Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Win32.Mal.gen!b3 [Closed]


  • This topic is locked This topic is locked

#61
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
The Shield Control should be as in the images below on the right hand side of the Taskbar. There are 2 locations, on the Tasbar or in the extended box. See below for locations.





  • If not present Click Start then All Programs click the Avast folder and click the Orange Avast icon.
  • Click the Antivirus Tab on the left. Click on each of the shield items in turn and select Stop then Stop until restart of computer



Hopefully you will find the Orange Avast Shield in Taskbar. :thumbsup:
  • 0

Advertisements


#62
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
C:\$Recycle.Bin\S-1-5-21-485409517-1736587146-2298806430-1000\$R5APRBQ\ISI_June_2013_Teen_Flash_Up_to_Him_728x90_LEARN_MORE.zip Win32/AdInstaller application
C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application
C:\Users\tania\Downloads\cnet_downloadcomsp_StubInstaller_exe.exe a variant of Win32/InstallCore.D application
C:\Users\tania\Downloads\TelevisionFanatic.exe Win32/AdInstaller application
C:\Users\tania\Downloads\TelevisionFanatic.zip Win32/AdInstaller application
C:\_OTL\MovedFiles\10052013_145819\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\10052013_145819\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe a variant of Win64/Toolbar.Widgi.A application
C:\_OTL\MovedFiles\10052013_145819\C_Program Files (x86)\TelevisionFanaticEI\Installr\5.bin\NP64EISb.dll Win32/Toolbar.MyWebSearch application

Well, NOTHING went the way it was 'supposed to'-everything took the long way, and a chief complaint of slow computer helped that situation out.
I'm pretty sure I got what you need, and it looks like more work to me (for bofus)! Shoulda gone back to bed (me). Why do people do these things to innocent people? I can understand other targets (GASP-dangerous word), but poor pitiful illiterate girls?? What the...
Love you as always,
Ta
  • 0

#63
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Texred, great job and the battle with your PC is almost at an end and we are winning :)


We need to delete what ESET found and get a (hopefully) last scan to make sure all is well.


1. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.


    :FILES
    C:\Program Files\Perfect Uninstaller
    C:\Users\tania\Downloads\cnet_downloadcomsp_StubInstaller_exe.exe
    C:\Users\tania\Downloads\TelevisionFanatic.exe
    C:\Users\tania\Downloads\TelevisionFanatic.zip

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


2. ENSURE AUTOMATIC UPDATES ARE ENABLED

All security updates released by Microsoft must be Automatically Installed.

  • Click Start and in the search box type windows update and press ENTER.
  • Click Change Settings and make sure the Install updates automatically (recommended) option is selected, if not select it and click O.K to save settings.


3. Do You Need Java? Please read:

  • Java is one of the most exploited software at this time and the majority of home users can do without it. Installing the latest updates is also important
  • The easiest way to find out if Java is needed is to disable Java in your web browser. (see link below)
  • If a trusted program or webpage asks for Java then enable it, otherwise Uninstall completely using JavaRa

    Update or Remove Java

  • Use this link to download JavaRa
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • Follow the next steps only if you want to keep Java install the latest version
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa


4. OTL Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply


Things I want to see in your next post.

  • OTL fix.txt
  • OTL.txt
  • How is the computer now?

  • 0

#64
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
All processes killed
========== FILES ==========
C:\Program Files\Perfect Uninstaller folder moved successfully.
C:\Users\tania\Downloads\cnet_downloadcomsp_StubInstaller_exe.exe moved successfully.
C:\Users\tania\Downloads\TelevisionFanatic.exe moved successfully.
C:\Users\tania\Downloads\TelevisionFanatic.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: tania
->Temp folder emptied: 35822354 bytes
->Temporary Internet Files folder emptied: 1888158 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 387078081 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 6597 bytes

User: TEMP

User: TEMP.tania-PC

User: TEMP.tania-PC.000

User: TEMP.tania-PC.001

User: TEMP.tania-PC.002

User: TEMP.tania-PC.003

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3223098 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 408.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10202013_164056

Files\Folders moved on Reboot...
C:\Users\tania\AppData\Local\Temp\is-HG9TV.tmp\ConvertToPDFShellExtension_x64.dll moved successfully.
C:\Users\tania\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\tania\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\AdminHelper.lmlog scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#65
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Awesome! don't forget the OTL.txt scan results :thumbsup:
  • 0

#66
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL logfile created on: 10/21/2013 2:18:14 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tania\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 59.32% Memory free
7.93 Gb Paging File | 6.14 Gb Available in Paging File | 77.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.07 Gb Total Space | 139.85 Gb Free Space | 63.55% Space Free | Partition Type: NTFS
Drive D: | 12.62 Gb Total Space | 2.11 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/08 22:56:38 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/05 14:23:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tania\Downloads\OTL(2).exe
PRC - [2013/10/03 13:11:05 | 009,346,680 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
PRC - [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/15 14:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/08/30 02:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/16 09:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/08 22:56:38 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/03 13:11:05 | 009,346,680 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
MOD - [2013/10/01 11:22:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/12/18 11:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 11:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 11:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 11:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 11:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 11:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 11:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 11:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 11:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 11:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 11:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 11:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 11:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 11:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 11:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 11:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/08 22:56:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 11:22:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 02:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 02:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 02:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 02:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 02:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 02:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 02:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 02:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/30 03:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/10/24 19:31:18 | 003,802,112 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/09/18 04:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:23:06 | 000,025,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WFPFilter.sys -- (SCWFPFilter)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNOBEX.sys -- (PSMNOBEX)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNVSP.sys -- (PSMNVSP)
DRV:64bit: - [2011/10/07 02:35:30 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNMDM.sys -- (PSMNMDM)
DRV:64bit: - [2011/10/07 02:35:30 | 000,102,784 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNBUS.sys -- (PSMNBUS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/21 18:07:33 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 17:51:29 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2010/06/21 17:51:01 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 16:55:54 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpGmb001.sys -- (HpGmb001)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.protopage...om/siempresola"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/06 18:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/11 17:21:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/11 17:21:23 | 000,000,000 | ---D | M]

[2010/07/25 14:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Extensions
[2013/09/26 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\sa3frivy.default-1380226944373\extensions
[2013/10/16 12:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\v0hyiogd.default-1381944022020\extensions
[2013/09/26 16:50:30 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/09/26 16:44:58 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 11:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 11:22:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/10/15 16:23:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31A9FD8-AC1A-4B36-BDF2-638DA9579CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/20 17:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/20 17:02:33 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\JavaRa
[2013/10/20 13:13:33 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Google Hangouts for iOS dials up free voice calls for US, Canada _ Mobile - CNET News_files
[2013/10/20 13:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/10/20 13:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013/10/19 14:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/10/18 21:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/16 12:20:28 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\Old Firefox Data
[2013/10/15 16:51:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/15 16:41:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/14 12:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/14 12:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/13 15:23:52 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\GEEKS
[2013/10/13 15:18:09 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\ATT
[2013/10/06 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/10/06 18:02:41 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/06 18:02:41 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/06 18:02:37 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/06 18:02:35 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/06 18:02:34 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/06 18:02:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/06 18:01:58 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/06 18:01:56 | 000,040,616 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2013/10/05 14:58:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/01 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\erunt
[2013/10/01 11:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/29 17:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/29 17:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/29 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/04/02 23:53:18 | 001,611,776 | ---- | C] (Alex Feinman) -- C:\Program Files\ISORecorder.dll
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/21 13:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/21 12:48:36 | 000,118,575 | ---- | M] () -- C:\Users\tania\Documents\TedBizCard.jpg
[2013/10/21 12:43:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 12:43:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 12:35:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/21 12:35:35 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/20 18:55:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortania.job
[2013/10/20 13:13:37 | 000,307,722 | ---- | M] () -- C:\Users\tania\Documents\Google Hangouts for iOS dials up free voice calls for US, Canada _ Mobile - CNET News.htm
[2013/10/20 13:09:32 | 000,002,074 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/10/20 13:09:32 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/10/20 12:52:13 | 000,002,075 | ---- | M] () -- C:\Users\tania\Desktop\avast! Free Antivirus.lnk
[2013/10/18 21:01:20 | 000,001,133 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/10/18 21:01:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/17 20:52:13 | 000,039,937 | ---- | M] () -- C:\Users\tania\Documents\ga.js
[2013/10/16 12:29:07 | 000,778,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/16 12:29:07 | 000,660,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/16 12:29:07 | 000,121,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/16 12:20:34 | 000,002,044 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/10/15 16:23:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/11 21:03:06 | 000,015,904 | ---- | M] () -- C:\Users\tania\Documents\AMTRAK.pdf
[2013/10/11 20:57:10 | 000,437,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/11 20:41:07 | 000,773,952 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/06 18:02:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/06 17:02:02 | 000,000,728 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/10/06 16:41:54 | 000,001,920 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2013/10/05 21:44:59 | 000,056,420 | ---- | M] () -- C:\Users\tania\Desktop\snp.PNG
[2013/10/01 10:19:27 | 421,693,688 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/29 17:54:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/29 14:12:23 | 000,001,130 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/21 12:48:36 | 000,118,575 | ---- | C] () -- C:\Users\tania\Documents\TedBizCard.jpg
[2013/10/20 13:13:33 | 000,307,722 | ---- | C] () -- C:\Users\tania\Documents\Google Hangouts for iOS dials up free voice calls for US, Canada _ Mobile - CNET News.htm
[2013/10/20 13:09:32 | 000,002,074 | ---- | C] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/10/20 13:09:32 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/10/20 13:09:31 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/10/18 21:18:00 | 000,002,075 | ---- | C] () -- C:\Users\tania\Desktop\avast! Free Antivirus.lnk
[2013/10/18 21:01:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/18 11:29:22 | 000,039,937 | ---- | C] () -- C:\Users\tania\Documents\ga.js
[2013/10/11 21:03:06 | 000,015,904 | ---- | C] () -- C:\Users\tania\Documents\AMTRAK.pdf
[2013/10/06 18:02:32 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/06 18:02:30 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/06 16:59:17 | 000,000,728 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/10/05 21:44:59 | 000,056,420 | ---- | C] () -- C:\Users\tania\Desktop\snp.PNG
[2013/09/29 17:54:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Home
[2013/08/10 12:27:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2013/08/10 12:27:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Horn Section
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Helper Scripts
[2013/08/10 12:21:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/08/10 12:21:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Icons
[2013/07/08 12:20:01 | 000,000,150 | ---- | C] () -- C:\Users\tania\AppData\Roaming\wklnhst.dat
[2013/07/01 07:54:50 | 000,007,604 | ---- | C] () -- C:\Users\tania\AppData\Local\Resmon.ResmonCfg
[2013/06/26 02:49:50 | 000,003,696 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/25 17:43:19 | 000,000,632 | RHS- | C] () -- C:\Users\tania\ntuser.pol
[2013/05/02 20:27:05 | 000,231,115 | ---- | C] () -- C:\Windows\hpwins23.dat
[2013/03/09 19:03:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/15 09:41:05 | 000,773,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/23 23:29:07 | 000,000,000 | ---- | C] () -- C:\Users\tania\AppData\Local\{97C5227C-4219-42D8-9662-028AA51A8853}
[2011/02/11 15:34:34 | 000,001,854 | ---- | C] () -- C:\Users\tania\AppData\Roaming\GhostObjGAFix.xml
[2010/11/17 23:25:57 | 000,004,096 | -H-- | C] () -- C:\Users\tania\AppData\Local\keyfile3.drm
[2009/03/13 00:16:34 | 000,008,926 | ---- | C] () -- C:\Program Files\Resource.h
[2009/01/24 18:59:36 | 000,038,400 | ---- | C] () -- C:\Program Files\ShellExec.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Allmyapps
[2012/03/05 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Audacity
[2013/04/07 19:38:47 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/15 05:27:01 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Scanner Images
[2013/07/17 12:58:45 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Software
[2013/07/09 06:53:52 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Free PDF to Word Converter
[2013/08/20 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\GetRightToGo
[2012/11/12 03:20:39 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Leadertech
[2013/07/01 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\libimobiledevice
[2013/08/18 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\MyMorph
[2013/09/08 17:59:07 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Nikon
[2013/03/24 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\oCam
[2013/04/13 07:31:26 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Pantech
[2013/03/19 05:27:40 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PC Suite
[2013/10/17 19:32:23 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PCHC
[2012/03/05 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Product_RM
[2013/07/13 01:00:14 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TachoPlus-FreeDriver
[2013/07/13 01:10:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TeamViewer
[2013/07/08 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Template
[2013/05/11 12:54:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\WinBatch
[2013/06/11 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Windows Live Writer

< End of report >

Why won't anything run w/out Java?
Why do I have drivers I never asked for?
Why is every image I ever saw saved (1500 of them)?
:surrender:
  • 0

#67
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
I need more info from you.

What programs require Java to run?

What Drivers and where are they from?

What images or where from a website or are Google images also being saved?
  • 0

#68
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I know what YOU want. . .

OTL logfile created on: 10/21/2013 4:34:30 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tania\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.31% Memory free
7.93 Gb Paging File | 6.00 Gb Available in Paging File | 75.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.07 Gb Total Space | 139.15 Gb Free Space | 63.23% Space Free | Partition Type: NTFS
Drive D: | 12.62 Gb Total Space | 2.11 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/21 15:15:08 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/10/21 15:15:08 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/08 22:56:38 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/05 14:23:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tania\Downloads\OTL(2).exe
PRC - [2013/10/03 13:11:05 | 009,346,680 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
PRC - [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 09:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/21 15:15:09 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/08 22:56:38 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/03 13:11:05 | 009,346,680 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
MOD - [2013/10/01 11:22:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/18 11:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 11:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 11:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 11:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 11:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 11:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 11:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 11:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 11:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 11:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 11:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 11:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 11:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 11:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 11:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 11:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/21 15:15:08 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/08 22:56:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 11:22:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/21 15:15:11 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/10/21 15:15:11 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/10/21 15:15:11 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/21 15:15:11 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/21 15:15:11 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/21 15:15:11 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/21 15:15:11 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/21 15:15:11 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/30 03:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/10/24 19:31:18 | 003,802,112 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/09/18 04:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:23:06 | 000,025,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WFPFilter.sys -- (SCWFPFilter)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNOBEX.sys -- (PSMNOBEX)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNVSP.sys -- (PSMNVSP)
DRV:64bit: - [2011/10/07 02:35:30 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNMDM.sys -- (PSMNMDM)
DRV:64bit: - [2011/10/07 02:35:30 | 000,102,784 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNBUS.sys -- (PSMNBUS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/21 18:07:33 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 17:51:29 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2010/06/21 17:51:01 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 16:55:54 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpGmb001.sys -- (HpGmb001)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.protopage...om/siempresola"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/21 15:15:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/11 17:21:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/11 17:21:23 | 000,000,000 | ---D | M]

[2010/07/25 14:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Extensions
[2013/09/26 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\sa3frivy.default-1380226944373\extensions
[2013/10/16 12:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\v0hyiogd.default-1381944022020\extensions
[2013/09/26 16:50:30 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/09/26 16:44:58 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 11:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 11:22:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/10/15 16:23:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31A9FD8-AC1A-4B36-BDF2-638DA9579CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/21 15:42:13 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\AVAST Software
[2013/10/21 15:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/20 17:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/20 17:02:33 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\JavaRa
[2013/10/20 13:13:33 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Google Hangouts for iOS dials up free voice calls for US, Canada _ Mobile - CNET News_files
[2013/10/20 13:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/10/20 13:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013/10/19 14:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/10/18 21:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/16 12:20:28 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\Old Firefox Data
[2013/10/15 16:51:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/15 16:41:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/14 12:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/14 12:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/13 15:23:52 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\GEEKS
[2013/10/13 15:18:09 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\ATT
[2013/10/06 18:02:41 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/06 18:02:41 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/06 18:02:37 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/06 18:02:35 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/06 18:02:34 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/06 18:02:27 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/06 18:01:58 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/06 18:01:56 | 000,040,616 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2013/10/05 14:58:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/01 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\erunt
[2013/10/01 11:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/29 17:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/29 17:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/29 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/04/02 23:53:18 | 001,611,776 | ---- | C] (Alex Feinman) -- C:\Program Files\ISORecorder.dll
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/21 15:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/21 15:46:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 15:46:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 15:38:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/21 15:38:53 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/21 15:15:37 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/21 15:15:11 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/21 15:15:11 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/21 15:15:11 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/21 15:15:11 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/21 15:15:11 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/21 15:15:11 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/21 15:15:11 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/21 15:15:11 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/21 15:15:11 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/21 15:15:10 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/21 15:12:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/21 12:48:36 | 000,118,575 | ---- | M] () -- C:\Users\tania\Documents\TedBizCard.jpg
[2013/10/20 18:55:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortania.job
[2013/10/20 13:13:37 | 000,307,722 | ---- | M] () -- C:\Users\tania\Documents\Google Hangouts for iOS dials up free voice calls for US, Canada _ Mobile - CNET News.htm
[2013/10/20 13:09:32 | 000,002,074 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/10/20 13:09:32 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/10/20 12:52:13 | 000,002,075 | ---- | M] () -- C:\Users\tania\Desktop\avast! Free Antivirus.lnk
[2013/10/18 21:01:20 | 000,001,133 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/10/18 21:01:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/17 20:52:13 | 000,039,937 | ---- | M] () -- C:\Users\tania\Documents\ga.js
[2013/10/16 12:29:07 | 000,778,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/16 12:29:07 | 000,660,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/16 12:29:07 | 000,121,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/16 12:20:34 | 000,002,044 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/10/15 16:23:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/11 21:03:06 | 000,015,904 | ---- | M] () -- C:\Users\tania\Documents\AMTRAK.pdf
[2013/10/11 20:57:10 | 000,437,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/11 20:41:07 | 000,773,952 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/06 17:02:02 | 000,000,728 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/10/06 16:41:54 | 000,001,920 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2013/10/05 21:44:59 | 000,056,420 | ---- | M] () -- C:\Users\tania\Desktop\snp.PNG
[2013/10/01 10:19:27 | 421,693,688 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/29 17:54:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/29 14:12:23 | 000,001,130 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/21 15:15:37 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/21 12:48:36 | 000,118,575 | ---- | C] () -- C:\Users\tania\Documents\TedBizCard.jpg
[2013/10/20 13:13:33 | 000,307,722 | ---- | C] () -- C:\Users\tania\Documents\Google Hangouts for iOS dials up free voice calls for US, Canada _ Mobile - CNET News.htm
[2013/10/20 13:09:32 | 000,002,074 | ---- | C] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/10/20 13:09:32 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/10/20 13:09:31 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/10/18 21:18:00 | 000,002,075 | ---- | C] () -- C:\Users\tania\Desktop\avast! Free Antivirus.lnk
[2013/10/18 21:01:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/18 11:29:22 | 000,039,937 | ---- | C] () -- C:\Users\tania\Documents\ga.js
[2013/10/11 21:03:06 | 000,015,904 | ---- | C] () -- C:\Users\tania\Documents\AMTRAK.pdf
[2013/10/06 18:02:32 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/06 18:02:30 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/06 16:59:17 | 000,000,728 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/10/05 21:44:59 | 000,056,420 | ---- | C] () -- C:\Users\tania\Desktop\snp.PNG
[2013/09/29 17:54:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Home
[2013/08/10 12:27:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2013/08/10 12:27:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Horn Section
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Helper Scripts
[2013/08/10 12:21:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/08/10 12:21:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Icons
[2013/07/08 12:20:01 | 000,000,150 | ---- | C] () -- C:\Users\tania\AppData\Roaming\wklnhst.dat
[2013/07/01 07:54:50 | 000,007,604 | ---- | C] () -- C:\Users\tania\AppData\Local\Resmon.ResmonCfg
[2013/06/26 02:49:50 | 000,003,696 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/25 17:43:19 | 000,000,632 | RHS- | C] () -- C:\Users\tania\ntuser.pol
[2013/05/02 20:27:05 | 000,231,115 | ---- | C] () -- C:\Windows\hpwins23.dat
[2013/03/09 19:03:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/15 09:41:05 | 000,773,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/23 23:29:07 | 000,000,000 | ---- | C] () -- C:\Users\tania\AppData\Local\{97C5227C-4219-42D8-9662-028AA51A8853}
[2011/02/11 15:34:34 | 000,001,854 | ---- | C] () -- C:\Users\tania\AppData\Roaming\GhostObjGAFix.xml
[2010/11/17 23:25:57 | 000,004,096 | -H-- | C] () -- C:\Users\tania\AppData\Local\keyfile3.drm
[2009/03/13 00:16:34 | 000,008,926 | ---- | C] () -- C:\Program Files\Resource.h
[2009/01/24 18:59:36 | 000,038,400 | ---- | C] () -- C:\Program Files\ShellExec.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Allmyapps
[2012/03/05 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Audacity
[2013/10/21 15:42:13 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\AVAST Software
[2013/04/07 19:38:47 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/15 05:27:01 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Scanner Images
[2013/07/17 12:58:45 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Software
[2013/07/09 06:53:52 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Free PDF to Word Converter
[2013/08/20 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\GetRightToGo
[2012/11/12 03:20:39 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Leadertech
[2013/07/01 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\libimobiledevice
[2013/08/18 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\MyMorph
[2013/09/08 17:59:07 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Nikon
[2013/03/24 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\oCam
[2013/04/13 07:31:26 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Pantech
[2013/03/19 05:27:40 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PC Suite
[2013/10/17 19:32:23 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PCHC
[2012/03/05 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Product_RM
[2013/07/13 01:00:14 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TachoPlus-FreeDriver
[2013/07/13 01:10:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TeamViewer
[2013/07/08 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Template
[2013/05/11 12:54:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\WinBatch
[2013/06/11 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Windows Live Writer

< End of report >

I have been dying to know-was all this coz of a trojan, or what in the world happened that was so insidious? Was it all those downloaded live mail files I've been trying to get rid of (thanks to ex on my computer)??
  • 0

#69
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Can I delete AT&T "security" with Revo? And same for partial trial MS Office 2007 (I run 2003) which causes me problems sometimes trying to take over (never has before this year of problems)? And of course I will continue deleting "videossomente" live mail files from my ex. Oh yeah, and answer all my other questions, and fix my bookmarks and . . .and. . .I'm just kidding Nut (Not). I'm really not this type of retentive person, but my curiosity does make me go "WHY WHY WHY WHY"!! You have helped me so much. I will nominate you for Valedictorian. :wub:
  • 0

#70
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
:happy: I didn't need another OTL scan but thanks anyway. I genuinely wanted answers to my questions regarding this:

Why won't anything run w/out Java?
Why do I have drivers I never asked for?
Why is every image I ever saw saved (1500 of them)?



Or are you O.K with these?

The images you are clicking on are probably being downloaded so maybe watch the websites you view images on.

I will get back to you regarding AT+T and your Bookmarks. Are there any other problems?
  • 0

Advertisements


#71
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Texred, the infections on this machine were not particulary bad, more annoying for you. Your browsers were a bit off a mess causing redirects and probably a slow performance. It may have been an infected E-mail content that caused it but also the installation of free software can bundle a lot of rubbish on your system. I have some advice about this in my last post.


Onwards and Upwards We will deal with AT&T, Firefox Bookmarks\Plugins and a small fix to make sure all is clear. After performing these steps I would like to know if there are any other problems.


1. Firefox

Bookmarks

  • Click the Display Your Bookmarks button and select Show All Bookmarks


  • In the window that opens click the Import and Backup button and then select Restore. Click a date before the 5th of October.


  • All done now close the Window and back to the Firefox main page.

    Extensions and Plugins
  • Click the Firefox button and select Add-ons


  • Click and disable any RealPlayer or BrowserRecordPlugin entries.
  • Now click click the Always Activate button and select Never Activate

2. Uninstall AT&T Support Plus PC Maintenance Toolbox

Revo uninstaller can sometimes be a bit to agressive and I advise against this type of software. Use Control Panel uninstalls instead

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • AT&T Support Plus PC Maintenance Toolbox


3. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :OTL
    IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

    :FILES
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin

    :COMMANDS
    [CREATERESTOREPOINT]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

Things I want to see in your next post.

  • OTL fix.txt
  • Any other problems?

  • 0

#72
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
========== OTL ==========
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
File\Folder C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10232013_122657

Hi. I followed your instructions last time to restore bookmarks, and it didn't work. They were gone. This time, the oldest date is Oct 13, and there's nothing to restore except recent ones that aren't missing. Programs for which I need Java: can't say offhand, but it seems everything asks me for it. No biggie. Drivers: Sierra Wireless, Broadband.com, some others maybe. Images: from everywhere, including Google. Dumb stuff-recipes, forums, blogs, images I never say (could be from "saving" w/out finishing reading). I only frequent mainstream sites, almost ALWAYS. I pay attention to WOT, and check out places before I go there if they seem questionable. Java is updated and disabled. Browsers and speed are better. Sorry about the log-didn't think it would be that long-wanted to show you changes after reboot. Deleted that ATT program, but should I also delete ATT Communications Manager (separate program)? The only extension showing is Avast!. Plugins: settings do not have the options you listed, just update choices, basically. That's it for now. In general, everything is working better, and faster, which makes it to be the slowest new computer I have ever seen (straight out of the box it was a turtle). Thanks-
  • 0

#73
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Texred. :)

O.K let's have one more try with the bookmarks they may be in another default folder. If not I fear these may be lost. I have never known Bookmarks to be deleted with the tools we use.

Sierra Wireless This should be removed along with AT&T :)

Broadband.com This is for your network card.

1. Uninstall AT&T Communication Manager

Revo uninstaller can sometimes be a bit to agressive and I advise against this type of software. Use Control Panel uninstalls instead

  • Open Firefox and click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • AT&T Communication Manager


2. Firefox

Bookmarks

  • Click the Display Your Bookmarks button and select Show All Bookmarks
  • In the window that opens click the Import and Backup button and then select Restore.
  • This time instead of a date select Choose file
  • In the window that opens double click the Old Firefox Data folder.
  • You will see .default folders Check all folders. Double click to open the folder then double click Bookmarkbackups folder and check for older dates there.
  • Double click to restore bookmarks and click O.K at the prompt.

Downloads

  • Click the Firefox button and hover the mouse over Options then click on Options in the sub-menu.


  • In the General Tab and under Downloads ensure Always ask me where to save files and click O.K


  • All done! If anything downloads you will now be prompted and given the chance to cancel.



3. OTL Fix

If the fix freezes then right click the Taskbar and select Start Task Manager under the Applications Tab select OTL then click End Task.

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :OTL
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


I only need to see the OTL fix txt and let me know if everything is O.K.
  • 0

#74
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10232013_181103

Broadband is not my network. Unfortunately, it is still ATT, and I've NEVER had Broadband.com. ATT Comm Mgr gone (I hope). Bookmarks: only one folder. Oldest date in there is 10/6/13, which, of course, is no help. This is very bad for start-up business. I am ready to cry. Downloads: My browser has never looked like your examples, so I have had to re-interpret. "Always ask me where to save files" is checked in there somewhere. OTL did not freeze. Everything but me is A-ok.

Meant to say under old FF only one folder; oldest date 10/06/13

Edited by texred, 24 October 2013 - 09:37 AM.

  • 0

#75
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Texred :)

O.K I want to make sure the Bookmarks have actually disappeared. I will post 2 methods to achieve the same thing. I need to know if they are just not being displayed for you. If not I have one method that may work, but you might not like it.


Firefox

Bookmarks

  • Click the Display Your Bookmarks button and select Show All Bookmarks
  • In the window that opens in the left hand pane click the Bookmarks Toolbar are they listed here if so proceed below.



  • Look at the images below:




  • Either click the Orange Firefox button navigate to Options and see if Bookmarks Toolbar is selected.
  • Or click View - Toolbars and see if Bookmarks Toolbar is selected.
  • Any Bookmarks?
  • If no luck there. Could they be in another User account on your machine? Check the other User Accounts on the machine. Have you deleted any User accounts?


If all else fails then there is another method but it would mean starting over. We could use System Restore to restore the machine before we started. The malware will return but will be a lot quicker getting rid of it as we know what we are up against.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP