[texred]

Again, thank you!

[Advertisements]

Hello, I have a fix ready for you but have to wait for it to be cleared so expect to hear from me tomorrow.

In the meantime and for the rest of the clean don't run any other tools other than the ones I give you or download anything new

[Nutloaf]

Hello, I have a fix ready for you but have to wait for it to be cleared so expect to hear from me tomorrow.

In the meantime and for the rest of the clean don't run any other tools other than the ones I give you or download anything new

[Nutloaf]

Hi there Texred

I don't think much of STOPzilla and have recommended 2 programs that offer better protection. Install one of these only.

Let's blast some malware, it's not as bad as it looks but there is quite a bit to remove. Any problems then just ask

1. Uninstall

• Click Start then select Control Panel
• In control panel click Uninstall a Program or Programs and Features and uninstall the following:
• Perfect Uninstaller
• STOPzilla

2. OTL Fix

• Right click the OTL icon and select Run as Administrator.
• Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
  

  
  :OTL
  SRV - [2013/09/02 13:00:36 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
  DRV:64bit: - [2013/04/24 14:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
  IE:64bit: - HKLM\..\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
  IE:64bit: - HKLM\..\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
  IE - HKLM\..\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
  IE - HKLM\..\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
  IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
  IE - HKCU\..\SearchScopes,DefaultScope = {220117E9-BE54-4F78-93A1-0C5A24D78E20}
  IE - HKCU\..\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
  IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
  IE - HKCU\..\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}: "URL" = http://search.yahoo....p={searchTerms}
  IE - HKCU\..\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}: "URL" = http://websearch.ask...53-791FB6E0B4C2
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes,DefaultScope = {220117E9-BE54-4F78-93A1-0C5A24D78E20}
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}: "URL" = http://search.yahoo....p={searchTerms}
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}: "URL" = http://websearch.ask...53-791FB6E0B4C2
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes,DefaultScope = {220117E9-BE54-4F78-93A1-0C5A24D78E20}
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}: "URL" = http://search.yahoo....p={searchTerms}
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}: "URL" = http://websearch.ask...53-791FB6E0B4C2
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
  IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
  FF - prefs.js..extensions.enabledAddons: %7BE71B541F-5E72-5555-A47C-E47863195841%7D:1.0.33
  FF - prefs.js..extensions.enabledItems: [email protected]:1.9.0.26224
  FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
  FF - prefs.js..network.proxy.no_proxies_on: ""
  FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Ask.com"
  FF - prefs.js..browser.startup.homepage: "http://google/ig"
  FF - prefs.js..searchreset.backup.keyword.URL: "http://search.mywebs...wUQ&searchfor="
  FF - prefs.js..extensions.enabledItems: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
  FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\5.bin\NP64EISB.dll (TelevisionFanatic)
  [2013/08/31 16:25:20 | 000,000,000 | ---D | M] (Address Bar Search) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
  [2013/07/05 02:21:12 | 000,000,000 | ---D | M] ("SimilarSites") -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
  [2012/08/13 15:19:46 | 000,002,299 | ---- | M] () -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\askcom.xml
  [2013/08/03 22:07:33 | 000,000,904 | ---- | M] () -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\yahoo.xml
  
  O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
  O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
  O4 - HKCU..\Run: [] File not found
  O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [SkyDrive] "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background File not found
  O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\Run: [] File not found
  O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [] File not found
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64" File not found
  O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64" File not found
  O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64" File not found
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
  O33 - MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
  O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
  O37 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
  
  [2013/09/19 00:08:23 | 000,227,081 | ---- | C] () -- C:\Users\tania\Desktop\FIX WIN32 TROJAN.htm
  
  @Alternate Data Stream - 973 bytes -> C:\Users\tania\Documents\int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
  @Alternate Data Stream - 910 bytes -> C:\Users\tania\Documents\Re_ int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
  @Alternate Data Stream - 885 bytes -> C:\Users\tania\Documents\[Spokeo Support Center] Re_ Opt-out.eml:OECustomProperty
  @Alternate Data Stream - 572 bytes -> C:\Users\tania\Documents\Refund.eml:OECustomProperty
  @Alternate Data Stream - 11823 bytes -> C:\Users\tania\Documents\[videossomente] Teens Like It Big - Elaina Rae.eml:OECustomProperty
  @Alternate Data Stream - 1091 bytes -> C:\Users\tania\Documents\LinkedIn Network Updates, 6_27_2013.eml:OECustomProperty
  
  :FILES
  C:\Program Files (x86)\Application Updater
  C:\Program Files (x86)\Common Files\Spigot
  C:\Program Files (x86)\Hotspot Shield
  
  :COMMANDS
  [RESETHOSTS]
  [EMPTYTEMP]
  
  

• Then click Run Fix
• Click O.K if asked to Reboot.
• An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
• Copy and Paste the Fix Log in your next reply.

3. Run ADWcleaner

• Using this link Download ADWcleaner and save to Desktop.
• Right click ADWcleaner and Run as Administrator then select Scan
• When the search is complete click Report. Please post this report in your next reply.

4. INSTALL ANTIVIRUS

Install one of these programs and run a quick scan. Let me know if anything was found. Running 2 AV's can cause instabillity issues.

• IMPORTANT Use only one Antivirus. Running more than one causes conflicts and instabillity.
• Avast!
• Microsoft Security Essentials

Things I want to see in your next post.

• OTL.txt
• ADWcleaner results
• Did Avast or MSE find anything?

[Nutloaf]

Two additional strange things are happening since I first contacted you. One is my homepage (Protopage) will not STAY. When I click the home icon, it goes there, but then goes immediately to the last site/page I was on. The other thing is Stopzilla is now quarantining all kinds of Zipcloud files-been with the about 6 months, never had this problem. Thanks for your time

Have you run the OTL fix yet. If not then proceed with the fix and the ADWcleaner scan and post me those results.

Have you paid for STOPzilla?

Can you tell me what those files are. Do you know the files? To do this open STOPzilla and click Realtime Protection then select Quarantine. and let me know what is there or take a screenshot and attach it to your post.

To take a screenshot:

Click on the STOPzilla window and press these 2 keys together ALT + Prt Scrn - Now open Paint right click and select Paste Save this to your desktop and attach in your reply.

[texred]

Today Stopzilla reported an "Optional Conduit" file. I quarantined it.

VR32lhkus\s-1-5-21-485409517-1736587146-2298806430-1000\software\Conduit

Shall I proceed with your instructions?

Thanks guys & gals

[Nutloaf]

Yes indeed, we will start getting rid of Conduit in our clean

[texred]

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Service taphss6 stopped successfully!
Service taphss6 deleted successfully!
C:\Windows\SysNative\drivers\taphss6.sys moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75C2B350-05F2-40AF-8A81-832457E761D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75C2B350-05F2-40AF-8A81-832457E761D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8210686-6ADB-46B0-B312-807299324CC5}\ not found.
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8210686-6ADB-46B0-B312-807299324CC5}\ not found.
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8210686-6ADB-46B0-B312-807299324CC5}\ not found.
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin\ deleted successfully.
C:\Program Files (x86)\TelevisionFanaticEI\Installr\5.bin\NP64EISB.dll moved successfully.
Folder C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}\ not found.
Folder C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}\ not found.
File C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\askcom.xml not found.
File C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\yahoo.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SkyDrive deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64 deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acf95276-91f3-11e0-8467-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acf95276-91f3-11e0-8467-806e6f6e6963}\ not found.
File F:\WIN\setup.exe not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\tania\Desktop\FIX WIN32 TROJAN.htm moved successfully.
ADS C:\Users\tania\Documents\int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\Re_ int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\[Spokeo Support Center] Re_ Opt-out.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\Refund.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\[videossomente] Teens Like It Big - Elaina Rae.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\LinkedIn Network Updates, 6_27_2013.eml:OECustomProperty deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\SlickSavings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\GC folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
File\Folder C:\Program Files (x86)\Hotspot Shield not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: tania
->Temp folder emptied: 731867821 bytes
->Temporary Internet Files folder emptied: 226933265 bytes
->Java cache emptied: 16769875 bytes
->FireFox cache emptied: 152138950 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 43083 bytes

User: TEMP

User: TEMP.tania-PC

User: TEMP.tania-PC.000

User: TEMP.tania-PC.001

User: TEMP.tania-PC.002

User: TEMP.tania-PC.003

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 634783634 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33030 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 653336772 bytes

Total Files Cleaned = 2,304.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10052013_145819

Files\Folders moved on Reboot...
C:\Users\tania\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\tania\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\Cache\_CACHE_001_ moved successfully.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\Cache\_CACHE_002_ moved successfully.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\Cache\_CACHE_003_ moved successfully.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\_CACHE_CLEAN_ moved successfully.
File move failed. C:\Windows\temp\AdminHelper.lmlog scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Service taphss6 stopped successfully!
Service taphss6 deleted successfully!
C:\Windows\SysNative\drivers\taphss6.sys moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75C2B350-05F2-40AF-8A81-832457E761D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75C2B350-05F2-40AF-8A81-832457E761D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8210686-6ADB-46B0-B312-807299324CC5}\ not found.
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8210686-6ADB-46B0-B312-807299324CC5}\ not found.
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{220117E9-BE54-4F78-93A1-0C5A24D78E20}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD37D5D9-48D6-405F-963E-3143A886D19D}\ not found.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8210686-6ADB-46B0-B312-807299324CC5}\ not found.
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin\ deleted successfully.
C:\Program Files (x86)\TelevisionFanaticEI\Installr\5.bin\NP64EISB.dll moved successfully.
Folder C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}\ not found.
Folder C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}\ not found.
File C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\askcom.xml not found.
File C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\yahoo.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SkyDrive deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64 deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acf95276-91f3-11e0-8467-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acf95276-91f3-11e0-8467-806e6f6e6963}\ not found.
File F:\WIN\setup.exe not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\tania\Desktop\FIX WIN32 TROJAN.htm moved successfully.
ADS C:\Users\tania\Documents\int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\Re_ int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\[Spokeo Support Center] Re_ Opt-out.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\Refund.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\[videossomente] Teens Like It Big - Elaina Rae.eml:OECustomProperty deleted successfully.
ADS C:\Users\tania\Documents\LinkedIn Network Updates, 6_27_2013.eml:OECustomProperty deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\SlickSavings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\GC folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
File\Folder C:\Program Files (x86)\Hotspot Shield not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: tania
->Temp folder emptied: 731867821 bytes
->Temporary Internet Files folder emptied: 226933265 bytes
->Java cache emptied: 16769875 bytes
->FireFox cache emptied: 152138950 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 43083 bytes

User: TEMP

User: TEMP.tania-PC

User: TEMP.tania-PC.000

User: TEMP.tania-PC.001

User: TEMP.tania-PC.002

User: TEMP.tania-PC.003

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 634783634 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33030 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 653336772 bytes

Total Files Cleaned = 2,304.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10052013_145819

Files\Folders moved on Reboot...
C:\Users\tania\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\tania\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\Cache\_CACHE_001_ moved successfully.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\Cache\_CACHE_002_ moved successfully.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\Cache\_CACHE_003_ moved successfully.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\tania\AppData\Local\Mozilla\Firefox\Profiles\j5oh9g3x.default\_CACHE_CLEAN_ moved successfully.
File move failed. C:\Windows\temp\AdminHelper.lmlog scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Nutloaf]

Thanks Texred I need the ADWCleaner log as well.

To find this click Start - Computer - Double click Local Disk (C:) - Double Click the ADWCleaner folder and the log is there called AdwCleaner[R0] Post that and the next step is mine, sit back and don't do anything

Are you keeping STOPzilla?

[texred]

# AdwCleaner v3.006 - Report created 05/10/2013 at 15:17:53
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : tania - TANIA-PC
# Running from : C:\Users\tania\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\tania\AppData\Roaming\Mozilla\Firefox\Profiles\j5oh9g3x.default\user.js
Folder Found C:\Program Files (x86)\TelevisionFanaticEI
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\ProgramData\WeCareReminder
Folder Found C:\Users\tania\AppData\Local\PackageAware
Folder Found C:\Users\tania\AppData\Local\Smartbar
Folder Found C:\Users\tania\AppData\LocalLow\Search Settings
Folder Found C:\Users\tania\AppData\LocalLow\TelevisionFanaticEI
Folder Found C:\Users\tania\AppData\Roaming\DriverCure
Folder Found C:\Users\tania\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Search Settings
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\Search Settings
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\tania\AppData\Roaming\Mozilla\Firefox\Profiles\j5oh9g3x.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=FF90D639-3DA2-4418-9CAB-25E6F0DEA26D&n=77ecff24&ind=2012020516&id=XPxdm002YYus&ptnrS=X[...]
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=FF90D639-3DA2-4418-9CAB-25E6F0DEA26D&n=77ecff24&ptnrS=XPxdm002YYus&si=CKWc44Pwh64CFcIDtgodUn[...]
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012020516");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm002YYus");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CKWc44Pwh64CFcIDtgodUnmwUQ");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "FF90D639-3DA2-4418-9CAB-25E6F0DEA26D");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1339352644973");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://www.ebay.com/?clk_rvr_id=331126120585\",\"favIcon\":\"hxxp://www.ebay.com/favicon.ico\",\"title\":\"E[...]
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "hxxp://www.google.com/ig||gmail sign in||sns litigation||litigation for sns procedures||where is my taskbar");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.weather.isFahrenheit", "true");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "Alpine, TX");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("searchreset.backup.browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("searchreset.backup.keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=FF90D639-3DA2-4418-9CAB-25E6F0DEA26D&n=77ecff24&ind=2012020516&id=XPxdm002YYus&ptnrS=XPxd[...]

*************************

AdwCleaner[R0].txt - [6685 octets] - [05/10/2013 15:17:53]


NO MORE STOPZILLA. Is Avast or MS better? Don't I need an antimalware program also, or is that old b.s.? Also, if you're willing, I would like to really, really, extremely delete a set of files.


Sorry but I couldn't figure out how to paste these images of Stopzilla, so they are attached. You have been SO helpful and SOOO patient-thank you.

Attached Thumbnails

• 
• 

[Nutloaf]

I would like to really, really, extremely delete a set of files.

Which ones, let me at them.



O.K 3 easy pops things to do.

1. We need to run ADWcleaner again to delete what was found. The instuctions are slightly different this time.

2. Get rid of Zipcloud and STOPzilla Unless you have paid for STOPzilla, if so leave installed and do not install Avast

3. Install Avast.



1. Run ADWcleaner

• Right click ADWcleaner and Run as Administrator then select Scan
• Once the scan is complete click Clean
• A reboot will be asked for click O.K
• On reboot a log will be produced, please post in your next reply.
• Any problems then log will also be located here : C:\ADWcleaner\AdwCleaner[S0].txt to get to this location:
• Click Start - Computer - Double click Local Disk (C:) - Double Click the ADWCleaner folder and the log is there called AdwCleaner[S0]

2. Uninstall

• Click Start then select Control Panel
• In control panel click Uninstall a Program or Programs and Features and uninstall the following:
• ZipCloud - If Present, this may be have been removed.
• STOPzilla This may require a reboot to completely uninstall.

3. INSTALL ANTIVIRUS

Install this program if STOPzilla is uninstalled and run a quick scan. Let me know if anything was found.

• IMPORTANT Use only one Antivirus. Running more than one causes conflicts and instabillity.
• When you click this link the download will automatically start This link for Avast!

Things I want to see in your next post.

• adwCleaner[S0].txt
• Did Avast find anything?
• How are the browsers acting now?

[texred]

# AdwCleaner v3.006 - Report created 06/10/2013 at 16:54:32
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : tania - TANIA-PC
# Running from : C:\Users\tania\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI
Folder Deleted : C:\Users\tania\AppData\Local\PackageAware
Folder Deleted : C:\Users\tania\AppData\Local\Smartbar
Folder Deleted : C:\Users\tania\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\tania\AppData\LocalLow\TelevisionFanaticEI
Folder Deleted : C:\Users\tania\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\tania\AppData\Roaming\ParetoLogic
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\tania\AppData\Roaming\Mozilla\Firefox\Profiles\j5oh9g3x.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Search Settings

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\tania\AppData\Roaming\Mozilla\Firefox\Profiles\j5oh9g3x.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=FF90D639-3DA2-4418-9CAB-25E6F0DEA26D&n=77ecff24&ind=2012020516&id=XPxdm002YYus&ptnrS=X[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=FF90D639-3DA2-4418-9CAB-25E6F0DEA26D&n=77ecff24&ptnrS=XPxdm002YYus&si=CKWc44Pwh64CFcIDtgodUn[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012020516");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm002YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CKWc44Pwh64CFcIDtgodUnmwUQ");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "FF90D639-3DA2-4418-9CAB-25E6F0DEA26D");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1339352644973");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://www.ebay.com/?clk_rvr_id=331126120585\",\"favIcon\":\"hxxp://www.ebay.com/favicon.ico\",\"title\":\"E[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "hxxp://www.google.com/ig||gmail sign in||sns litigation||litigation for sns procedures||where is my taskbar");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.isFahrenheit", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "Alpine, TX");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=FF90D639-3DA2-4418-9CAB-25E6F0DEA26D&n=77ecff24&ind=2012020516&id=XPxdm002YYus&ptnrS=XPxd[...]

*************************

AdwCleaner[R0].txt - [6853 octets] - [05/10/2013 15:17:53]
AdwCleaner[R1].txt - [6913 octets] - [06/10/2013 16:52:42]
AdwCleaner[S0].txt - [6674 octets] - [06/10/2013 16:54:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6734 octets] ##########

[Nutloaf]

Great, how did that go any problems?

Did you install Avast and did the scan reveal anything?

How are your Browsers behaving?

[texred]

Uninstalled Stopzilla and Zipcloud. Was paying for both, but I don't care. Avast only said no viruses (did I do that right)- it wasn't very technical. Browsers be a bit funny, you know? I go to my home page (protopage), and it flips back to previous screen shown. It didn't always do that since I switched to protopage - there were no problems.But it seems like things have been installing themselves (I swear somebody else is using this computer no matter how much sh*t I throw up. YTD, Fanatic, Slimware, and always some other little bs. YTD I KNOW I've deleted (with Revo) four times. And since we've been working on this ALL my bookmarks are gone. I don't know about you, but those were for work and very important to my research. Communication with the printer is a little hinky. This last time I pulled up Protopage {remember I have all my adblock and such disabled} there was a huge sign that said "DownloadBrowserSafeguard" like it was supposed to be there. Of course I didn't, but it pisses me off. So THAT'S what's been goin on. I've got a couple questions: do a need an antimalware program to go with AVAST, or is that a vicious urban legend? Should I keep up windows defense? And I put AVAST on my phone, while I was at it. How's that been workin?

thanks, nuts

[Nutloaf]

Hi there Texred. I understand how frustrating this is for you but we need you to keep the language clean as we have young members too

O.K Protopage will deliver ads. You have to pay for these ads to be removed. That to me says it all. I use Google as my homepage and I navigate to where I want to go from there.

I will discuss Avast and other protection in a later post

Let's see what is going on. Follow in the order given:

1. Bookmarks

• Click the Display Your Bookmarks button a black envelope with a star on the top right side of the navigation toolbar and select Show All Bookmarks
• In the window that opens click the Import and Backup button and then select Restore. Choose a date before the diappearence.

2. Shortcut Cleaner

• Using this link download and save to Desktop - Shortcut Cleaner
• Right-click Shortcut Cleaner and select Run as Administrator.
• When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.
• Please post in your next reply.

3. OTL Custom Scan

• Right click the OTL icon and select Run as Administrator.
• Select the following boxes:
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name WhiteList
• LOP Check
• Copy and paste the following into the Custom Scans\Fixes box without the word Quote.
  

  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  

• Now Click Run Scan
• OTL will now scan your computer and produce a log file OTL.txt
• Please post in your next reply

Things I want to see in your next post.

• sc-cleaner.txt
• OTL.txt

[texred]

Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingc...ortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 10/08/2013 05:35:57 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\tania\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\tania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\tania\Desktop


0 bad shortcuts found.

Program finished at: 10/08/2013 05:36:10 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
OTL logfile created on: 10/8/2013 5:52:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tania\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.92% Memory free
7.93 Gb Paging File | 6.04 Gb Available in Paging File | 76.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.07 Gb Total Space | 138.72 Gb Free Space | 63.04% Space Free | Partition Type: NTFS
Drive D: | 12.62 Gb Total Space | 2.11 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/05 14:23:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tania\Downloads\OTL(2).exe
PRC - [2013/10/03 13:11:05 | 009,346,680 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
PRC - [2013/10/02 16:58:51 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/30 02:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/16 09:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/03 13:11:05 | 009,346,680 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
MOD - [2013/10/02 16:58:50 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/10/01 11:22:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/18 11:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 11:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 11:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 11:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 11:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 11:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 11:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 11:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 11:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 11:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 11:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 11:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 11:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 11:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 11:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 11:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/02 16:58:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 11:22:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/09 19:26:22 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/08/30 02:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 02:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 02:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 02:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 02:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 02:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 02:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 02:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/10/24 19:31:18 | 003,802,112 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/09/18 04:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:23:06 | 000,025,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WFPFilter.sys -- (SCWFPFilter)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNOBEX.sys -- (PSMNOBEX)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNVSP.sys -- (PSMNVSP)
DRV:64bit: - [2011/10/07 02:35:30 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNMDM.sys -- (PSMNMDM)
DRV:64bit: - [2011/10/07 02:35:30 | 000,102,784 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNBUS.sys -- (PSMNBUS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/21 18:07:33 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 17:51:29 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2010/06/21 17:51:01 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 16:55:54 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpGmb001.sys -- (HpGmb001)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes,DefaultScope = {C22BB58A-9D6B-4917-B58E-43D08AD450CB}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{C22BB58A-9D6B-4917-B58E-43D08AD450CB}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Startpage HTTPS"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.protopage...om/siempresola"
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: omnibar%40ajitk.com:0.7.19.20130418
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: easyscreenshot%40mozillaonline.com:0.3.2.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.0.26224
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "http://google/ig"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/06 18:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 11:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 11:22:15 | 000,000,000 | ---D | M]

[2010/07/25 14:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Extensions
[2013/10/05 12:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions
[2013/09/27 13:24:20 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013/09/26 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\sa3frivy.default-1380226944373\extensions
[2013/09/28 19:33:35 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/10/05 12:31:01 | 000,059,516 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/27 13:24:18 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/27 13:22:10 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/28 19:30:44 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/27 13:24:18 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/09/28 19:31:39 | 000,700,980 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/09/26 16:50:30 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/09/26 16:44:58 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 11:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 11:22:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/06 18:02:16 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2013/10/05 15:24:58 | 000,000,138 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31A9FD8-AC1A-4B36-BDF2-638DA9579CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/06 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/10/06 18:02:41 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/06 18:02:41 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/06 18:02:37 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/06 18:02:35 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/06 18:02:34 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/06 18:02:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/06 18:01:58 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/05 15:09:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/05 14:58:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/01 16:08:49 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\erunt(2)
[2013/10/01 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\erunt
[2013/10/01 11:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/29 17:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/29 17:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/29 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/26 15:22:31 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\Old Firefox Data
[2013/09/20 11:57:07 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\riverinsurance
[2013/09/20 11:56:26 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\River
[2013/09/17 14:02:53 | 000,000,000 | ---D | C] -- C:\ae16f029416365a3a54a680c64d680
[2009/04/02 23:53:18 | 001,611,776 | ---- | C] (Alex Feinman) -- C:\Program Files\ISORecorder.dll
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/08 17:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/08 13:50:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 13:50:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 13:42:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/08 13:41:46 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 13:53:15 | 000,778,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/07 13:53:15 | 000,660,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/07 13:53:15 | 000,121,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/06 21:14:03 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortania.job
[2013/10/06 18:02:42 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/06 18:02:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/06 17:02:02 | 000,000,728 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/10/06 16:41:54 | 000,001,920 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2013/10/06 15:53:19 | 005,812,905 | ---- | M] () -- C:\Users\tania\Desktop\New_Seller_Guide(1).pdf
[2013/10/05 21:44:59 | 000,056,420 | ---- | M] () -- C:\Users\tania\Desktop\snp.PNG
[2013/10/05 18:36:49 | 000,001,399 | ---- | M] () -- C:\Users\tania\Desktop\OTL(2) - Shortcut.lnk
[2013/10/05 18:36:49 | 000,001,399 | ---- | M] () -- C:\Users\tania\Desktop\OTL(1) - Shortcut.lnk
[2013/10/05 15:24:58 | 000,000,138 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/05 14:59:02 | 000,022,215 | ---- | M] () -- C:\Users\tania\Documents\int intelius cm Has Not Responded_ Next Step___.eml
[2013/10/05 14:59:01 | 000,027,913 | ---- | M] () -- C:\Users\tania\Documents\Re_ int intelius cm Has Not Responded_ Next Step___.eml
[2013/10/05 14:58:59 | 000,015,405 | ---- | M] () -- C:\Users\tania\Documents\[Spokeo Support Center] Re_ Opt-out.eml
[2013/10/05 14:58:58 | 000,036,500 | ---- | M] () -- C:\Users\tania\Documents\LinkedIn Network Updates, 6_27_2013.eml
[2013/10/05 14:58:56 | 000,030,983 | ---- | M] () -- C:\Users\tania\Documents\[videossomente] Teens Like It Big - Elaina Rae.eml
[2013/10/05 14:58:55 | 000,066,649 | ---- | M] () -- C:\Users\tania\Documents\Refund.eml
[2013/10/05 13:25:20 | 000,115,765 | ---- | M] () -- C:\Users\tania\Desktop\Capture2.PNG
[2013/10/05 13:24:25 | 000,243,336 | ---- | M] () -- C:\Users\tania\Desktop\Capture1.PNG
[2013/10/05 13:00:49 | 001,045,269 | ---- | M] () -- C:\Users\tania\Desktop\Firefox_Screenshot_2013-10-05T18-00-24.896Z.png
[2013/10/01 17:18:16 | 000,000,512 | ---- | M] () -- C:\Users\tania\Desktop\MBR.dat
[2013/10/01 16:14:03 | 000,004,659 | ---- | M] () -- C:\Users\tania\Desktop\erunt(2).search-ms
[2013/10/01 15:48:22 | 000,002,044 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/10/01 10:19:27 | 421,693,688 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/29 17:54:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/29 14:12:23 | 000,001,130 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/09/29 14:12:23 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013/09/21 21:19:15 | 000,437,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/20 11:46:16 | 000,013,571 | ---- | M] () -- C:\Users\tania\Desktop\Fred Keller letter.odt
[2013/09/20 11:46:16 | 000,010,094 | ---- | M] () -- C:\Users\tania\Desktop\Shuttle Driver Statements.odt
[2013/09/19 15:06:13 | 000,100,320 | ---- | M] () -- C:\Users\tania\Desktop\ORDER RECOVERY DISC.htm
[2013/09/18 23:51:08 | 000,026,383 | ---- | M] () -- C:\Users\tania\Documents\Alpine's Missing $30M 2013.htm
[2013/09/17 20:51:48 | 000,127,092 | ---- | M] () -- C:\Users\tania\Documents\Cirrhosis Death.htm
[2013/09/14 16:26:30 | 000,170,704 | ---- | M] () -- C:\Users\tania\Desktop\Foye's Principles of Medicinal Chemistry -Spiriva & Glaucoma.htm
[2013/09/11 15:05:06 | 000,108,470 | ---- | M] () -- C:\Users\tania\Desktop\NIKON MANUAL.htm
[2013/09/09 19:26:22 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/09/08 18:15:55 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/09/08 17:59:09 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/06 18:02:42 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/06 18:02:32 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/06 18:02:30 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/06 16:59:17 | 000,000,728 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/10/06 15:53:19 | 005,812,905 | ---- | C] () -- C:\Users\tania\Desktop\New_Seller_Guide(1).pdf
[2013/10/05 21:44:59 | 000,056,420 | ---- | C] () -- C:\Users\tania\Desktop\snp.PNG
[2013/10/05 14:26:21 | 000,001,399 | ---- | C] () -- C:\Users\tania\Desktop\OTL(1) - Shortcut.lnk
[2013/10/05 14:26:06 | 000,001,399 | ---- | C] () -- C:\Users\tania\Desktop\OTL(2) - Shortcut.lnk
[2013/10/05 13:25:20 | 000,115,765 | ---- | C] () -- C:\Users\tania\Desktop\Capture2.PNG
[2013/10/05 13:24:25 | 000,243,336 | ---- | C] () -- C:\Users\tania\Desktop\Capture1.PNG
[2013/10/05 13:00:45 | 001,045,269 | ---- | C] () -- C:\Users\tania\Desktop\Firefox_Screenshot_2013-10-05T18-00-24.896Z.png
[2013/10/01 17:18:16 | 000,000,512 | ---- | C] () -- C:\Users\tania\Desktop\MBR.dat
[2013/10/01 16:14:02 | 000,004,659 | ---- | C] () -- C:\Users\tania\Desktop\erunt(2).search-ms
[2013/09/29 17:54:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/20 11:46:16 | 000,013,571 | ---- | C] () -- C:\Users\tania\Desktop\Fred Keller letter.odt
[2013/09/20 11:46:16 | 000,010,094 | ---- | C] () -- C:\Users\tania\Desktop\Shuttle Driver Statements.odt
[2013/09/19 15:06:10 | 000,100,320 | ---- | C] () -- C:\Users\tania\Desktop\ORDER RECOVERY DISC.htm
[2013/09/18 23:51:01 | 000,026,383 | ---- | C] () -- C:\Users\tania\Documents\Alpine's Missing $30M 2013.htm
[2013/09/17 20:51:45 | 000,127,092 | ---- | C] () -- C:\Users\tania\Documents\Cirrhosis Death.htm
[2013/09/14 16:26:27 | 000,170,704 | ---- | C] () -- C:\Users\tania\Desktop\Foye's Principles of Medicinal Chemistry -Spiriva & Glaucoma.htm
[2013/09/11 15:05:04 | 000,108,470 | ---- | C] () -- C:\Users\tania\Desktop\NIKON MANUAL.htm
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Home
[2013/08/10 12:27:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2013/08/10 12:27:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Horn Section
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Helper Scripts
[2013/08/10 12:21:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/08/10 12:21:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Icons
[2013/07/09 08:03:25 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/07/08 12:20:01 | 000,000,150 | ---- | C] () -- C:\Users\tania\AppData\Roaming\wklnhst.dat
[2013/07/01 07:54:50 | 000,007,604 | ---- | C] () -- C:\Users\tania\AppData\Local\Resmon.ResmonCfg
[2013/06/26 02:49:50 | 000,003,696 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/25 17:43:19 | 000,000,632 | RHS- | C] () -- C:\Users\tania\ntuser.pol
[2013/05/02 20:27:05 | 000,231,115 | ---- | C] () -- C:\Windows\hpwins23.dat
[2013/04/23 20:52:50 | 000,880,894 | ---- | C] () -- C:\Users\tania\AppData\Local\census.cache
[2013/04/23 20:52:08 | 000,127,111 | ---- | C] () -- C:\Users\tania\AppData\Local\ars.cache
[2013/04/23 20:39:43 | 000,000,036 | ---- | C] () -- C:\Users\tania\AppData\Local\housecall.guid.cache
[2013/03/09 19:03:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/15 09:41:05 | 000,773,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/23 23:29:07 | 000,000,000 | ---- | C] () -- C:\Users\tania\AppData\Local\{97C5227C-4219-42D8-9662-028AA51A8853}
[2011/02/11 15:34:34 | 000,001,854 | ---- | C] () -- C:\Users\tania\AppData\Roaming\GhostObjGAFix.xml
[2010/11/17 23:25:57 | 000,004,096 | -H-- | C] () -- C:\Users\tania\AppData\Local\keyfile3.drm
[2009/03/13 00:16:34 | 000,008,926 | ---- | C] () -- C:\Program Files\Resource.h
[2009/01/24 18:59:36 | 000,038,400 | ---- | C] () -- C:\Program Files\ShellExec.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Allmyapps
[2012/03/05 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Audacity
[2013/04/07 19:38:47 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/15 05:27:01 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Scanner Images
[2013/07/17 12:58:45 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Software
[2013/07/09 06:53:52 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Free PDF to Word Converter
[2013/08/20 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\GetRightToGo
[2012/11/12 03:20:39 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Leadertech
[2013/07/01 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\libimobiledevice
[2013/08/18 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\MyMorph
[2013/09/08 17:59:07 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Nikon
[2013/03/24 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\oCam
[2013/04/13 07:31:26 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Pantech
[2013/03/19 05:27:40 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PC Suite
[2013/10/01 10:18:13 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PCHC
[2012/03/05 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Product_RM
[2013/07/13 01:00:14 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TachoPlus-FreeDriver
[2013/07/13 01:10:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TeamViewer
[2013/07/08 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Template
[2013/06/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TuneUp Software
[2013/05/11 12:54:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\WinBatch
[2013/06/11 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Windows Live Writer
[2013/07/06 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Wondershare

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/10/01 11:22:20 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/10/01 11:22:20 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/10/01 11:22:20 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/08/10 01:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/08/10 01:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/07/20 03:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/07/20 03:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/07/20 03:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/07/20 03:48:16 | 002,388,376 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/10/01 11:22:20 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/10/01 11:22:20 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/10/01 11:22:20 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/08/10 00:22:38 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/08/10 00:22:38 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/08/10 00:22:38 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/08/10 01:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/08/10 01:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/07/20 03:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/07/20 03:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/07/20 03:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/07/20 03:48:16 | 002,388,376 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 973 bytes -> C:\Users\tania\Documents\int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
@Alternate Data Stream - 910 bytes -> C:\Users\tania\Documents\Re_ int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
@Alternate Data Stream - 885 bytes -> C:\Users\tania\Documents\[Spokeo Support Center] Re_ Opt-out.eml:OECustomProperty
@Alternate Data Stream - 572 bytes -> C:\Users\tania\Documents\Refund.eml:OECustomProperty
@Alternate Data Stream - 11823 bytes -> C:\Users\tania\Documents\[videossomente] Teens Like It Big - Elaina Rae.eml:OECustomProperty
@Alternate Data Stream - 1091 bytes -> C:\Users\tania\Documents\LinkedIn Network Updates, 6_27_2013.eml:OECustomProperty

< End of report >