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
    2012-08-04 18:01 - 2012-08-04 18:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
    2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
    2013-08-22 02:19 - 2013-08-22 01:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
    2013-08-22 02:19 - 2013-08-22 01:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
    2015-01-21 20:23 - 2015-01-21 20:23 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\8d0f16d53c303f545bdc3bdeeb2a7fb3\Windows.Foundation.ni.dll
    2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-08-17 21:39 - 2014-03-16 10:40 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
    2014-12-17 14:54 - 2013-08-02 20:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
    2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
    2012-08-17 21:40 - 2012-08-17 21:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
    2012-11-12 08:17 - 2012-06-26 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Leticia\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\michael\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    DNS Servers: Media is not connected to internet.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "ApnUpdater"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Coupon Alert Search Scope Monitor"
    HKLM\...\StartupApproved\Run32: => "ApnTBMon"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-580940030-35127617-3160781262-500 - Administrator - Disabled)
    Guest (S-1-5-21-580940030-35127617-3160781262-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-580940030-35127617-3160781262-1003 - Limited - Enabled)
    Leticia (S-1-5-21-580940030-35127617-3160781262-1001 - Administrator - Enabled) => C:\Users\Leticia
    michael (S-1-5-21-580940030-35127617-3160781262-1004 - Administrator - Enabled) => C:\Users\michael

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/18/2015 09:41:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr152.

    System Error:
    The system cannot find the file specified.
    .

    Error: (03/18/2015 08:31:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr152.

    System Error:
    The system cannot find the file specified.
    .

    Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8969

    Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8969

    Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7469

    Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7469

    Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/21/2015 11:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5969

    Error: (01/21/2015 11:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5969


    System errors:
    =============
    Error: (03/22/2015 05:13:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (03/18/2015 09:48:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\IWMSSvc.dll

    Error: (03/18/2015 09:48:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\IWMSSvc.dll

    Error: (03/18/2015 09:48:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\IWMSSvc.dll

    Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VO Service component service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 09:41:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (03/18/2015 09:41:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr152.

    System Error:
    The system cannot find the file specified.

    Error: (03/18/2015 08:31:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr152.

    System Error:
    The system cannot find the file specified.

    Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8969

    Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8969

    Error: (01/21/2015 11:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7469

    Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7469

    Error: (01/21/2015 11:50:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/21/2015 11:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5969

    Error: (01/21/2015 11:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5969


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
    Percentage of memory in use: 20%
    Total physical RAM: 6045.84 MB
    Available physical RAM: 4821.55 MB
    Total Pagefile: 7005.84 MB
    Available Pagefile: 5424.95 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (TI10650100G) (Fixed) (Total:687.99 GB) (Free:592.71 GB) NTFS
    Drive d: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.38 GB) FAT32
    Drive e: (Letty) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 3A03A30D)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  11. camsr2000

    camsr2000 Thread Starter

    Joined:
    Jul 21, 2009
    Messages:
    185
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by Leticia at 2015-03-18 21:41:05 Run:1
    Running from D:\
    Loaded Profiles: Leticia (Available profiles: Leticia & michael)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [Coupon Alert Home Page Guard 64 bit] => C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe [548936 2013-06-04] ()
    HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2049896 2013-12-20] (YTDownloader)
    HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe [3211776 2014-07-08] ()
    HKLM-x32\...\Run: [Coupon Alert Search Scope Monitor] => "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
    HKLM-x32\...\Run: [CouponAlert_2p Browser Plugin Loader] => C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe [30096 2013-06-04] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
    HKLM-x32\...\Run: [fst_us_148] => "C:\Program Files (x86)\fst_us_148\fst_us_148.exe"
    HKLM-x32\...\RunOnce: [upfst_us_148.exe] => C:\Users\Leticia\AppData\Local\fst_us_148\upfst_us_148.exe [3352544 2014-07-07] ()
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe [3211776 2014-07-08] ()
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Exetender] => C:\Program Files (x86)\Hoopla\GPlayer.exe [5043096 2014-03-05] (Exent Technologies Ltd.)
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Easy Speed PC] => C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Run: [Yahoo! Search] => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [634624 2014-12-21] (Pay By Ads LTD)
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AddonNP.lnk
    ShortcutTarget: AddonNP.lnk -> C:\Program Files (x86)\NewPlayer\AddonNP.exe ()
    Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
    ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Leticia\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
    Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
    ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe ()
    Startup: C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
    ShortcutTarget: Weather Alerts.lnk -> C:\Users\Leticia\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
    Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files (x86)\FrostWire 5\FrostWire.exe (FrostWire)
    Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1004\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1001\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-580940030-35127617-3160781262-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-580940030-35127617-3160781262-1001] => http=127.0.0.1:13828
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXI TVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR 31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXI TVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR 31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
    URLSearchHook: HKU\S-1-5-21-580940030-35127617-3160781262-1001 - (No Name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll No File
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXI TVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR 31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
    SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BLui9M8aaXI TVl_ekr8W_bIE88YTif6l1vNGwRC9cZ_I9tX2JUm2mQYVI8QHRlr1sR6fF1WiiX8O2TNW6C9WIR 31yhHrjKtQCqHDhBP81OO5f10ZDU6xcvZxlvM0mde&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= 4&UP=SP65083C4B-FD76-441B-98F1-9677FF492F31&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=bndl1_14_26&cd=2XzuyEtN2Y1L1Qzuzy0CyE0EtA yCyByCzz0DtBtCyCzyzy0DtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCtCtFtBtN1L1Czu1S1 G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2StAzy0E0AyC0A0A0FtG0AyEtByEtGyBtA0A tBtGyCtBzzyBtGtAyBzy0A0B0A0CyD0CtD0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0FyEtByCt BtDyCtGzyyCtCyDtG0D0E0CtCtGzy0Fzz0FtGtBtC0A0ByEyCtB0CtC0B0DyC2Q&cr=46005761 8&ir=
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_cmi_14_28_ch&cd=2XzuyEtN2Y1L1Qzuzy0C yE0EtAyCyByCzz0DtBtCyCzyzy0DtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCyEtFtBtN1L1 CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAzztD0DtA0AyBtAtG0B0CtD0BtGyD0CyC zytGyBtAzyyEtGtCyEtB0CtBtCzztCzzyEyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0FyEtByCt BtDyCtGzyyCtCyDtG0D0E0CtCtGzy0Fzz0FtGtBtC0A0ByEyCtB0CtC0B0DyC2Q&cr=58236296 9&ir=
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> {B45B6130-384E-452D-A2DB-0F3910B9CAB7} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=241
    BHO: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
    BHO: PalMall -> {11111111-1111-1111-1111-110511801132} -> C:\Program Files (x86)\PalMall\PalMall-bho64.dll (BND)
    BHO: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho64.dll (Cinema Plus)
    BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
    BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll No File
    BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll (Compete, Inc.)
    BHO: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    BHO-x32: Solid Savings -> {11111111-1111-1111-1111-110211621178} -> C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll (Innovative Apps)
    BHO-x32: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll No File
    BHO-x32: PalMall -> {11111111-1111-1111-1111-110511801132} -> C:\Program Files (x86)\PalMall\PalMall-bho.dll (BND)
    BHO-x32: Cinema-Plus-1.2 -> {11111111-1111-1111-1111-110611051148} -> C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho.dll (Cinema Plus)
    BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: Toolbar BHO -> {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} -> C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll No File
    BHO-x32: SearchDonkey -> {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> C:\Program Files (x86)\SearchDonkey\IE\common.dll (WebAppTech Coding, LLC)
    BHO-x32: getsav-in 5.0 -> {57437FFF-AF43-472E-9BBD-41AA710B1297} -> C:\Users\michael\AppData\Local\getsav-in\ie\getsav-in_1368186302.dll ()
    BHO-x32: Search Assistant BHO -> {60e91567-ef8a-4520-bce2-83aba5256799} -> C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll No File
    BHO-x32: NetCrawl 1.0.0.5 -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlBHO.dll (NetCrawl)
    BHO-x32: Playtopus Games -> {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} -> C:\Users\michael\AppData\Local\Playtopus\Playtopus.dll (Playtopus)
    BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
    BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll No File
    BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
    BHO-x32: MyStart Toolbar -> {ccb24e92-62c4-4c53-95d2-65f9eed476bc} -> C:\Program Files (x86)\mystarttb\mystartDx.dll No File
    BHO-x32: findopolis 1.0.0.5 -> {ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} -> C:\Program Files (x86)\findopolis\findopolisBHO.dll (findopolis)
    BHO-x32: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" No File
    BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    BHO-x32: PennyBee -> {ECCD8756-E877-457F-8C44-4EC20055DDB5} -> C:\Program Files (x86)\PennyBee\InternetExplorerBHO.dll No File
    BHO-x32: No Name -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> No File
    Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
    Toolbar: HKLM - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll No File
    Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM-x32 - Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll No File
    Toolbar: HKLM-x32 - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" No File
    Toolbar: HKLM-x32 - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll No File
    Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll" No File
    Toolbar: HKU\S-1-5-21-580940030-35127617-3160781262-1001 -> No Name - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - No File
    FF Plugin-x32: @CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File
    FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Hoopla\npExentCtl.dll (Exent Technologies Ltd.)
    FF Plugin HKU\S-1-5-21-580940030-35127617-3160781262-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]_2p.com] - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
    FF Extension: No Name - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2013-06-04]
    FF HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Firefox\Extensions: [{8a1a43a3-ee9f-4fff-9c5c-b3063ee1f0e0}] - C:\Program Files (x86)\Re-markit-soft\157.xpi
    FF HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
    CHR StartupUrls: Default -> "hxxp://www-search.net/?s=E38zadku1,4c000c15-cb58-4f23-b0a2-2a12673d72db,"
    CHR DefaultSuggestURL: Default -> https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Extension: (iWebar) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam [2014-07-10]
    CHR Extension: (Search) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10]
    CHR Extension: (video MediaPlay-Air) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf [2014-07-10]
    CHR Extension: (MySearchDial) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-07-10]
    CHR Extension: (Rocket New Tab) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-10]
    CHR Extension: (findopolis) - C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlbmmdblljkdkicbjdfplphhplkndeg [2014-12-21]
    CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
    CHR HKLM\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
    CHR HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
    CHR HKU\S-1-5-21-580940030-35127617-3160781262-1001\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\michael\AppData\Local\Wajam\Chrome\wajam.crx [2013-05-02]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
    R4 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-24] (Just Develop It) <==== ATTENTION
    S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-03-08] (ConsumerInput)
    S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-03-08] (ConsumerInput)
    R4 CouponAlert_2pService; C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe [42504 2013-06-04] (COMPANYVERS_NAME)
    R4 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-06-30] () [File not signed]
    R4 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [54272 2014-07-07] () [File not signed] <==== ATTENTION
    R4 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe [195072 2014-03-08] () [File not signed] <==== ATTENTION
    R4 servervo; C:\Users\Leticia\AppData\Roaming\VOPackage\VOsrv.exe [71680 2014-07-10] () [File not signed] <==== ATTENTION
    R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2708328 2014-08-27] (Search Module Ltd.)
    S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-07-08] (ShopperPro)
    R2 Update findopolis; C:\Program Files (x86)\findopolis\updatefindopolis.exe [529136 2015-01-05] ()
    R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [524576 2014-12-21] ()
    R2 Util findopolis; C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe [529136 2015-01-05] ()
    R4 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam) [File not signed] <==== ATTENTION
    R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42856 2014-08-27] ()
    R2 X5XSEx_Pr152; C:\Program Files (x86)\Hoopla\X5XSEx_Pr152.Sys [56584 2013-07-18] (Exent Technologies Ltd.)
    R1 {173745cd-3937-468f-98f6-d68898d32d98}w64; C:\Windows\System32\drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys [48784 2015-01-05] (StdLib)
    R1 {1de0dec0-675e-482f-a756-fd24c6796c8e}w64; C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys [48832 2014-12-17] (StdLib)
    R4 sbmntr; \??\C:\Program Files (x86)\YTDownloader\sbmntr.sys [X]
    R4 SPDRIVER_1.35.1.155; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [X]
    R2 SPDRIVER_1.37.0.193; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.sys [X]
    Task: {06A8DB4B-697B-4937-A068-F07D3CDF4853} - System32\Tasks\iWebar-chromeinstaller => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe <==== ATTENTION
    Task: {0764F78F-264B-4817-AFAE-90D757395FA8} - System32\Tasks\{E5428C95-CA2F-40EF-961A-A50957D5AFCD} => pcalua.exe -a "C:\Program Files (x86)\FMS\Uninstall.exe"
    Task: {0B9DE1FD-6C98-4658-B995-F485959034C2} - System32\Tasks\SPBIW_UpdateTask_Time_333836343835303334352d2d5b50342a415545 6c5a236c => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
    Task: {121CD599-9FDE-4C4D-A726-6D7440767531} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1 => C:\Program Files (x86)\PalMall\PalMall-codedownloader.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {16229990-4EAF-4D96-AEBA-AB7FA0AC9D4A} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {17965C67-2C46-4B4C-A453-002C32CE88D0} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-03-08] (ConsumerInput) <==== ATTENTION
    Task: {285B017D-14AB-4DE4-8374-FA4A703FA34F} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {2930FB7C-EB87-46CD-BC4B-824B9D4979C3} - System32\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-11-26] () <==== ATTENTION
    Task: {29F60423-AF23-4493-83A0-73A4F892E4D8} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
    Task: {2BC6A59F-CA65-42E2-9F99-D74285AE19D8} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-11.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {2E8E3D23-1F09-4B15-8EAF-FDF5353E7679} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-2.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {331D2001-C1B4-466F-9D84-F2DABC4DC27D} - System32\Tasks\Updater26278.exe => C:\Users\michael\AppData\Local\Updater26278\Updater26278.exe <==== ATTENTION
    Task: {37D99F27-D4AE-4635-A258-40294D5C787C} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe <==== ATTENTION
    Task: {41233670-5E85-4A6E-B050-39EEB0DAEBEE} - System32\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2014-11-26] () <==== ATTENTION
    Task: {41978C42-8932-4E56-A176-012B8111F094} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
    Task: {42719407-214D-4D8A-BC82-8CFA2F5BFB63} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-4.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {48BA66C5-9CE5-4F6C-9B0C-7F91D9CBE1D5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {60E68DCF-CA13-40CC-AFC2-CADABCC81EFB} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {6C59312F-3E0C-46D2-9043-0D85E52B9485} - System32\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {733F4A68-09B5-45DB-90DE-2AA2C8621D00} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
    Task: {7613DA2A-23C5-4EB6-B4BA-CD8873A5F804} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    Task: {79524917-C578-4213-82D3-82BD2487BCC2} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-11.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {931367DF-98DD-4FA5-A3AE-AAC77F7A6B25} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-4.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {A4EA2991-D0EA-4538-B5E6-1B00D1B7D584} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [2014-12-09] () <==== ATTENTION
    Task: {ACF03591-CAAA-4893-9852-26CAEE647C1D} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7 => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {B76D503E-28B5-4F6E-9C84-D817454EB592} - System32\Tasks\iWebar-firefoxinstaller => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe <==== ATTENTION
    Task: {CC3DB9BC-6B77-41F4-A297-B5261BD9793A} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-03-08] (ConsumerInput) <==== ATTENTION
    Task: {DE50D567-8466-439B-B1D5-DE6DE7CD057F} - System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3 => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-3.exe [2014-07-10] (Cinema Plus) <==== ATTENTION
    Task: {E2A4AA41-14D6-41C2-9BDC-5F21B97346BB} - System32\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3 => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.exe [2014-07-10] (enter) <==== ATTENTION
    Task: {E3E359BD-21F1-403E-A745-D1E0BA925049} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-12-08] () <==== ATTENTION
    Task: {EDF770DA-FE8D-43C5-BAA1-810147FEE27B} - System32\Tasks\Yahoo! Search Updater => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrsetup.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION
    Task: {EEA0FC31-811F-4D14-86AD-53F73EB27D8E} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5 => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe [2014-07-10] (BND) <==== ATTENTION
    Task: {F7A9DCD4-1569-49E3-AFA8-65865697C144} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7 => C:\Program Files (x86)\PalMall\PalMall-nova.exe [2014-10-06] (FileProperties_CompanyName) <==== ATTENTION
    Task: {FB804D2A-5867-41B3-BD6C-0A0CAD6D3610} - System32\Tasks\Yahoo! Search => C:\Users\Leticia\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION
    Task: {FC5B2C3D-8693-4E07-BE3D-E0E04438AF8B} - System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6 => C:\Program Files (x86)\PalMall\PalMall-nova.exe [2014-10-06] (FileProperties_CompanyName) <==== ATTENTION
    Task: C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.job => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job => C:\Program Files (x86)\video MediaPlay-Air\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-codedownloader.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-11.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-3.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-4.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-novainstaller.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7.job => C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-nova.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job => C:\Program Files (x86)\PalMall\PalMall-codedownloader.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-11.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-4.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job => C:\Program Files (x86)\PalMall\98bd8955-5681-454d-960c-17eab7511bad-5.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job => C:\Program Files (x86)\PalMall\PalMall-nova.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7.job => C:\Program Files (x86)\PalMall\PalMall-nova.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\iWebar-chromeinstaller.job => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2.job => C:\Program Files (x86)\Cinema-Plus-1.2\56ce3484-b669-4c8b-8489-666612b8aac7-2.exe <==== ATTENTION
    C:\Program Files (x86)\CouponAlert_2p
    C:\Program Files (x86)\AskPartnerNetwork
    C:\Program Files (x86)\YTDownloader
    C:\Program Files (x86)\ShopperPro
    C:\PROGRA~2\COUPON~2
    C:\Program Files (x86)\AnyProtectEx
    C:\Program Files (x86)\fst_us_148
    C:\Users\Leticia\AppData\Local\fst_us_148
    C:\Program Files (x86)\ShopperPro
    C:\Program Files (x86)\Optimizer Pro
    C:\Program Files (x86)\Hoopla
    C:\Program Files (x86)\Probit Software
    C:\Users\Leticia\AppData\Local\Pay-By-Ads
    C:\Program Files (x86)\NewPlayer
    C:\Users\Leticia\AppData\Local\WeatherAlerts
    C:\Program Files (x86)\PricePeep
    C:\Program Files (x86)\FrostWire 5
    C:\Program Files (x86)\MyPC Backup
    C:\Program Files (x86)\iWebar
    C:\Program Files (x86)\PalMall
    C:\Program Files (x86)\Cinema-Plus-1.2
    C:\ProgramData\ShopperPro
    C:\Program Files (x86)\Consumer Input
    C:\Program Files (x86)\Solid Savings
    C:\Program Files (x86)\SearchDonkey
    C:\Users\michael\AppData\Local\getsav-in
    C:\Program Files (x86)\NetCrawl
    C:\Users\michael\AppData\Local\Playtopus
    C:\Program Files (x86)\Wajam
    C:\Program Files (x86)\mystarttb
    C:\Program Files (x86)\findopolis
    C:\ProgramData\WeCareReminder
    C:\Program Files (x86)\PennyBee
    C:\Program Files (x86)\Re-markit-soft
    C:\ProgramData\AskPartnerNetwork
    C:\Program Files (x86)\MyPC Backup
    C:\Program Files (x86)\Consumer Input
    C:\Program Files (x86)\CouponAlert_2p
    C:\Program Files (x86)\NewPlayer
    C:\Program Files (x86)\PennyBee
    C:\Program Files (x86)\Re-markit-soft
    C:\Users\Leticia\AppData\Roaming\VOPackage
    C:\Program Files\Common Files\Goobzo
    C:\Program Files\Common Files\ShopperPro
    C:\Program Files (x86)\findopolis
    C:\Program Files (x86)\NetCrawl
    C:\Windows\System32\drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys
    C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys
    C:\Program Files (x86)\YTDownloader
    C:\Program Files (x86)\FMS
    C:\Program Files (x86)\RegClean Pro
    C:\Users\michael\AppData\Local\Updater26278
    C:\PROGRA~1\COMMON~1\System\SysMenu.dll
    C:\Program Files (x86)\ASP
    2015-01-05 22:51 - 2015-01-05 13:26 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys
    2014-12-21 22:19 - 2014-12-21 22:19 - 00000000 ____D () C:\Users\Leticia\AppData\Roaming\ASP
    2014-12-21 22:09 - 2014-12-21 22:09 - 00003506 _____ () C:\WINDOWS\System32\Tasks\Yahoo! Search
    2014-12-21 22:08 - 2014-12-21 22:08 - 00003510 _____ () C:\WINDOWS\System32\Tasks\Yahoo! Search Updater
    2014-12-21 22:08 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Leticia\AppData\Local\Pay-By-Ads
    2014-12-21 22:08 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Leticia\AppData\Local\Local_Weather_LLC
    2015-01-05 22:53 - 2014-07-10 13:31 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
    2015-01-05 22:51 - 2014-12-17 13:49 - 00001350 _____ () C:\Users\Leticia\Desktop\Clean Registry for Free!.lnk
    2015-01-05 22:50 - 2014-07-10 13:45 - 00000000 ____D () C:\Users\Leticia\AppData\Local\fst_us_148
    2015-01-05 22:50 - 2014-07-10 13:21 - 00000000 ____D () C:\Program Files (x86)\findopolis
    2014-12-21 22:08 - 2014-12-17 13:53 - 00003076 _____ () C:\WINDOWS\System32\Tasks\Advanced-System Protector_startup
    2014-12-21 22:08 - 2014-07-10 13:33 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
    2014-12-21 22:07 - 2014-07-10 13:46 - 00003830 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00003156 _____ () C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00002460 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00002240 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00001600 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00001600 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job
    2014-12-21 22:07 - 2014-07-10 13:46 - 00001390 _____ () C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00002140 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00002112 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00002112 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00001522 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job
    2014-12-21 22:07 - 2014-07-10 13:38 - 00001336 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job
    2014-12-21 22:07 - 2014-07-10 13:37 - 00003470 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job
    2014-12-21 22:07 - 2014-07-10 13:37 - 00002814 _____ () C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job
    2014-12-21 22:06 - 2014-07-10 13:31 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
    2014-07-10 13:31 - 2014-07-10 14:37 - 0573493 _____ (ClickMeIn Limited) C:\Users\Leticia\AppData\Local\AnyProtectScannerSetup.exe
    C:\Users\Leticia\AppData\Local\Temp\ShopperProJSFull.exe
    C:\Users\Leticia\AppData\Local\Temp\ShopperProJSINJFull.exe
    C:\Users\Leticia\AppData\Local\Temp\SPSetup.exe
    C:\Users\Leticia\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_31441.exe
    C:\Users\michael\AppData\Local\Temp\SPSetup.exe
    File: C:\windows\system32\mscoree.dll
    File: C:\windows\SysWOW64\mscoree.dll
    cmd: ipconfig /flushdns
    cmd: netsh advfirewall reset
    cmd: netsh advfirewall set allprofiles state on
    Reboot:
    end


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Coupon Alert Home Page Guard 64 bit => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Coupon Alert Search Scope Monitor => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CouponAlert_2p Browser Plugin Loader => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_148 => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upfst_us_148.exe => Value not found.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Speed PC => value deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => Value not found.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
    "C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => Value Data removed successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AddonNP.lnk => Moved successfully.
    C:\Program Files (x86)\NewPlayer\AddonNP.exe => Moved successfully.
    C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk => Moved successfully.
    C:\Users\Leticia\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
    C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk => Moved successfully.
    C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe => Moved successfully.
    C:\Users\Leticia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk => Moved successfully.
    C:\Users\Leticia\AppData\Local\WeatherAlerts\WeatherAlerts.exe => Moved successfully.
    C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk => Moved successfully.
    C:\Program Files (x86)\FrostWire 5\FrostWire.exe not found.
    C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
    C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
    C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
    C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1004\User => Moved successfully.
    C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-580940030-35127617-3160781262-1001\User => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
    HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully.
    HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= => Value not found.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
    HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully.
    HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
    HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key deleted successfully.
    HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B45B6130-384E-452D-A2DB-0F3910B9CAB7}" => Key deleted successfully.
    HKCR\CLSID\{B45B6130-384E-452D-A2DB-0F3910B9CAB7} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}" => Key deleted successfully.
    "HKCR\CLSID\{11111111-1111-1111-1111-110311551110}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801132} => Key not found.
    HKCR\CLSID\{11111111-1111-1111-1111-110511801132} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611051148} => Key not found.
    HKCR\CLSID\{11111111-1111-1111-1111-110611051148} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
    "HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
    "HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
    HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully.
    "HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178} => Key not found.
    HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211621178} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311551110}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801132} => Key not found.
    HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511801132} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611051148} => Key not found.
    HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611051148} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} => Key not found.
    HKCR\Wow6432Node\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57437FFF-AF43-472E-9BBD-41AA710B1297}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{57437FFF-AF43-472E-9BBD-41AA710B1297}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769a91da-209f-47fe-88b9-b0321b0982c8} => Key not found.
    HKCR\Wow6432Node\CLSID\{769a91da-209f-47fe-88b9-b0321b0982c8} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
    HKCR\Wow6432Node\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} => Key not found.
    HKCR\Wow6432Node\CLSID\{ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    "HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} => Key not found.
    "HKCR\Wow6432Node\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECCD8756-E877-457F-8C44-4EC20055DDB5}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{ECCD8756-E877-457F-8C44-4EC20055DDB5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
    "HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} => value deleted successfully.
    "HKCR\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3462c343-be19-4143-af70-cefb56f46fc6} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
    HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} => value deleted successfully.
    HKCR\Wow6432Node\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc} => Key not found.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3462C343-BE19-4143-AF70-CEFB56F46FC6} => value deleted successfully.
    HKCR\CLSID\{3462C343-BE19-4143-AF70-CEFB56F46FC6} => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@CouponAlert_2p.com/Plugin" => Key deleted successfully.
    HKLM\Software\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0 => Key not found.
    C:\Program Files (x86)\Hoopla\npExentCtl.dll not found.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
    C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]_2p.com => value deleted successfully.
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin => Moved successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Mozilla\Firefox\Extensions\\{8a1a43a3-ee9f-4fff-9c5c-b3063ee1f0e0} => value deleted successfully.
    HKU\S-1-5-21-580940030-35127617-3160781262-1001\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSuggestURL deleted successfully.
    C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam => Moved successfully.
    C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => Moved successfully.
    C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf directory not found.
    C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa => Moved successfully.
    C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom => Moved successfully.
    C:\Users\Leticia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlbmmdblljkdkicbjdfplphhplkndeg directory not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa" => Key deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa" => Key deleted successfully.
    "HKU\S-1-5-21-580940030-35127617-3160781262-1001\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp" => Key deleted successfully.
    C:\Users\michael\AppData\Local\Wajam\Chrome\wajam.crx => Moved successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => Key deleted successfully.
    BackupStack => Service not found.
    consumerinput_update => Service not found.
    consumerinput_updatem => Service not found.
    CouponAlert_2pService => Service not found.
    NewPlayerUpdaterService => Service not found.
    PennyBee => Service not found.
    Re-markit => Service not found.
    servervo => Service not found.
    SMUpd => Service not found.
    SPBIUpd => Service deleted successfully.
    Update findopolis => Service not found.
    Update NetCrawl => Service not found.
    Util findopolis => Service not found.
    WajamUpdater => Service not found.
    SMUpdd => Service deleted successfully.
    X5XSEx_Pr152 => Service not found.
    {173745cd-3937-468f-98f6-d68898d32d98}w64 => Unable to stop service
    {173745cd-3937-468f-98f6-d68898d32d98}w64 => Service deleted successfully.
    {1de0dec0-675e-482f-a756-fd24c6796c8e}w64 => Unable to stop service
    {1de0dec0-675e-482f-a756-fd24c6796c8e}w64 => Service deleted successfully.
    sbmntr => Unable to stop service
    sbmntr => Service deleted successfully.
    SPDRIVER_1.35.1.155 => Unable to stop service
    SPDRIVER_1.35.1.155 => Service deleted successfully.
    SPDRIVER_1.37.0.193 => Unable to stop service
    SPDRIVER_1.37.0.193 => Service deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06A8DB4B-697B-4937-A068-F07D3CDF4853}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06A8DB4B-697B-4937-A068-F07D3CDF4853}" => Key deleted successfully.
    C:\Windows\System32\Tasks\iWebar-chromeinstaller => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-chromeinstaller" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0764F78F-264B-4817-AFAE-90D757395FA8}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0764F78F-264B-4817-AFAE-90D757395FA8}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{E5428C95-CA2F-40EF-961A-A50957D5AFCD} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E5428C95-CA2F-40EF-961A-A50957D5AFCD}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B9DE1FD-6C98-4658-B995-F485959034C2}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B9DE1FD-6C98-4658-B995-F485959034C2}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333836343835303334352d2d5b50342a415545 6c5a236c not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333836343835303334352d2d5b50342a415545 6c5a236c => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{121CD599-9FDE-4C4D-A726-6D7440767531} => Key not found.
    C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-1 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16229990-4EAF-4D96-AEBA-AB7FA0AC9D4A} => Key not found.
    C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-5_user => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17965C67-2C46-4B4C-A453-002C32CE88D0} => Key not found.
    C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{285B017D-14AB-4DE4-8374-FA4A703FA34F} => Key not found.
    C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-6 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2930FB7C-EB87-46CD-BC4B-824B9D4979C3} => Key not found.
    C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F60423-AF23-4493-83A0-73A4F892E4D8} => Key not found.
    C:\Windows\System32\Tasks\RegClean Pro_DEFAULT not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BC6A59F-CA65-42E2-9F99-D74285AE19D8} => Key not found.
    C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-11 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E8E3D23-1F09-4B15-8EAF-FDF5353E7679} => Key not found.
    C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-2 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331D2001-C1B4-466F-9D84-F2DABC4DC27D} => Key not found.
    C:\Windows\System32\Tasks\Updater26278.exe not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37D99F27-D4AE-4635-A258-40294D5C787C} => Key not found.
    C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-1 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41233670-5E85-4A6E-B050-39EEB0DAEBEE} => Key not found.
    C:\Windows\System32\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-580940030-35127617-3160781262-1001 => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41978C42-8932-4E56-A176-012B8111F094}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41978C42-8932-4E56-A176-012B8111F094}" => Key deleted successfully.
    C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42719407-214D-4D8A-BC82-8CFA2F5BFB63} => Key not found.
    C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-4 => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48BA66C5-9CE5-4F6C-9B0C-7F91D9CBE1D5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BA66C5-9CE5-4F6C-9B0C-7F91D9CBE1D5}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60E68DCF-CA13-40CC-AFC2-CADABCC81EFB} => Key not found.
    C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-2 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C59312F-3E0C-46D2-9043-0D85E52B9485} => Key not found.
    C:\Windows\System32\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{733F4A68-09B5-45DB-90DE-2AA2C8621D00} => Key not found.
    C:\Windows\System32\Tasks\RegClean Pro not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7613DA2A-23C5-4EB6-B4BA-CD8873A5F804}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7613DA2A-23C5-4EB6-B4BA-CD8873A5F804}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79524917-C578-4213-82D3-82BD2487BCC2} => Key not found.
    C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-11 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{931367DF-98DD-4FA5-A3AE-AAC77F7A6B25} => Key not found.
    C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-4 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4EA2991-D0EA-4538-B5E6-1B00D1B7D584} => Key not found.
    C:\Windows\System32\Tasks\Advanced-System Protector_startup not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACF03591-CAAA-4893-9852-26CAEE647C1D} => Key not found.
    C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-7 => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B76D503E-28B5-4F6E-9C84-D817454EB592}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B76D503E-28B5-4F6E-9C84-D817454EB592}" => Key deleted successfully.
    C:\Windows\System32\Tasks\iWebar-firefoxinstaller => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-firefoxinstaller" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC3DB9BC-6B77-41F4-A297-B5261BD9793A} => Key not found.
    C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE50D567-8466-439B-B1D5-DE6DE7CD057F} => Key not found.
    C:\Windows\System32\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\56ce3484-b669-4c8b-8489-666612b8aac7-3 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2A4AA41-14D6-41C2-9BDC-5F21B97346BB} => Key not found.
    C:\Windows\System32\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3E359BD-21F1-403E-A745-D1E0BA925049} => Key not found.
    C:\Windows\System32\Tasks\RegClean Pro_UPDATES not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDF770DA-FE8D-43C5-BAA1-810147FEE27B} => Key not found.
    C:\Windows\System32\Tasks\Yahoo! Search Updater not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA0FC31-811F-4D14-86AD-53F73EB27D8E} => Key not found.
    C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-5 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A9DCD4-1569-49E3-AFA8-65865697C144} => Key not found.
    C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-7 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB804D2A-5867-41B3-BD6C-0A0CAD6D3610} => Key not found.
    C:\Windows\System32\Tasks\Yahoo! Search not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC5B2C3D-8693-4E07-BE3D-E0E04438AF8B} => Key not found.
    C:\Windows\System32\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\98bd8955-5681-454d-960c-17eab7511bad-6 => Key not found.
    C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-11.job not found.
    C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job not found.
    C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job not found.
    C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job not found.
    C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job not found.
    C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job not found.
    C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job not found.
    C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job not found.
    C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-7.job not found.
    C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job not found.
    C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job not found.
    C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job not found.
    C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job not found.
    C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job not found.
    C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job not found.
    C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job not found.
    C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-7.job not found.
    C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-580940030-35127617-3160781262-1001.job not found.
    C:\WINDOWS\Tasks\CIMT_S-1-5-21-580940030-35127617-3160781262-1001.job not found.
    C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job not found.
    C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job not found.
    C:\WINDOWS\Tasks\iWebar-chromeinstaller.job => Moved successfully.
    C:\WINDOWS\Tasks\iWebar-firefoxinstaller.job => Moved successfully.
    C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job not found.
    C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job not found.
    C:\WINDOWS\Tasks\temp_56ce3484-b669-4c8b-8489-666612b8aac7-2.job not found.
    C:\Program Files (x86)\CouponAlert_2p => Moved successfully.
    "C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
    C:\Program Files (x86)\YTDownloader => Moved successfully.
    C:\Program Files (x86)\ShopperPro => Moved successfully.
    "C:\PROGRA~2\COUPON~2" => File/Directory not found.
    "C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
    "C:\Program Files (x86)\fst_us_148" => File/Directory not found.
    "C:\Users\Leticia\AppData\Local\fst_us_148" => File/Directory not found.
    "C:\Program Files (x86)\ShopperPro" => File/Directory not found.
    C:\Program Files (x86)\Optimizer Pro => Moved successfully.
    "C:\Program Files (x86)\Hoopla" => File/Directory not found.
    C:\Program Files (x86)\Probit Software => Moved successfully.
    C:\Users\Leticia\AppData\Local\Pay-By-Ads => Moved successfully.
    C:\Program Files (x86)\NewPlayer => Moved successfully.
    C:\Users\Leticia\AppData\Local\WeatherAlerts => Moved successfully.
    C:\Program Files (x86)\PricePeep => Moved successfully.
    "C:\Program Files (x86)\FrostWire 5" => File/Directory not found.
    C:\Program Files (x86)\MyPC Backup => Moved successfully.
    "C:\Program Files (x86)\iWebar" => File/Directory not found.
    "C:\Program Files (x86)\PalMall" => File/Directory not found.
    "C:\Program Files (x86)\Cinema-Plus-1.2" => File/Directory not found.
    C:\ProgramData\ShopperPro => Moved successfully.
    "C:\Program Files (x86)\Consumer Input" => File/Directory not found.
    "C:\Program Files (x86)\Solid Savings" => File/Directory not found.
    "C:\Program Files (x86)\SearchDonkey" => File/Directory not found.
    "C:\Users\michael\AppData\Local\getsav-in" => File/Directory not found.
    "C:\Program Files (x86)\NetCrawl" => File/Directory not found.
    C:\Users\michael\AppData\Local\Playtopus => Moved successfully.
    C:\Program Files (x86)\Wajam => Moved successfully.
    "C:\Program Files (x86)\mystarttb" => File/Directory not found.
    "C:\Program Files (x86)\findopolis" => File/Directory not found.
    "C:\ProgramData\WeCareReminder" => File/Directory not found.
    C:\Program Files (x86)\PennyBee => Moved successfully.
    C:\Program Files (x86)\Re-markit-soft => Moved successfully.
    "C:\ProgramData\AskPartnerNetwork" => File/Directory not found.
    "C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
    "C:\Program Files (x86)\Consumer Input" => File/Directory not found.
    "C:\Program Files (x86)\CouponAlert_2p" => File/Directory not found.
    "C:\Program Files (x86)\NewPlayer" => File/Directory not found.
    "C:\Program Files (x86)\PennyBee" => File/Directory not found.
    "C:\Program Files (x86)\Re-markit-soft" => File/Directory not found.
    C:\Users\Leticia\AppData\Roaming\VOPackage => Moved successfully.
    C:\Program Files\Common Files\Goobzo => Moved successfully.
    C:\Program Files\Common Files\ShopperPro => Moved successfully.
    "C:\Program Files (x86)\findopolis" => File/Directory not found.
    "C:\Program Files (x86)\NetCrawl" => File/Directory not found.
    C:\Windows\System32\drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys => Moved successfully.
    C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys => Moved successfully.
    "C:\Program Files (x86)\YTDownloader" => File/Directory not found.
    "C:\Program Files (x86)\FMS" => File/Directory not found.
    "C:\Program Files (x86)\RegClean Pro" => File/Directory not found.
    C:\Users\michael\AppData\Local\Updater26278 => Moved successfully.
    "C:\PROGRA~1\COMMON~1\System\SysMenu.dll" => File/Directory not found.
    "C:\Program Files (x86)\ASP" => File/Directory not found.
    "C:\WINDOWS\system32\Drivers\{173745cd-3937-468f-98f6-d68898d32d98}w64.sys" => File/Directory not found.
    C:\Users\Leticia\AppData\Roaming\ASP => Moved successfully.
    "C:\WINDOWS\System32\Tasks\Yahoo! Search" => File/Directory not found.
    "C:\WINDOWS\System32\Tasks\Yahoo! Search Updater" => File/Directory not found.
    "C:\Users\Leticia\AppData\Local\Pay-By-Ads" => File/Directory not found.
    C:\Users\Leticia\AppData\Local\Local_Weather_LLC => Moved successfully.
    "C:\WINDOWS\System32\Tasks\RegClean Pro" => File/Directory not found.
    "C:\Users\Leticia\Desktop\Clean Registry for Free!.lnk" => File/Directory not found.
    "C:\Users\Leticia\AppData\Local\fst_us_148" => File/Directory not found.
    "C:\Program Files (x86)\findopolis" => File/Directory not found.
    "C:\WINDOWS\System32\Tasks\Advanced-System Protector_startup" => File/Directory not found.
    C:\WINDOWS\System32\Tasks\Right Backup_startup => Moved successfully.
    "C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-11.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\2b6328a9-11c8-46e0-8547-2efb3aafcaa4-3.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-3.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-4.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-6.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-1.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\56ce3484-b669-4c8b-8489-666612b8aac7-2.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-4.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5_user.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-5.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-1.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-2.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-11.job" => File/Directory not found.
    "C:\WINDOWS\Tasks\98bd8955-5681-454d-960c-17eab7511bad-6.job" => File/Directory not found.
    "C:\Program Files (x86)\NetCrawl" => File/Directory not found.
    C:\Users\Leticia\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully.
    C:\Users\Leticia\AppData\Local\Temp\ShopperProJSFull.exe => Moved successfully.
    C:\Users\Leticia\AppData\Local\Temp\ShopperProJSINJFull.exe => Moved successfully.
    C:\Users\Leticia\AppData\Local\Temp\SPSetup.exe => Moved successfully.
    C:\Users\Leticia\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_31441.exe => Moved successfully.
    C:\Users\michael\AppData\Local\Temp\SPSetup.exe => Moved successfully.

    ========================= File: C:\windows\system32\mscoree.dll ========================

    MD5: 2A857CCAFE18B1D396484AC9CC0B9B80
    Creation and modification date: 2013-08-22 06:04 - 2013-08-22 06:04
    Size: 0382976
    Attributes: ----A
    Company Name: Microsoft Corporation
    Internal Name: mscoree.dll
    Original Name: mscoree.dll
    Product Name: Microsoft® Windows® Operating System
    Description: Microsoft .NET Runtime Execution Engine
    File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
    Product Version: 6.3.9600.16384
    Copyright: © Microsoft Corporation. All rights reserved.

    ====== End Of File: ======


    ========================= File: C:\windows\SysWOW64\mscoree.dll ========================

    MD5: 84F20198CAE435DE32ABDB4511550BD7
    Creation and modification date: 2013-08-21 22:40 - 2013-08-21 22:40
    Size: 0330240
    Attributes: ----A
    Company Name: Microsoft Corporation
    Internal Name: mscoree.dll
    Original Name: mscoree.dll
    Product Name: Microsoft® Windows® Operating System
    Description: Microsoft .NET Runtime Execution Engine
    File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
    Product Version: 6.3.9600.16384
    Copyright: © Microsoft Corporation. All rights reserved.

    ====== End Of File: ======


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh advfirewall reset =========

    Ok.


    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state on =========

    Ok.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 21:42:12 ====
     
  12. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    camsr2000,

    Thank you for the logs; I apologize for my late reply. The fixlist script run with FRST seems to have fixed most of the errors originally list in the first logs.

    Couple of things to note however:

    1) You can have someone try and uninstall anything left over on the list I asked you to uninstall manually. If there are problems and the utility asks if you want the name removed from the list (for example, if there is no uninstall program or the files / directory can no longer be found) then it is OK to let it do so.

    2) They need to check on the AntiVirus protection on that system. The Kaspersky Lab software is at least 2 years old and states that it is not up to date. If the subscription is expired, then the protection is not enabled and malware can infiltrate the system. It may be best to clean out Kaspersky and install something free like Avast Free AntiVirus or Microsoft Security Essentials.

    3) The laptop should be able to connect to the internet but someone has tried to change it to IPv6 priority; Yahoo was fine but Google was not. I would suggest they remove IPv6 from their system as it is not fully implemented everywhere just yet (that is, of course, as long as they don't have to have it for work or school).

    Let me know if I can be of any more help.
     
  13. camsr2000

    camsr2000 Thread Starter

    Joined:
    Jul 21, 2009
    Messages:
    185
    Thank you! I'll check with my daughter to see how its working! Thank you very much!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141430

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice